From cbc79f8a0ce6d868f36f40ca2e83d551f01da225 Mon Sep 17 00:00:00 2001 From: Erik Bershel <110455084+erik-bershel@users.noreply.github.com> Date: Tue, 23 Jan 2024 14:44:07 +0100 Subject: [PATCH] [Ubuntu] Pin Docker 24.0.7 to avoid bugs (#9205) * [Ubuntu] Pin Docker 24.0.7 to avoid bugs * Fix character escaping for jq * Fix order of install --- images/ubuntu/scripts/build/install-docker.sh | 21 +++++++++++++++---- images/ubuntu/toolsets/toolset-2004.json | 9 +++++++- images/ubuntu/toolsets/toolset-2204.json | 9 +++++++- 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/images/ubuntu/scripts/build/install-docker.sh b/images/ubuntu/scripts/build/install-docker.sh index e5b52b05b736..73ed38e57b81 100644 --- a/images/ubuntu/scripts/build/install-docker.sh +++ b/images/ubuntu/scripts/build/install-docker.sh @@ -11,18 +11,31 @@ source $HELPER_SCRIPTS/install.sh REPO_URL="https://download.docker.com/linux/ubuntu" GPG_KEY="/usr/share/keyrings/docker.gpg" REPO_PATH="/etc/apt/sources.list.d/docker.list" +os_codename=$(lsb_release -cs) curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $GPG_KEY -echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL $(lsb_release -cs) stable" > $REPO_PATH +echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL ${os_codename} stable" > $REPO_PATH apt-get update -apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin + +for pkg in containerd.io docker-ce-cli docker-ce docker-buildx-plugin; do + version=$(get_toolset_value ".docker.components.\"$pkg\"") + if [[ $version == "latest" ]]; then + components_to_install+="${pkg} " + else + version_string=$(apt-cache madison "${pkg}" | awk '{ print $3 }' | grep "${version}" | grep "${os_codename}" | head -1) + components_to_install+="${pkg}=${version_string} " + fi +done +apt-get install -y --no-install-recommends $components_to_install + # Download docker compose v2 from releases # Temporaty pinned to v2.23.3 due https://github.com/actions/runner-images/issues/9172 -URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "2.23.3") +compose_version=$(get_toolset_value ".docker.components.compose") +URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "${compose_version}") compose_binary_path=$(download_with_retry "${URL}" "/tmp/docker-compose-v2") # Supply chain security - Docker Compose v2 -compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "2.23.3") +compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "${compose_version}") compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256") use_checksum_comparison "${compose_binary_path}" "${compose_external_hash}" diff --git a/images/ubuntu/toolsets/toolset-2004.json b/images/ubuntu/toolsets/toolset-2004.json index 5c75bb7458ac..30971711f2f0 100644 --- a/images/ubuntu/toolsets/toolset-2004.json +++ b/images/ubuntu/toolsets/toolset-2004.json @@ -236,7 +236,14 @@ "node:18-alpine", "node:20-alpine", "ubuntu:20.04" - ] + ], + "components": { + "docker-ce": "24.0.7", + "docker-ce-cli": "24.0.7", + "containerd.io": "latest", + "docker-buildx-plugin": "latest", + "compose": "2.23.3" + } }, "pipx": [ { diff --git a/images/ubuntu/toolsets/toolset-2204.json b/images/ubuntu/toolsets/toolset-2204.json index e881226c3e07..2dc4bc9aaca6 100644 --- a/images/ubuntu/toolsets/toolset-2204.json +++ b/images/ubuntu/toolsets/toolset-2204.json @@ -227,7 +227,14 @@ "node:20-alpine", "ubuntu:20.04", "ubuntu:22.04" - ] + ], + "components": { + "docker-ce": "24.0.7", + "docker-ce-cli": "24.0.7", + "containerd.io": "latest", + "docker-buildx-plugin": "latest", + "compose": "2.23.3" + } }, "pipx": [ {