Merge branch 'develop'

clemlesne · Dec 20, 2023 · 0626b4d · 0626b4d
2 parents 3a63748 + f600530
commit 0626b4d
Show file tree

Hide file tree

Showing 8 changed files with 110 additions and 40 deletions.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -21,43 +21,43 @@ env:
   CONTAINER_REGISTRY_GHCR: ghcr.io
   CONTAINER_REGISTRY_DOCKER_HUB: docker.io
   # https://github.com/sigstore/cosign/releases
-  COSIGN_VERSION: 2.2.1
+  COSIGN_VERSION: 2.2.2
   # https://npmjs.com/package/@microsoft/sarif-multitool?activeTab=versions
-  SARIF_MULTITOOL_VERSION: 4.3.7
+  SARIF_MULTITOOL_VERSION: 4.4.0
   # https://npmjs.com/package/snyk?activeTab=versions
-  SNYK_VERSION: 1.1248.0
+  SNYK_VERSION: 1.1266.0
   # https://github.com/microsoft/azure-pipelines-agent/releases
   AZP_AGENT_VERSION: 3.230.0
   # https://github.com/PowerShell/PowerShell/releases
   POWERSHELL_VERSION: 7.2.17
   # https://github.com/krallin/tini/releases
   TINI_VERSION: 0.19.0
   # https://github.com/mikefarah/yq/releases
-  YQ_VERSION: 4.35.2
+  YQ_VERSION: 4.40.5
   # https://go.dev/dl
-  GO_VERSION: 1.21.4
+  GO_VERSION: 1.21.5
   # https://github.com/rootless-containers/rootlesskit/releases
   ROOTLESSKIT_VERSION: 1.1.1
   # https://github.com/moby/buildkit/releases
-  BUILDKIT_VERSION: 0.12.3
+  BUILDKIT_VERSION: 0.12.4
   # https://github.com/Azure/azure-cli/releases
-  AZURE_CLI_VERSION: 2.54.0
+  AZURE_CLI_VERSION: 2.55.0
   # https://github.com/stedolan/jq/releases
   JQ_VERSION: 1.6
   # https://github.com/aws/aws-cli/tags
-  AWS_CLI_VERSION: 2.13.36
+  AWS_CLI_VERSION: 2.15.0
   # https://cloud.google.com/sdk/docs/install
-  GCLOUD_CLI_VERSION: 455.0.0
+  GCLOUD_CLI_VERSION: 458.0.0
   # https://github.com/git-for-windows/git/releases
-  GIT_WIN_VERSION: 2.42.0
+  GIT_WIN_VERSION: 2.43.0
   # https://github.com/facebook/zstd/releases
   ZSTD_WIN_VERSION: 1.5.5
   # https://www.python.org/downloads/windows
-  PYTHON_WIN_VERSION: 3.11.6
+  PYTHON_WIN_VERSION: 3.11.7
   # https://nodejs.org/en/download/releases
-  NODE_VERSION: 18.18.2
+  NODE_VERSION: 20.10.0
   # https://github.com/helm/helm/releases
-  HELM_VERSION: 3.13.2
+  HELM_VERSION: 3.13.3
   # https://github.com/oras-project/oras/releases
   ORAS_VERSION: 1.1.0
   # https://github.com/docker/buildx/releases
@@ -67,7 +67,7 @@ env:
   # https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022
   VS_BUILDTOOLS_WIN_VERSION: 17
   # https://github.com/gohugoio/hugo/releases
-  HUGO_VERSION: 0.120.4
+  HUGO_VERSION: 0.121.1
 
 jobs:
   init:
@@ -111,7 +111,7 @@ jobs:
           submodules: recursive
 
       - name: SAST - Credentials
-        uses: trufflesecurity/[email protected].1
+        uses: trufflesecurity/[email protected].5
         with:
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
@@ -209,7 +209,7 @@ jobs:
             snyk.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.22.8
+        uses: github/codeql-action/upload-sarif@v3.22.11
         with:
           sarif_file: merged.sarif
 
@@ -349,7 +349,7 @@ jobs:
 
       - name: Container meta
         id: meta
-        uses: docker/metadata-action@v5.0.0
+        uses: docker/metadata-action@v5.4.0
         with:
           images: |
             ${{ env.CONTAINER_REGISTRY_GHCR }}/${{ env.CONTAINER_NAME }}
@@ -449,7 +449,7 @@ jobs:
             *.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.22.8
+        uses: github/codeql-action/upload-sarif@v3.22.11
         with:
           sarif_file: merged.sarif
 
@@ -509,7 +509,7 @@ jobs:
 
       - name: Container meta
         id: meta
-        uses: docker/metadata-action@v5.0.0
+        uses: docker/metadata-action@v5.4.0
         with:
           images: |
             ${{ env.CONTAINER_REGISTRY_GHCR }}/${{ env.CONTAINER_NAME }}
@@ -634,7 +634,7 @@ jobs:
             ${{ steps.tag.outputs.tag }}
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.22.8
+        uses: github/codeql-action/upload-sarif@v3.22.11
         with:
           sarif_file: snyk.sarif
 
@@ -655,7 +655,7 @@ jobs:
         run: semgrep ci --sarif --output=semgrep.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.22.8
+        uses: github/codeql-action/upload-sarif@v3.22.11
         with:
           sarif_file: semgrep.sarif
 
@@ -744,7 +744,7 @@ jobs:
 
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@v3.0.6
+        uses: actions/configure-pages@v4.0.0
 
       - name: Build with Hugo
         working-directory: docs

diff --git a/docs/content/docs/advanced-topics/_index.md b/docs/content/docs/advanced-topics/_index.md
@@ -9,6 +9,7 @@ Explore the following sections to learn how to use Azure Pipelines Agent:
 
 {{< cards >}}
 {{< card link="build-aspnet" title="Build ASP.NET applications" icon="code" >}}
+{{< card link="build-java" title="Build Java applications" icon="code" >}}
 {{< card link="ca-certificate" title="Custom root certificate" icon="lock-closed" >}}
 {{< card link="capabilities" title="Capabilities" icon="star" >}}
 {{< card link="docker-in-docker" title="Build container images" icon="archive" >}}

diff --git a/docs/content/docs/advanced-topics/build-java.md b/docs/content/docs/advanced-topics/build-java.md
@@ -0,0 +1,45 @@
+---
+title: Build Java applications
+---
+
+Java (JDK and JVM) is not pre-installed into the agents. Specify the specific version you requires for your build. Install the framework with [JavaToolInstaller@0](https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/java-tool-installer-v0?view=azure-pipelines), it configures both `PATH` and `JAVA_HOME` environements variables. The JDK file requires to be placed either in Azure Storage or in a local directory:
+
+- Azure Storage (recommended for its audit, replication, and management by API capabilities), downlaod the binary from a central Azure Storage
+- Local directory, in the context of a Kubernetes Pod, this directory could be a read-only shared volume mounted in the Pod
+
+First, create an Azure Storage account and a container named `java-temurin`. Then, upload the JDK file to the container. JDK can be downloaded, as example:
+
+- [from Eclipse Temurin](https://adoptium.net/temurin/releases/?package=jdk&os=linux)
+- [from Microsoft Build of OpenJDK](https://learn.microsoft.com/en-us/java/openjdk/download) (recommended for its support), based on Eclipse Temurin, but with backported fixes and enhancements not yet been formally backported upstream
+
+Example of an example Azure Storage account named `azure-pipelines-bins` and a container `java-temurin`, with Eclipse Temurin JDK 17 and 21:
+
+```txt
+# Azure Storage
+/java-temurin (container)
+  /jdk
+    /21
+      OpenJDK21U-jdk_aarch64_linux_hotspot_21.0.1_12.tar
+      OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar
+    /17
+      OpenJDK17U-jdk_x64_linux_hotspot_17.0.9_9.tar
+      [...]
+```
+
+Example of the Azure Pipelines YAML file:
+
+```yaml
+# azure-pipelines.yaml
+steps:
+  - task: JavaToolInstaller@0
+    inputs:
+      azureCommonVirtualFile: jdk/21/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar
+      azureContainerName: java-temurin
+      azureResourceGroupName: AZURE_RESOURCE_GROUP_NAME
+      azureResourceManagerEndpoint: AZURE_RESOURCE_MANAGER_SERVICE_CONNECTION_NAME
+      azureStorageAccountName: azure-pipelines-bins
+      jdkArchitectureOption: x64
+      jdkDestinationDirectory: $(agent.toolsDirectory)/jdk/21
+      jdkSourceOption: AzureStorage
+      versionSpec: 21
+```