[windows] split docker install into 3 scripts (#8688)

* [windows] split docker install into 3 scripts the idea is to end with 1 script per 1 component for better observability * Update images/win/scripts/Installers/Install-Docker-Compose.ps1 Co-authored-by: Erik Bershel <110455084+erik-bershel@users.noreply.github.com> * Update images/win/scripts/Installers/Install-Docker-WinCred.ps1 Co-authored-by: Vasilii Polikarpov <126792224+vpolikarpov-akvelon@users.noreply.github.com> * fix test --------- Co-authored-by: Erik Bershel <110455084+erik-bershel@users.noreply.github.com> Co-authored-by: Vasilii Polikarpov <126792224+vpolikarpov-akvelon@users.noreply.github.com>
actions · Nov 6, 2023 · 030fc05 · 030fc05
1 parent 98c6d29
commit 030fc05
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 54 deletions.
diff --git a/images/win/scripts/Installers/Install-Docker-Compose.ps1 b/images/win/scripts/Installers/Install-Docker-Compose.ps1
@@ -0,0 +1,17 @@
+################################################################################
+##  File:  Install-Docker-Compose.ps1
+##  Desc:  Install Docker Compose.
+##  Supply chain security: Docker Compose v1 - by package manager
+################################################################################
+
+Write-Host "Install-Package Docker-Compose v1"
+$versionToInstall = Get-LatestChocoPackageVersion -TargetVersion "1.29" -PackageName "docker-compose"
+Choco-Install -PackageName docker-compose -ArgumentList "--version=$versionToInstall"
+
+Write-Host "Install-Package Docker-Compose v2"
+$dockerComposev2Url = "https://github.com/docker/compose/releases/latest/download/docker-compose-windows-x86_64.exe"
+$cliPluginsDir = "C:\ProgramData\docker\cli-plugins"
+New-Item -Path $cliPluginsDir -ItemType Directory
+Start-DownloadWithRetry -Url $dockerComposev2Url -Name docker-compose.exe -DownloadPath $cliPluginsDir
+
+Invoke-PesterTests -TestFile "Docker" -TestName "DockerCompose"
diff --git a/images/win/scripts/Installers/Install-Docker-WinCred.ps1 b/images/win/scripts/Installers/Install-Docker-WinCred.ps1
@@ -0,0 +1,35 @@
+################################################################################
+##  File:  Install-Docker-WinCred.ps1
+##  Desc:  Install Docker credential helper.
+##  Supply chain security: checksum validation
+################################################################################
+
+#region functions
+function Get-DockerWincredHash {
+    Param (
+        [Parameter(Mandatory = $True)]
+        [string] $Release
+    )
+
+    $hashURL = "https://github.com/docker/docker-credential-helpers/releases/download/${Release}/checksums.txt"
+    (Invoke-RestMethod -Uri $hashURL).ToString().Split("`n").Where({ $_ -ilike "*docker-credential-wincred-${Release}.windows-amd64.exe*" }).Split(' ')[0]
+}
+#endregion
+
+Write-Host "Install docker-wincred"
+$dockerCredLatestRelease = Invoke-RestMethod -Uri "https://api.github.com/repos/docker/docker-credential-helpers/releases/latest"
+$dockerCredDownloadUrl = $dockerCredLatestRelease.assets.browser_download_url -match "docker-credential-wincred-.+\.exe" | Select-Object -First 1
+Start-DownloadWithRetry -Url $dockerCredDownloadUrl -DownloadPath "C:\Windows\System32" -Name "docker-credential-wincred.exe"
+
+#region Supply chain security
+$distributor_file_hash = Get-DockerWincredHash -Release $dockerCredLatestRelease.name
+$local_file_hash = (Get-FileHash -Path 'C:\Windows\System32\docker-credential-wincred.exe' -Algorithm SHA256).Hash
+
+if ($local_file_hash -ne $distributor_file_hash) {
+    Write-Host "hash must be equal to: ${distributor_file_hash}"
+    Write-Host "actual hash is: ${local_file_hash}"
+    throw 'Checksum verification failed, please rerun install'
+}
+#endregion
+
+Invoke-PesterTests -TestFile "Docker" -TestName "DockerWinCred"
diff --git a/images/win/scripts/Installers/Install-Docker.ps1 b/images/win/scripts/Installers/Install-Docker.ps1
@@ -3,23 +3,8 @@
 ##  Desc:  Install Docker.
 ##         Must be an independent step because it requires a restart before we
 ##         can continue.
-##  Supply chain security: (docker-wincred) checksum validation
 ################################################################################
 
-#region functions
-Function Get-DockerWincredHash
-{
- Param (
-    [Parameter(Mandatory = $True)]
-    [string] $Release
-)
-
- $hashURL = "https://github.com/docker/docker-credential-helpers/releases/download/${Release}/checksums.txt "
- (Invoke-RestMethod -Uri $hashURL).ToString().Split("`n").Where({ $_ -ilike "*docker-credential-wincred-${Release}.windows-amd64.exe*" }).Split(' ')[0]
-
-}
-#endregion
-
 Write-Host "Get latest Moby release"
 $mobyLatestReleaseVersion = (Invoke-RestMethod -Uri "https://api.github.com/repos/moby/moby/releases/latest").tag_name.Trim("v")
 $dockerceUrl = "https://download.docker.com/win/static/stable/x86_64/"
@@ -55,32 +40,6 @@ if ($LastExitCode -ne 0) {
 # https://github.com/Azure/azure-cli/issues/18766
 New-Item -ItemType SymbolicLink -Path "C:\Windows\SysWOW64\docker.exe" -Target "C:\Windows\System32\docker.exe"
 
-Write-Host "Install-Package Docker-Compose v1"
-$versionToInstall = Get-LatestChocoPackageVersion -TargetVersion "1.29" -PackageName "docker-compose"
-Choco-Install -PackageName docker-compose -ArgumentList "--version=$versionToInstall"
-
-Write-Host "Install-Package Docker-Compose v2"
-$dockerComposev2Url = "https://github.com/docker/compose/releases/latest/download/docker-compose-windows-x86_64.exe"
-$cliPluginsDir = "C:\ProgramData\docker\cli-plugins"
-New-Item -Path $cliPluginsDir -ItemType Directory
-Start-DownloadWithRetry -Url $dockerComposev2Url -Name docker-compose.exe -DownloadPath $cliPluginsDir
-
-Write-Host "Install docker-wincred"
-$dockerCredLatestRelease = Invoke-RestMethod -Uri "https://api.github.com/repos/docker/docker-credential-helpers/releases/latest"
-$dockerCredDownloadUrl = $dockerCredLatestRelease.assets.browser_download_url -match "docker-credential-wincred-.+\.exe" | Select-Object -First 1
-Start-DownloadWithRetry -Url $dockerCredDownloadUrl -DownloadPath "C:\Windows\System32" -Name "docker-credential-wincred.exe"
-
-#region Supply chain security
-$distributor_file_hash = Get-DockerWincredHash -Release $dockerCredLatestRelease.name
-$local_file_hash = (Get-FileHash -Path 'C:\Windows\System32\docker-credential-wincred.exe' -Algorithm SHA256).Hash
-
-if ($local_file_hash -ne $distributor_file_hash) {
-    Write-Host "hash must be equal to: ${distributor_file_hash}"
-    Write-Host "actual hash is: ${local_file_hash}"
-    throw 'Checksum verification failed, please rerun install'
-}
-#endregion
-
 Write-Host "Download docker images"
 $dockerImages = (Get-ToolsetContent).docker.images
 foreach ($dockerImage in $dockerImages) {
@@ -93,4 +52,5 @@ foreach ($dockerImage in $dockerImages) {
     }
 }
 
-Invoke-PesterTests -TestFile "Docker"
+Invoke-PesterTests -TestFile "Docker" -TestName "Docker"
+Invoke-PesterTests -TestFile "Docker" -TestName "DockerImages"
diff --git a/images/win/scripts/Tests/Docker.Tests.ps1 b/images/win/scripts/Tests/Docker.Tests.ps1
@@ -1,25 +1,31 @@
 Describe "Docker" {
-    It "<ToolName>" -TestCases @(
-        @{ ToolName = "docker" }
-        @{ ToolName = "docker-compose" }
-    ) {
-        "$ToolName --version" | Should -ReturnZeroExitCode
+    It "docker is installed" {
+        "docker --version" | Should -ReturnZeroExitCode
     }
 
-    It "docker-wincred" {
-        "docker-credential-wincred version" | Should -ReturnZeroExitCode
+    It "docker service is up" {
+        "docker images" | Should -ReturnZeroExitCode
+    }
+
+    It "docker symlink" {
+        "C:\Windows\SysWOW64\docker.exe ps" | Should -ReturnZeroExitCode
+    }
+}
+
+Describe "DockerCompose" {
+    It "docker-compose is installed" {
+        "docker-compose --version" | Should -ReturnZeroExitCode
     }
 
     It "docker compose v2" {
         "docker compose version" | Should -ReturnZeroExitCode
     }
 
-    It "docker service is up" {
-        "docker images" | Should -ReturnZeroExitCode
-    }
+}
 
-    It "docker symlink" {
-        "C:\Windows\SysWOW64\docker.exe ps" | Should -ReturnZeroExitCode
+Describe "DockerWinCred" {
+    It "docker-wincred" {
+        "docker-credential-wincred version" | Should -ReturnZeroExitCode
     }
 }
 

diff --git a/images/win/windows2019.json b/images/win/windows2019.json
@@ -170,6 +170,8 @@
             "scripts": [
                 "{{ template_dir }}/scripts/Installers/Install-VCRedist.ps1",
                 "{{ template_dir }}/scripts/Installers/Install-Docker.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Docker-WinCred.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Docker-Compose.ps1",
                 "{{ template_dir }}/scripts/Installers/Install-PowershellCore.ps1",
                 "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1"
             ]

diff --git a/images/win/windows2022.json b/images/win/windows2022.json
@@ -155,6 +155,8 @@
             "type": "powershell",
             "scripts": [
                 "{{ template_dir }}/scripts/Installers/Install-Docker.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Docker-WinCred.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Docker-Compose.ps1",
                 "{{ template_dir }}/scripts/Installers/Install-PowershellCore.ps1",
                 "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1"
             ]