Skip to content

[WIP] Draft proposal for new image tomls #16184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
realsdx wants to merge 4 commits into
base: tomls/base/main
Choose a base branch
from
Draft

[WIP] Draft proposal for new image tomls #16184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fb8552f
[WIP] Draft proposal for new image tomls
realsdx Mar 13, 2026
4df7dfd
wip: remove incompatible name parameter
realsdx Mar 13, 2026
f793b7e
wip: add example test cases tomls
realsdx Mar 18, 2026
a19aac3
add: components to vm tests mapping and update schema references
realsdx Apr 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions base/comps/components-vm-tests.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[components.moby-engine.vm-tests]
test_lables = ["container"]
testcase_names = [
"verify_docker_compose_wordpress_app",
"verify_docker_dotnet31_app",
"verify_docker_dotnet50_app",
"verify_docker_java_app",
"verify_docker_python_app",
"verify_docker_seccomp_profile"
]

[components.containerd.vm-tests]
test_lables = ["container"]
Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For package-to-test mapping, we will prefer a label-based approach, similar to package publish labels.
Each package will be tagged with at least one label, with the option to also pin specific individual test cases.
Labels will be resolved on TEE's end, where the label-to-tests (group of tests) mapping will be defined.

As TEE is the sole owner of all test-related data and with all the context, If CT sends a test label that TEE cannot run on the specified image, it will return an error. In future, we can extend TEE to suggest the most suitable image/test-suite for the given tests, allowing CT/VS to select the appropriate one.

2 changes: 1 addition & 1 deletion base/comps/components.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
includes = ["**/*.comp.toml", "components-full.toml", "component-check-disablement.toml"]
includes = ["**/*.comp.toml", "components-full.toml", "component-check-disablement.toml", "components-vm-tests.toml"]

#
# Components imported from Fedora with no per-component modifications.
Expand Down
12 changes: 12 additions & 0 deletions base/images/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<!-- FOR DRAFT REFERENCE ONLY -->

# Images

`images.toml` is the registry entry point for image manifests and should stay thin.
Each image directory owns its own `*.image.toml` manifest alongside the build definition (for example, a `.kiwi` file).

These per-image manifests now carry both azldev build registration and image metadata consumed by downstream tooling such as TEE.
The schema in `external/schemas/azldev.schema.json` has been extended accordingly, but azldev runtime support still needs to be implemented in the tool codebase.

# Notes
- 'distro` is a required field in the image manifest, but it is not used by azldev at this time. It is intended for use by downstream tooling such as TEE to categorize images by their base distribution.
4 changes: 4 additions & 0 deletions base/images/container-base/container-base.image.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[images.container-base]
description = "Container Base Image"
distro = "azurelinux"
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is distro identified here?

Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we needed the distro metadata cause in future we want to support other distros like flatcar. If this is not good place we can remove, currently not used.

definition = { type = "kiwi", path = "container-base.kiwi" }
17 changes: 1 addition & 16 deletions base/images/images.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1 @@
[images.vm-base]
description = "VM Base Image"
definition = { type = "kiwi", path = "vm-base/vm-base.kiwi" }

[images.container-base]
description = "Container Base Image"
definition = { type = "kiwi", path = "container-base/container-base.kiwi" }

# NOTE:
# sudo dnf install -y kiwi-cli
# sudo kiwi --loglevel 10 \
# --kiwi-file container-base.kiwi \
# system build \
# --description ./container-base \
# --target-dir <output_dir> \
# --add-repo='file:///home/username/some/dir/with/private/rpms,rpm-md,azl,1
includes = ["**/*.image.toml"]
29 changes: 29 additions & 0 deletions base/images/vm-base/vm-base.image.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[images.vm-base]
description = "VM Base Image"
distro = "azurelinux"
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto regarding distro as well.

definition = { type = "kiwi", path = "vm-base.kiwi" }

[images.vm-base.delivery.marketplace]
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See below; for any publishing targets that need to be branch-differentiated/specific, the metadata needs to be split: some branch-specific distro metadata around publishing targets, and some per-artifact identification of which artifacts should be published.

publisher = "MicrosoftCBLMariner"
offer = "azure-linux-4"
sku_prefix = "azure-linux-4"
version = "*"

[images.vm-base.delivery.vhd]
vhd_path = "*"
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the * for? What does this mean?

Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Mar 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

* means value is not hardcoded will be determined at runtime, as this will be a blob url with sas token.


[images.vm-base.delivery.shared_gallery]
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've also been working on drafting what publishing info looks like. Since these are going to need to look different across branches of the product, we're going to need to place that in the distro TOMLs.

Consider something like this:

[distros.azurelinux.versions.azl4-dev-stage1.outputs]
source-lookaside-caches = ["azl4-dev-lookaside-cache"]
package-repos = ["azl4-alpha1-rpms-base"]
image-stores = ["azl4-alpha1-acr", "azl4-alpha1-acg"]

[[resources.alpha1-acg]]
publish-labels = ["base-vm"]
interface-type = "azure-compute-gallery"
backend = "azure-compute-gallery"
resource-urn = "/subscriptions/e4ab81f8-030f-4593-a8f2-3ea2c7630a19/resourceGroups/azl-preview-publishing/providers/Microsoft.Compute/galleries/azlpubStagingGalleryoxz2o4gw"
images = [
    { name = "AzureLinuxAlpha1-x64", arch = "x86_64" },
    { name = "AzureLinuxAlpha1-arm64", arch = "aarch64" }
]

The image itself just needs to indicate that it should be published to any targets with the base-vm label.

What do you think?

Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, a separate toml with all publishing info? what are image stores? what is backend here?

Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking from a perspective of test/image owners, having the image definition and its related delivery/publishing methods at the same place would help with code/config locality IMO, what do you think?

subscription_id = "*"
resource_group_name = "*"
image_gallery = "*"
image_definition = "*"
image_version = "*"

[images.vm-base.variants]
architectures = [
"amd64",
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor note: we should use x86_64 and aarch64 as the standard arch names.

"arm64",
]
hyperv_generations = [
Copy link
Copy Markdown
Member

@reubeno reubeno Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd expect gen1 and gen2 to be different kiwi image profiles. How would you anticipate this metadata be used? What's the reasons for/against the gen1 vs. gen2 images just being modeled as different images?

Copy link
Copy Markdown
Contributor Author

@realsdx realsdx Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If gen1/gen2 have different kiwi files, we need create different tomls for them in this model with only one gen hardcoded in it

"gen2",
]
83 changes: 71 additions & 12 deletions external/schemas/azldev.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/gim-home/azldev-preview/internal/projectconfig/config-file",
"$id": "https://github.com/microsoft/azure-linux-dev-tools/internal/projectconfig/config-file",
"$ref": "#/$defs/ConfigFile",
"$defs": {
"CheckConfig": {
Expand Down Expand Up @@ -57,6 +57,43 @@
"$ref": "#/$defs/CheckConfig",
"title": "Check configuration",
"description": "Configuration for the %check section"
},
"failure": {
"$ref": "#/$defs/ComponentBuildFailureConfig",
"title": "Build failure configuration",
"description": "Configuration and policy regarding build failures for this component."
},
"hints": {
"$ref": "#/$defs/ComponentBuildHints",
"title": "Build hints",
"description": "Non-essential hints for how or when to build the component."
}
},
"additionalProperties": false,
"type": "object"
},
"ComponentBuildFailureConfig": {
"properties": {
"expected": {
"type": "boolean",
"title": "Expected failure",
"description": "Indicates that this component is expected to fail building."
},
"expected-reason": {
"type": "string",
"title": "Expected failure reason",
"description": "Required justification for why this component is expected to fail building."
}
},
"additionalProperties": false,
"type": "object"
},
"ComponentBuildHints": {
"properties": {
"expensive": {
"type": "boolean",
"title": "Expensive to build",
"description": "Indicates that building this component is expensive and should be carefully considered when scheduling."
}
},
"additionalProperties": false,
Expand All @@ -82,6 +119,11 @@
"title": "Build configuration",
"description": "Configuration for building the component"
},
"vm-tests": {
"$ref": "#/$defs/ComponentVMTestsConfig",
"title": "VM tests",
"description": "VM test metadata associated with this component"
},
"source-files": {
"items": {
"$ref": "#/$defs/SourceFileReference"
Expand Down Expand Up @@ -224,6 +266,28 @@
"type"
]
},
"ComponentVMTestsConfig": {
"properties": {
"test_lables": {
"items": {
"type": "string"
},
"type": "array",
"title": "Test labels",
"description": "List of VM test labels associated with this component"
},
"testcase_names": {
"items": {
"type": "string"
},
"type": "array",
"title": "Test case names",
"description": "List of VM test case names associated with this component"
}
},
"additionalProperties": false,
"type": "object"
},
"ConfigFile": {
"properties": {
"$schema": {
Expand Down Expand Up @@ -315,6 +379,11 @@
"title": "Package Repositories",
"description": "List of package repository definitions"
},
"disable-origins": {
"type": "boolean",
"title": "Disable origins",
"description": "When true only allow source files from the lookaside cache and do not fall back to configured origins"
},
"versions": {
"additionalProperties": {
"$ref": "#/$defs/DistroVersionDefinition"
Expand Down Expand Up @@ -485,15 +554,6 @@
},
"ProjectInfo": {
"properties": {
"type": {
"type": "string",
"enum": [
"classic-toolkit",
""
],
"title": "Project Type",
"description": "Type of the project"
},
"description": {
"type": "string",
"title": "Description",
Expand Down Expand Up @@ -550,8 +610,7 @@
"additionalProperties": false,
"type": "object",
"required": [
"filename",
"origin"
"filename"
]
},
"SpecSource": {
Expand Down
Loading