feat: add scripts for building, publishing images and deploying azure VM (#15953)

This PR includes a couple of dev scripts. One can change the variable names in common.sh and use build-vm-images.sh to build VM images locally and publish the image to SIG via publish-sig-image.sh and deploy an Azure VM with deploy-azure-vm.sh for testing purposes.

Author: liunan-ms

scripts/azure-gallery-image-base.bicep

@@ -0,0 +1,42 @@
+param galleryName string
+param imageDefinitionName string
+param versionName string
+param location string = resourceGroup().location
+param regions array = [resourceGroup().location]
+param sourceStorageAccountId string
+param sourceVhdUri string
+param defaultReplicaCount int = 1
+param excludedFromLatest bool = false
+param allowDeletionOfReplicatedLocations bool = false
+param replicationMode string = 'Shallow'
+resource imageVersion 'Microsoft.Compute/galleries/images/versions@2024-03-03' = {
+  name: '${galleryName}/${imageDefinitionName}/${versionName}'
+  location: location
+  properties: {
+    publishingProfile: {
+      replicaCount: defaultReplicaCount
+      targetRegions: [
+        for region in regions: {
+          name: region
+          regionalReplicaCount: defaultReplicaCount
+          storageAccountType: 'Standard_LRS'
+        }
+      ]
+      excludeFromLatest: excludedFromLatest
+      replicationMode: replicationMode
+    }
+    storageProfile: {
+      osDiskImage: {
+        hostCaching: 'ReadWrite'
+        source: {
+          storageAccountId: sourceStorageAccountId
+          uri: sourceVhdUri
+        }
+      }
+    }
+    safetyProfile: {
+      allowDeletionOfReplicatedLocations: allowDeletionOfReplicatedLocations
+    }
+  }
+  tags: {}
+}

scripts/build-vm-images.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Find the absolute path of the directory containing this script
+SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+. "$SCRIPTS_DIR/common.sh"
+
+sudo rm -rf "$REPO_ROOT/base/build/work/vm-base/*"
+sudo rm -rf "$REPO_ROOT/base/out/images/*"
+
+# Build vm-base image using azldev
+azldev image build vm-base --local-repo "$REPO_ROOT/base/out" --remote-repo "$REMOTE_KOJI_REPO_URL" --remote-repo-no-gpgcheck

scripts/common.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+set -euxo pipefail
+
+REPO_ROOT="$( cd "$SCRIPTS_DIR/.." &> /dev/null && pwd )"
+
+# Set your Azure subscription ID
+export SUBSCRIPTION_ID="<your-subscription-id>"
+
+# Set resource configuration
+export RESOURCE_GROUP_NAME="<your-resource-group-name>"
+export LOCATION="westus3"
+export STORAGE_ACCOUNT_NAME="<your-storage-account-name>"
+export STORAGE_CONTAINER_NAME="<your-storage-container-name>"
+export PUBLISHER="<your-publisher-name>"
+export OFFER="<your-offer-name>"
+export TIME_TAG="$(date +%Y%m%d-%H%M%S)"
+export STORAGE_BLOB_NAME="azl4-vm-base.x86_64-${TIME_TAG}.vhdfixed"
+export VM_NAME="${USER}-azl-vm-${TIME_TAG}"
+export SSH_USER="<your-ssh-username>"
+export SSH_PUBLIC_KEY_PATH="<path-to-your-ssh-public-key>"
+
+# Set VM size based on architecture
+ARCH="<test-vm-architecture>" # e.g., "x86_64" or "aarch64"
+if [ "$ARCH" = "aarch64" ]; then
+    export TEST_VM_SIZE="Standard_D4ps_v6"
+else
+    export TEST_VM_SIZE="Standard_D4s_v5"
+fi
+
+# Set local image path
+export IMAGE_PATH="$REPO_ROOT/base/out/images/vm-base/azl4-vm-base.x86_64-0.1.vhdfixed"
+
+# Set gallery configuration
+export GALLERY_NAME="<your-gallery-name>"
+export GALLERY_IMAGE_DEFINITION="<your-image-definition-name>"
+export REMOTE_KOJI_REPO_URL="<your-remote-koji-repo-url>"
+
+function get-image-version() {
+    # If the image definition doesn't exist yet, return the initial version
+    if ! az sig image-definition show --resource-group "$RESOURCE_GROUP_NAME" --gallery-name "$GALLERY_NAME" --gallery-image-name "$GALLERY_IMAGE_DEFINITION" >/dev/null 2>&1; then
+        echo "0.0.1"
+        return 0
+    fi
+
+    # Get the latest version from the gallery
+    local image_version
+    image_version=$(az sig image-version list \
+        --resource-group "$RESOURCE_GROUP_NAME" \
+        --gallery-name "$GALLERY_NAME" \
+        --gallery-image-name "$GALLERY_IMAGE_DEFINITION" --query '[].name' -o tsv |
+        sort -t "." -k1,1n -k2,2n -k3,3n |
+        tail -1)
+
+    if [ -z "$image_version" ]; then
+        echo "0.0.1"
+    else
+        echo "$image_version"
+    fi
+}
+
+function increment-version() {
+    local version="${1:?Usage: increment-version <major.minor.patch>}"
+    echo "$version" | awk -F. '{print $1"."$2"."$3+1}'
+}

scripts/deploy-azure-vm.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -euxo pipefail
+# Find the absolute path of the directory containing this script
+SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+. "$SCRIPTS_DIR/common.sh"
+
+image_version="$(get-image-version)"
+az vm create \
+        --resource-group "$RESOURCE_GROUP_NAME" \
+        --name "$VM_NAME" \
+        --size "$TEST_VM_SIZE" \
+        --admin-username "$SSH_USER" \
+        --ssh-key-values "$SSH_PUBLIC_KEY_PATH" \
+        --image "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP_NAME/providers/Microsoft.Compute/galleries/$GALLERY_NAME/images/$GALLERY_IMAGE_DEFINITION/versions/$image_version" \
+        --location "$LOCATION" \
+        --debug

scripts/publish-sig-image.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+set -euxo pipefail
+# Find the absolute path of the directory containing this script
+SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+. "$SCRIPTS_DIR/common.sh"
+
+storage_account_url="https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net"
+storage_account_resource_id="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP_NAME/providers/Microsoft.Storage/storageAccounts/$STORAGE_ACCOUNT_NAME"
+
+replicationMode="Shallow"
+storage_blob_endpoint="$storage_account_url/$STORAGE_CONTAINER_NAME/$STORAGE_BLOB_NAME"
+
+az account set --subscription "$SUBSCRIPTION_ID"
+
+if [ "$(az group exists -n "$RESOURCE_GROUP_NAME")" == "false" ]; then
+    az group create \
+        --name "$RESOURCE_GROUP_NAME" \
+        --location "$LOCATION"
+fi
+
+# Ensure STORAGE_ACCOUNT_NAME exists and the managed identity has access
+if ! az storage account show --ids "$storage_account_resource_id"; then
+    echo "Could not find storage account \"$STORAGE_ACCOUNT_NAME\" in the expected location. Creating the storage account."
+
+    if [ "$(az storage account check-name --name "$STORAGE_ACCOUNT_NAME" --query nameAvailable)" == "false" ]; then
+        echo "Storage account name $STORAGE_ACCOUNT_NAME is not available"
+        exit 1
+    fi
+    az storage account create \
+        --resource-group "$RESOURCE_GROUP_NAME" \
+        --name "$STORAGE_ACCOUNT_NAME" \
+        --location "$LOCATION" \
+        --allow-shared-key-access false
+fi
+
+# Ensure "build_target" storage container exists
+containerExists=$(az storage container exists --account-name "$STORAGE_ACCOUNT_NAME" --name "$STORAGE_CONTAINER_NAME" --auth-mode login | jq .exists)
+if [[ $containerExists != "true" ]]; then
+    echo "Could not find container \"$STORAGE_CONTAINER_NAME\". Creating container \"$STORAGE_CONTAINER_NAME\" in storage account \"$STORAGE_ACCOUNT_NAME\"..."
+    az storage container create \
+        --account-name "$STORAGE_ACCOUNT_NAME" \
+        --name "$STORAGE_CONTAINER_NAME" \
+        --auth-mode login
+fi
+
+# Upload the image artifact to Storage Account
+azcopy copy "$IMAGE_PATH" "$storage_blob_endpoint" --blob-type=PageBlob
+
+# Ensure GALLERY_NAME exists
+if ! az sig show -r "$GALLERY_NAME" -g "$RESOURCE_GROUP_NAME"; then
+    echo "Could not find image gallery \"$GALLERY_NAME\" in resource group \"$RESOURCE_GROUP_NAME\". Creating the gallery."
+    az sig create \
+        --resource-group "$RESOURCE_GROUP_NAME" \
+        --gallery-name "$GALLERY_NAME" \
+        --location "$LOCATION"
+fi
+
+# Ensure the "build_target" image-definition exists
+# Note: We publish only the VHD from the secure-prod the SIG
+imageDefinitionExists=$(az sig image-definition list -r "$GALLERY_NAME" -g "$RESOURCE_GROUP_NAME" | grep "name" | grep -c "$GALLERY_IMAGE_DEFINITION" || :;) # the "|| :;" prevents grep from halting the script when it finds no matches and exits with exit code 1
+if [[ $imageDefinitionExists -eq 0 ]]; then
+    echo "Could not find image-definition \"$GALLERY_IMAGE_DEFINITION\". Creating definition \"$GALLERY_IMAGE_DEFINITION\" in gallery \"$GALLERY_NAME\"..."
+    az sig image-definition create \
+        --gallery-image-definition "$GALLERY_IMAGE_DEFINITION" \
+        --publisher "$PUBLISHER" \
+        --offer "$OFFER" \
+        --sku "$GALLERY_IMAGE_DEFINITION" \
+        --gallery-name "$GALLERY_NAME" \
+        --resource-group "$RESOURCE_GROUP_NAME" \
+        --location "$LOCATION" \
+        --os-type Linux
+fi
+
+image_version="$(increment-version "$(get-image-version)")"
+
+# Convert comma-separated regions to JSON array for bicep template
+# Note: Using a single region for now
+REGIONS_JSON=$(echo "$LOCATION" | awk -F, '{
+  printf "[";
+  for(i=1;i<=NF;i++) {
+    printf "\"%s\"", $i;
+    if(i<NF) printf ",";
+  }
+  printf "]";
+}')
+# Create Image Version from storage account blob
+az deployment group create \
+  --name "$GALLERY_IMAGE_DEFINITION-$image_version" \
+  --resource-group "$RESOURCE_GROUP_NAME" \
+  --template-file "$SCRIPTS_DIR/azure-gallery-image-base.bicep" \
+  --parameters galleryName="$GALLERY_NAME" \
+               imageDefinitionName="$GALLERY_IMAGE_DEFINITION" \
+               versionName="$image_version" \
+               location="$LOCATION" \
+               regions="$REGIONS_JSON" \
+               sourceStorageAccountId="$storage_account_resource_id" \
+               sourceVhdUri="$storage_blob_endpoint" \
+               replicationMode="$replicationMode"