updated

Dockerfile

@@ -8,6 +8,9 @@ RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes
 
 ARG ADDITIONAL_PACKAGES
 ENV ADDITIONAL_PACKAGES ${ADDITIONAL_PACKAGES:-}
+# Also can be "linux-arm", "linux-arm64".
+ENV TARGETARCH="linux-x64"
+
 RUN apt-get update \
 && apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -16,10 +19,14 @@ RUN apt-get update \
         git \
         iputils-ping \
         libcurl4 \
-        libicu60 \
+        libicu70 \
         libunwind8 \
         netcat \
-        ${ADDITIONAL_PACKAGES}
+        zip \
+        unzip \
+        ${ADDITIONAL_PACKAGES} \
+&& rm -rf /var/lib/apt/lists/* \
+&& apt-get clean    
 
 #Install OpenShift Client binary
 ENV OPENSHIFT_VERSION ${OPENSHIFT_VERSION:-4.15.9}
@@ -29,7 +36,11 @@ RUN /bin/bash /tmp/download-ocp.sh ${OPENSHIFT_VERSION} \
 
 WORKDIR /azp
 
-COPY ./start.sh .
-RUN chmod +x start.sh
+COPY ./start.sh ./
+RUN chmod +x ./start.sh \
+&&  chgrp -R 0 /azp \
+&&  chmod -R g=u /azp
+
+USER 1001
 
 CMD ["./start.sh"]

start.sh

@@ -1,85 +1,85 @@
 #!/bin/bash
 set -e
 
-if [ -z "$AZP_URL" ]; then
+if [ -z "${AZP_URL}" ]; then
   echo 1>&2 "error: missing AZP_URL environment variable"
   exit 1
 fi
 
-if [ -z "$AZP_TOKEN_FILE" ]; then
-  if [ -z "$AZP_TOKEN" ]; then
+if [ -z "${AZP_TOKEN_FILE}" ]; then
+  if [ -z "${AZP_TOKEN}" ]; then
     echo 1>&2 "error: missing AZP_TOKEN environment variable"
     exit 1
   fi
 
-  AZP_TOKEN_FILE=/azp/.token
-  echo -n $AZP_TOKEN > "$AZP_TOKEN_FILE"
+  AZP_TOKEN_FILE="/azp/.token"
+  echo -n "${AZP_TOKEN}" > "${AZP_TOKEN_FILE}"
 fi
 
 unset AZP_TOKEN
 
-if [ -n "$AZP_WORK" ]; then
-  mkdir -p "$AZP_WORK"
+if [ -n "${AZP_WORK}" ]; then
+  mkdir -p "${AZP_WORK}"
 fi
 
-rm -rf /azp/agent
-mkdir /azp/agent
-cd /azp/agent
-
-export AGENT_ALLOW_RUNASROOT="1"
-
 cleanup() {
-  if [ -e config.sh ]; then
+  trap "" EXIT
+
+  if [ -e ./config.sh ]; then
     print_header "Cleanup. Removing Azure Pipelines agent..."
 
-    ./config.sh remove --unattended \
-      --auth PAT \
-      --token $(cat "$AZP_TOKEN_FILE")
+    # If the agent has some running jobs, the configuration removal process will fail.
+    # So, give it some time to finish the job.
+    while true; do
+      ./config.sh remove --unattended --auth "PAT" --token $(cat "${AZP_TOKEN_FILE}") && break
+
+      echo "Retrying in 30 seconds..."
+      sleep 30
+    done
   fi
 }
 
 print_header() {
-  lightcyan='\033[1;36m'
-  nocolor='\033[0m'
-  echo -e "${lightcyan}$1${nocolor}"
+  lightcyan="\033[1;36m"
+  nocolor="\033[0m"
+  echo -e "\n${lightcyan}$1${nocolor}\n"
 }
 
 # Let the agent ignore the token env variables
-export VSO_AGENT_IGNORE=AZP_TOKEN,AZP_TOKEN_FILE
+export VSO_AGENT_IGNORE="AZP_TOKEN,AZP_TOKEN_FILE"
 
 print_header "1. Determining matching Azure Pipelines agent..."
 
-AZP_AGENT_RESPONSE=$(curl -LsS \
-  -u user:$(cat "$AZP_TOKEN_FILE") \
-  -H 'Accept:application/json;api-version=3.0-preview' \
-  "$AZP_URL/_apis/distributedtask/packages/agent?platform=linux-x64")
+AZP_AGENT_PACKAGES=$(curl -LsS \
+    -u user:$(cat "${AZP_TOKEN_FILE}") \
+    -H "Accept:application/json;" \
+    "${AZP_URL}/_apis/distributedtask/packages/agent?platform=${TARGETARCH}&top=1")
 
-if echo "$AZP_AGENT_RESPONSE" | jq . >/dev/null 2>&1; then
-  AZP_AGENTPACKAGE_URL=$(echo "$AZP_AGENT_RESPONSE" \
-    | jq -r '.value | map([.version.major,.version.minor,.version.patch,.downloadUrl]) | sort | .[length-1] | .[3]')
-fi
+AZP_AGENT_PACKAGE_LATEST_URL=$(echo "${AZP_AGENT_PACKAGES}" | jq -r ".value[0].downloadUrl")
 
-if [ -z "$AZP_AGENTPACKAGE_URL" -o "$AZP_AGENTPACKAGE_URL" == "null" ]; then
-  echo 1>&2 "error: could not determine a matching Azure Pipelines agent - check that account '$AZP_URL' is correct and the token is valid for that account"
+if [ -z "${AZP_AGENT_PACKAGE_LATEST_URL}" -o "${AZP_AGENT_PACKAGE_LATEST_URL}" == "null" ]; then
+  echo 1>&2 "error: could not determine a matching Azure Pipelines agent"
+  echo 1>&2 "check that account "${AZP_URL}" is correct and the token is valid for that account"
   exit 1
 fi
 
-print_header "2. Downloading and installing Azure Pipelines agent..."
+print_header "2. Downloading and extracting Azure Pipelines agent..."
 
-curl -LsS $AZP_AGENTPACKAGE_URL | tar -xz & wait $!
+curl -LsS "${AZP_AGENT_PACKAGE_LATEST_URL}" | tar -xz & wait $!
 
 source ./env.sh
 
-trap 'cleanup; exit 130' INT
-trap 'cleanup; exit 143' TERM
+trap "cleanup; exit 0" EXIT
+trap "cleanup; exit 130" INT
+trap "cleanup; exit 143" TERM
 
 print_header "3. Configuring Azure Pipelines agent..."
 
 ./config.sh --unattended \
   --agent "${AZP_AGENT_NAME:-$(hostname)}" \
-  --url "$AZP_URL" \
-  --auth PAT \
-  --token $(cat "$AZP_TOKEN_FILE") \
+  --url "${AZP_URL}" \
+  --auth "PAT" \
+  --token $(cat "${AZP_TOKEN_FILE}") \
   --pool "${AZP_POOL:-Default}" \
   --work "${AZP_WORK:-_work}" \
   --proxyurl "${PROXY_URL-}" \
@@ -88,17 +88,10 @@ print_header "3. Configuring Azure Pipelines agent..."
   --replace \
   --acceptTeeEula & wait $!
 
-# Automatic Cleanup fails if you remove the AZP_TOKEN_FILE
-# remove the administrative token before accepting work
-#rm $AZP_TOKEN_FILE
-
 print_header "4. Running Azure Pipelines agent..."
 
-# `exec` the node runtime so it's aware of TERM and INT signals
-# AgentService.js understands how to handle agent self-update and restart
-exec ./externals/node/bin/node ./bin/AgentService.js interactive --once & wait $!
+chmod +x ./run.sh
 
-# We expect the above process to exit when it runs once,
-# so we now run a cleanup process to remove this agent
-# from the pool
-cleanup
+# To be aware of TERM and INT signals call ./run.sh
+# Running it with the --once flag at the end will shut down the agent after the build is executed
+./run.sh "$@" --once & wait $!