Merged
Conversation
added 4 commits
April 1, 2026 13:14
Add two separate ACR SDK providers behind ORYX_ENABLE_ACR_SDK_PROVIDER: 1. ExternalAcrSdkProvider - communicates with LWASv2 via Unix socket to pull SDK images from WAWS Images ACR 2. AcrSdkProvider (direct) - downloads SDKs from Oryx ACR (oryxsdks.azurecr.io) using OCI Distribution API New files: - IExternalAcrSdkProvider.cs / ExternalAcrSdkProvider.cs - OciRegistryClient.cs - HTTP client for OCI Distribution API - AcrVersionProviderBase.cs - base class for ACR version discovery - Per-platform ACR version providers (Node, Python, PHP, DotNetCore) - publishSdkImageToAcr.sh / publishSdkToAcr.yml - ACR publish pipeline Modified files: - Platform install decisions (NodePlatform, PythonPlatform, PhpPlatform, DotNetCorePlatform) with ACR branch before existing DynamicInstall - Version provider orchestrators with ACR provider chain - PlatformInstallerBase with GetAcrInstallerScriptSnippet() - Go startup script generator with ACR download path - DI registrations for all new providers - Constants, options, settings keys for ACR configuration All changes are additive and behind feature flags. Existing blob storage code paths are completely untouched.
…esolution Remove ACR repository/tag construction from ExternalAcrSdkProvider. Now sends only platform, version, and debianFlavor to LWASv2. LWASv2 resolves the SDK companion image from LinuxAssets and handles pinning, containerd pull, mount, and extraction.
… OneBranch pipeline) Remove publishSdkImageToAcr.sh and publishSdkToAcr.yml since SDK images are now built and pushed using onebranch.pipeline.imagebuildinfo in the AAPT-Antares-Oryx pipeline, not via custom scripts.
CodingIsBliss
changed the title
Use the same ACR that AAPT-Antares-Oryx publishes SDK images to. Updated both C# constant and Go constant.
CodingIsBliss
force-pushed
the
feature/oryx-sdk-acr-distribution
branch
from
259f0c4 to
faa6b2d
Compare
added 2 commits
April 1, 2026 19:22
- SA1204: Move static GetFirstLayerDigest before instance members (OciRegistryClient.cs) - SA1124: Remove #region/#endregion around OCI JSON models (OciRegistryClient.cs) - SA1202: Move protected GetAcrInstallerScriptSnippet before private methods (PlatformInstallerBase.cs) - SA1116/SA1117: Place multi-line parameters each on own line (ExternalAcrSdkProvider.cs) - SA1515: Add blank line before single-line comment (DotNetCoreAcrVersionProvider.cs)
- SA1204: Move static GetFirstLayerDigest before instance members (OciRegistryClient.cs) - SA1124: Remove #region/#endregion around OCI JSON models (OciRegistryClient.cs) - SA1202: Move protected GetAcrInstallerScriptSnippet before private methods (PlatformInstallerBase.cs) - SA1116/SA1117: Place multi-line parameters each on own line (ExternalAcrSdkProvider.cs) - SA1515: Add blank line before single-line comment (DotNetCoreAcrVersionProvider.cs)
CodingIsBliss
force-pushed
the
feature/oryx-sdk-acr-distribution
branch
from
505580f to
3a88dfe
Compare
* fix: Resolve StyleCop analyzer errors in ACR SDK provider files - SA1204: Move static GetFirstLayerDigest before instance members (OciRegistryClient.cs) - SA1124: Remove #region/#endregion around OCI JSON models (OciRegistryClient.cs) - SA1202: Move protected GetAcrInstallerScriptSnippet before private methods (PlatformInstallerBase.cs) - SA1116/SA1117: Place multi-line parameters each on own line (ExternalAcrSdkProvider.cs) - SA1515: Add blank line before single-line comment (DotNetCoreAcrVersionProvider.cs) * fix sdk providers logic * refactor pythonPlatform * refctor for dotnet,php and node --------- Co-authored-by: Sarath chandra Bussa <sbussa@microsoft.com>
Member
|
Maybe we need 2 config flags here? |
…m/microsoft/Oryx into feature/oryx-sdk-acr-distribution
* fix node logic and some other bugs * more fixes * socket helper refactor * more fixes * add tests * refactor version provider * fix build * bump version
* fix node logic and some other bugs * more fixes * socket helper refactor * more fixes * add tests * refactor version provider * fix build * bump version * add tests
sarsharma
reviewed
Apr 7, 2026
sarsharma
approved these changes
Apr 8, 2026
CodingIsBliss
commented
Apr 8, 2026
…2897) - Modify buildPlatform() in __common.sh: when VERSIONS_TO_BUILD_OVERRIDE is set, filter versionsToBuild.txt to only matching versions and set OVERWRITE_EXISTING_SDKS=true to bypass blob existence checks - Add ARG/ENV VERSIONS_TO_BUILD_OVERRIDE to nodejs, python, php, and php-composer Dockerfiles so the env var reaches build containers via --build-arg Co-authored-by: Sarath chandra Bussa <sbussa@microsoft.com>
Shi1810
reviewed
Apr 8, 2026
src/BuildScriptGenerator/DotNetCore/VersionProviders/DotNetCoreSdkStorageVersionProvider.cs
Show resolved
Hide resolved
Shi1810
reviewed
Apr 8, 2026
src/BuildScriptGenerator/DotNetCore/VersionProviders/DotNetCoreSdkStorageVersionProvider.cs
Show resolved
Hide resolved
Shi1810
reviewed
Apr 8, 2026
src/BuildScriptGenerator/DotNetCore/VersionProviders/DotNetCoreSdkStorageVersionProvider.cs
Show resolved
Hide resolved
siriande
reviewed
Apr 8, 2026
src/BuildScriptGenerator/DotNetCore/VersionProviders/DotNetCoreAcrVersionProvider.cs
Show resolved
Hide resolved
siriande
reviewed
Apr 8, 2026
src/BuildScriptGenerator/DotNetCore/VersionProviders/DotNetCoreAcrVersionProvider.cs
Show resolved
Hide resolved
Shi1810
reviewed
Apr 8, 2026
CodingIsBliss
commented
Apr 8, 2026
CodingIsBliss
commented
Apr 8, 2026
CodingIsBliss
commented
Apr 8, 2026
prathambande
reviewed
Apr 8, 2026
…m/microsoft/Oryx into feature/oryx-sdk-acr-distribution
kumaraksh1
approved these changes
Apr 8, 2026
Shi1810
approved these changes
Apr 8, 2026
Collaborator
Author
|
lgtm |
prathambande
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Multiple ways to pull SDKs from different resources based on environment variables:
ORYX_ENABLE_EXTERNAL_ACR_SDK_PROVIDER
Oryx -> Socket -> ACR
ORYX_ENABLE_EXTERNAL_SDK_PROVIDER (Existing flow for App Services)
Oryx -> Socket -> Storage Account
ORYX_ENABLE_ACR_SDK_PROVIDER
Oryx -> ACR
Oryx -> Storage Account
Priority and Fallback order
Review Guide
Start at DefaultPlatformsInformationProvider.cs → GetPlatformsInfo(). This is the entry point that detects platforms and logs SDK provider status (new). It calls platform.Detect() for each platform.
Follow the flow for each platform:
Python — PythonPlatform.Detect() → ResolveVersions() → GetInstallerScriptSnippet()
PHP — PhpPlatform → InstallPhp() / InstallPhpComposer() (refactored with ACR fallback chain)
Node — NodePlatform → same pattern as Python
DotNet — DotnetCorePlatform → has extra SDK↔Runtime version mapping via compound ACR tags
Key new shared components:
Key new shared components:
AcrSdkProvider.cs — Direct OCI API client (downloads SDK tarballs from ACR)
OciRegistryClient.cs — HTTP client for OCI Distribution API
ExternalAcrSdkProvider.cs / ExternalAcrVersionProviderBase.cs — Socket-based ACR path
Modified existing files:
PlatformInstallerBase.cs → skipSdkBinaryDownload block added for ACR tarball lookup + extraction
Some other points:
Python, Node, DotNet: GetInstallerScriptSnippet returns a string — each TryInstall* returns the script or null
PHP: Uses StringBuilder — each TryInstall* appends directly to the builder and returns bool. This is because PHP installs two things (PHP + Composer) in a single GetInstallerScriptSnippet call
All other platforms: {osFlavor}-{version} (e.g., noble-3.14.3)
DotNet: {osFlavor}-{sdkVersion}_{runtimeVersion} (e.g., noble-10.0.201_10.0.5) because .NET requires runtime→SDK version mapping. DotNetCoreAcrVersionProvider parses this; AcrSdkProvider passes runtimeVersion as an optional parameter to construct the correct tag
FROM scratch; COPY sdk.tar.gz / produces a layer that wraps the tarball inside a tar
AcrSdkProvider.ExtractFileFromTar extracts the inner SDK tarball using System.Formats.Tar.TarReader — so by the time PlatformInstallerBase runs, the file at dynamicPath is already the raw SDK tarball, same as what CDN/blob providers produce
Each provider is independent — if one fails, the next is tried without any state leaking
Order: External-ACR (socket→host→ACR) → External-SDK (socket→host→blob) → Direct-ACR (OCI API) → CDN
The first two are controlled by the App Service platform; the last two are Oryx-native
Even "anonymous pull" ACR registries require a bearer token exchange — OciRegistryClient handles this transparently with per-scope token caching
Testing
With ACR Provider enabled (direct ACR pull from Oryx)
With External ACR Provider enabled (pulled via socket communication)