OpenSSF Scorecard - pin docker images to exact digest - ASP.NET Framework (#4124)

Author: Kielek

build/Build.Steps.Windows.cs

@@ -136,15 +136,7 @@ partial class Build
         .Executes(() =>
         {
             var aspNetProject = Solution.GetProjectByName(Projects.Tests.Applications.AspNet);
-            BuildDockerImage(aspNetProject);
-
-            DockerBuild(x => x
-                .SetPath(".")
-                .SetFile(aspNetProject.Directory / "Classic.Dockerfile")
-                .EnableRm()
-                .SetTag(($"{Path.GetFileNameWithoutExtension(aspNetProject).Replace(".", "-")}-classic").ToLowerInvariant())
-                .SetProcessWorkingDirectory(aspNetProject.Directory)
-            );
+            BuildDockerImage(aspNetProject, "integrated", "classic");
 
             var wcfProject = Solution.GetProjectByName(Projects.Tests.Applications.WcfIis);
             BuildDockerImage(wcfProject);
@@ -153,7 +145,7 @@ partial class Build
             BuildDockerImage(owinProject);
         });
 
-    void BuildDockerImage(Project project)
+    void BuildDockerImage(Project project, params string[] targets)
     {
         const string moduleName = "OpenTelemetry.DotNet.Auto.psm1";
         var sourceModulePath = InstallationScriptsDirectory / moduleName;
@@ -176,13 +168,31 @@ void BuildDockerImage(Project project)
                     project.Directory / "Properties" / "PublishProfiles" / $"FolderProfile.{BuildConfiguration}.pubxml")
                 .SetTargetPath(project));
 
-            DockerBuild(x => x
-                .SetPath(".")
-                .SetBuildArg($"configuration={BuildConfiguration}")
-                .EnableRm()
-                .SetTag(Path.GetFileNameWithoutExtension(project).Replace(".", "-").ToLowerInvariant())
-                .SetProcessWorkingDirectory(project.Directory)
-            );
+            if (targets.Length > 0)
+            {
+                foreach (var target in targets)
+                {
+                    DockerBuild(x => x
+                        .SetPath(".")
+                        .SetBuildArg($"configuration={BuildConfiguration}")
+                        .EnableRm()
+                        .SetProcessWorkingDirectory(project.Directory)
+                        .SetTag($"{Path.GetFileNameWithoutExtension(project).Replace(".", "-")}-{target}".ToLowerInvariant())
+                        .SetTarget(target)
+                    );
+
+                }
+            }
+            else
+            {
+                DockerBuild(x => x
+                    .SetPath(".")
+                    .SetBuildArg($"configuration={BuildConfiguration}")
+                    .EnableRm()
+                    .SetProcessWorkingDirectory(project.Directory)
+                    .SetTag(Path.GetFileNameWithoutExtension(project).Replace(".", "-").ToLowerInvariant())
+                );
+            }
         }
         finally
         {

test/IntegrationTests/AspNetTests.cs

@@ -146,7 +146,7 @@ public async Task TracesResource()
         };
 
         var webPort = TcpPortProvider.GetOpenPort();
-        await using var container = await IISContainerTestHelper.StartContainerAsync("testapplication-aspnet-netframework", webPort, environmentVariables, Output);
+        await using var container = await IISContainerTestHelper.StartContainerAsync("testapplication-aspnet-netframework-integrated", webPort, environmentVariables, Output);
         await CallTestApplicationEndpoint(webPort);
 
         collector.ResourceExpector.AssertExpectations();
@@ -175,15 +175,15 @@ public async Task SubmitMetrics()
             ["OTEL_DOTNET_AUTO_METRICS_ASPNET_INSTRUMENTATION_ENABLED"] = "true" // Helps to reduce noise by enabling only AspNet metrics.
         };
         var webPort = TcpPortProvider.GetOpenPort();
-        await using var container = await IISContainerTestHelper.StartContainerAsync("testapplication-aspnet-netframework", webPort, environmentVariables, Output);
+        await using var container = await IISContainerTestHelper.StartContainerAsync("testapplication-aspnet-netframework-integrated", webPort, environmentVariables, Output);
         await CallTestApplicationEndpoint(webPort);
 
         collector.AssertExpectations();
     }
 
     private static string GetTestImageName(string appPoolMode)
     {
-        return appPoolMode == "Classic" ? "testapplication-aspnet-netframework-classic" : "testapplication-aspnet-netframework";
+        return appPoolMode == "Classic" ? "testapplication-aspnet-netframework-classic" : "testapplication-aspnet-netframework-integrated";
     }
 
     private async Task CallTestApplicationEndpoint(int webPort)

test/test-applications/integrations/TestApplication.AspNet.NetFramework/Classic.Dockerfile

@@ -1,6 +1,6 @@
 # escape=`
 
-FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2022@sha256:84079c734ab5aec702409ef7967ec47af9468c56ff4046882239cabacda78097
+FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2022@sha256:84079c734ab5aec702409ef7967ec47af9468c56ff4046882239cabacda78097 AS integrated
 ARG configuration=Debug
 ARG platform=x64
 WORKDIR /opentelemetry
@@ -16,3 +16,8 @@ ENV OTEL_DOTNET_AUTO_LOG_DIRECTORY=C:\inetpub\wwwroot\logs `
     OTEL_LOG_LEVEL=debug
 WORKDIR /inetpub/wwwroot
 COPY bin/${configuration}/app.publish .
+
+FROM integrated AS classic
+RUN Start-IISCommitDelay;`
+    (Get-IISAppPool -Name DefaultAppPool).ManagedPipelineMode = 'Classic';`
+    Stop-IISCommitDelay -Commit $True