chore: cache oras binary in Windows image

[jiashun0011]

What this PR does / why we need it:

Cache oras binary in Windows image.

Which issue(s) this PR fixes:

Chore: cache oras binary in Windows image

[github-actions]

Changes cached containers or packages on windows VHDs

Please get a Windows SIG member to approve.

The following dif file shows any additions or deletions from what will be cached on windows VHDs organised by VHD type.

• Additions are new things cached.
• Deletions are things no longer cached.

diff --git a/vhd_files/2019-containerd.txt b/vhd_files/2019-containerd.txt
index 17dbc7d..013c301 100644
--- a/vhd_files/2019-containerd.txt
+++ b/vhd_files/2019-containerd.txt
@@ -15,0 +16 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/2022-containerd-gen2.txt b/vhd_files/2022-containerd-gen2.txt
index 0209fde..5ba7057 100644
--- a/vhd_files/2022-containerd-gen2.txt
+++ b/vhd_files/2022-containerd-gen2.txt
@@ -16,0 +17 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/2022-containerd.txt b/vhd_files/2022-containerd.txt
index 73642bd..b61c807 100644
--- a/vhd_files/2022-containerd.txt
+++ b/vhd_files/2022-containerd.txt
@@ -16,0 +17 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/2025-gen2.txt b/vhd_files/2025-gen2.txt
index 0f7e754..7e7797a 100644
--- a/vhd_files/2025-gen2.txt
+++ b/vhd_files/2025-gen2.txt
@@ -13,0 +14 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/2025.txt b/vhd_files/2025.txt
index f80e2a6..8c3042b 100644
--- a/vhd_files/2025.txt
+++ b/vhd_files/2025.txt
@@ -13,0 +14 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/23H2-gen2.txt b/vhd_files/23H2-gen2.txt
index 3d8175c..89f7956 100644
--- a/vhd_files/23H2-gen2.txt
+++ b/vhd_files/23H2-gen2.txt
@@ -14,0 +15 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip
diff --git a/vhd_files/23H2.txt b/vhd_files/23H2.txt
index 4ef680f..61d01f9 100644
--- a/vhd_files/23H2.txt
+++ b/vhd_files/23H2.txt
@@ -14,0 +15 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
+c:\akse-cache\oras\: https://github.com/oras-project/oras/releases/download/v1.2.2/oras_1.2.2_windows_amd64.zip

[Copilot]

Pull request overview

Adds Windows support for caching the oras CLI as part of the Windows VHD build cache, by extending the shared components manifest.

Changes:

• Added windowsDownloadLocation for the oras package.
• Added a Windows-specific downloadURIs.windows.default entry for oras (v1.2.2).

[Copilot]

The Windows oras version here (1.2.2) doesn’t match the oras version currently used during Windows VHD build for OCI pulls (vhdbuilder/packer/windows/configure-windows-vhd.ps1 hardcodes 1.2.3). This creates version drift and can result in downloading/storing two different oras zips in a single build (extra time/space) while the cached copy may never be used. Consider aligning the version with what the VHD build uses, and ideally sourcing the oras version from a single place (e.g., components.json) to prevent future divergence.

[fseldow]

@jiashun0011
found function Pull-OCIArtifact, it hardcode to install v1.2.3 oras and installed seems only in aksTempDir "c:\akstemp". I guess it is not impleted for cse runtime?
cc @abeltrano

[fseldow]

maybe we can change the cache version to v1.2.3
and in Pull-OCIArtifact, we modify to detect cached version first, wdyt?

[fseldow]

akse-cache will be removed finally.
Do you think we should move the oras.exe to another place to keep it? e.g. c:/aks-tools/oras/oras.exe?

[djsly]

good point, let's use the future location to avoid problems in the future.

where can I learn more about the deprecation of the akse-cache folder ?

[fseldow]

i think it should happen during NodePrep

AgentBaker/parts/windows/kuberneteswindowssetup.ps1

Line 522 in f5a1abc

if (Test-Path $CacheDir)

i just created on windows node, kubectl enter this node but did not find c:\akse-cache

[timmy-wright]

As far as I'm aware, we have no plans to remove the aks-cache directory. It's used during node provisioning and it's probably deleted after the node joins the cluster to save drive space.

[fseldow]

from Get-PackagesToCacheOnVHD
i think it will only download the zip file in download path. Do we still need function to unzip it?

[djsly]

why not setting up renovate to fetch the version from github and have automatic PR created for ORAS.

[djsly]

1.2.3 is out, same as 1.3.0 shoudlnt we pick one of those two ?

[timmy-wright]

I'm confused. For windows, Oras seems to be only used during VHD creation. It's not needed (as far as I can tell) during node provisioning. So we don't need it cached on the VHD. Ideally it would be used to pull OCI Artifacts and then deleted afterwards.

If we want to update the version, we can do this in the configure-windows-vhd.ps1 file. Currently it's set to 1.2.3. We probably need a better way to specify this, but I don't think components.json is the right place.