Container image with scancode preinstalled

[mthalman]

The license scan smoke test requires that scancode toolkit be installed. This is currently done within the pipeline. A better configuration would be to have a container image defined which already contains scancode and have the build agent use that image. This can be done via the https://github.com/dotnet/dotnet-buildtools-prereqs-docker repo.

An open question is whether this should be installed into the base image used by source build to build the VMR or whether a separate image should be defined.

[mthalman]

The container image should be used as a container job within the Azure DevOps pipeline. So the other requirements that it would need are to have .NET SDK installed since the job needs to build and run the license scan tests. Since it's going to have the .NET SDK installed, we don't want this same container image to be used for source build; we'd want a dedicated image specifically for scancode.

[Winniexu01]

Hi @mthalman , regarding the .NET SDK version, it's actually defined in this global.json. My current approach is to install a fixed version (e.g., main - 10.0.100-preview.4.25216.3), and update the corresponding container image if major version update. I'd like to check if you have any other suggestions or recommendations for handling SDK version.

[mthalman]

It should just make use of the existing .NET SDK container image (mcr.microsoft.com/dotnet/sdk:10.0-preview) and install scancode on top of that.

[MichaelSimons]

It should just make use of the existing .NET SDK container image (mcr.microsoft.com/dotnet/sdk:10.0-preview) and install scancode on top of that.

Was there any consideration to use Azure Linux vs Ubuntu? I would think Azure Linux would have been a better choice for use given it's usage.