From 46908dbf792c996aac9b204c8e3b54d6ad243891 Mon Sep 17 00:00:00 2001
From: "Travis Plunk (HE/HIM)" <tplunk@ntdev.microsoft.com>
Date: Thu, 4 Sep 2025 16:29:09 -0700
Subject: [PATCH 1/4] Update container images to use mcr.microsoft.com for
 Linux and Azure Linux

---
 .pipelines/PowerShell-Coordinated_Packages-Official.yml | 2 +-
 .pipelines/PowerShell-Packages-Official.yml             | 3 +--
 .pipelines/PowerShell-Release-Official-Azure.yml        | 3 +--
 .pipelines/PowerShell-Release-Official.yml              | 6 +++---
 .pipelines/apiscan-gen-notice.yml                       | 2 +-
 build.psm1                                              | 4 +++-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.pipelines/PowerShell-Coordinated_Packages-Official.yml b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
index efc28942fcc..5804b1591bb 100644
--- a/.pipelines/PowerShell-Coordinated_Packages-Official.yml
+++ b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
@@ -69,7 +69,7 @@ variables:
   - name: __DOTNET_RUNTIME_FEED
     value: ${{ parameters.InternalSDKBlobURL }}
   - name: LinuxContainerImage
-    value: onebranch.azurecr.io/linux/ubuntu-2004:latest
+    value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
   - name: WindowsContainerImage
     value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest
   - name: CDP_DEFINITION_BUILD_COUNT
diff --git a/.pipelines/PowerShell-Packages-Official.yml b/.pipelines/PowerShell-Packages-Official.yml
index f0d428bf1d6..b756b6f8c36 100644
--- a/.pipelines/PowerShell-Packages-Official.yml
+++ b/.pipelines/PowerShell-Packages-Official.yml
@@ -56,7 +56,7 @@ variables:
   - name: WindowsContainerImage
     value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' # Docker image which is used to build the project
   - name: LinuxContainerImage
-    value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
+    value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
   - group: mscodehub-feed-read-general
   - group: mscodehub-feed-read-akv
   - name: branchCounterKey
@@ -66,7 +66,6 @@ variables:
   - group: MSIXSigningProfile
   - name: templateFile
     value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
-  
 
 resources:
   pipelines:
diff --git a/.pipelines/PowerShell-Release-Official-Azure.yml b/.pipelines/PowerShell-Release-Official-Azure.yml
index 8e144f1ee55..1f210ac6745 100644
--- a/.pipelines/PowerShell-Release-Official-Azure.yml
+++ b/.pipelines/PowerShell-Release-Official-Azure.yml
@@ -47,11 +47,10 @@ variables:
   - name: WindowsContainerImage
     value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
   - name: LinuxContainerImage
-    value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
+    value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
   - group: PoolNames
   - name: templateFile
     value: ${{ iif ( parameters.OfficialBuild, 'v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates', 'v2/OneBranch.NonOfficial.CrossPlat.yml@onebranchTemplates' ) }}
-  
 
 resources:
   repositories:
diff --git a/.pipelines/PowerShell-Release-Official.yml b/.pipelines/PowerShell-Release-Official.yml
index 8c3e8728533..186e9757818 100644
--- a/.pipelines/PowerShell-Release-Official.yml
+++ b/.pipelines/PowerShell-Release-Official.yml
@@ -57,7 +57,7 @@ variables:
   - name: WindowsContainerImage
     value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest'
   - name: LinuxContainerImage
-    value: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
+    value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
   - name: ReleaseTagVar
     value: ${{ parameters.ReleaseTagVar }}
   - group: PoolNames
@@ -284,7 +284,7 @@ extends:
 
     - stage: PublishGitHubReleaseAndNuget
       displayName: Publish GitHub and Nuget Release
-      dependsOn: 
+      dependsOn:
         - setReleaseTagAndChangelog
         - UpdateChangeLog
       variables:
@@ -404,7 +404,7 @@ extends:
 
     - stage: ChangesToMaster
       displayName: Ensure changes are in GH master
-      dependsOn: 
+      dependsOn:
         - PublishPMC
       jobs:
       - template: /.pipelines/templates/approvalJob.yml@self
diff --git a/.pipelines/apiscan-gen-notice.yml b/.pipelines/apiscan-gen-notice.yml
index 7596f79998e..54f6f4725c5 100644
--- a/.pipelines/apiscan-gen-notice.yml
+++ b/.pipelines/apiscan-gen-notice.yml
@@ -26,7 +26,7 @@ variables:
   - group: 'ComponentGovernance'
   - group: 'PoolNames'
   - name: LinuxContainerImage
-    value: onebranch.azurecr.io/linux/ubuntu-2004:latest
+    value: mcr.microsoft.com/onebranch/azurelinux/build:3.0
   - name: WindowsContainerImage
     value: onebranch.azurecr.io/windows/ltsc2022/vse2022:latest
   - ${{ if eq(parameters['FORCE_CODEQL'],'true') }}:
diff --git a/build.psm1 b/build.psm1
index 7390bb183f7..ea7dbb85cdc 100644
--- a/build.psm1
+++ b/build.psm1
@@ -193,7 +193,7 @@ function Get-EnvironmentInformation
         $environment += @{'IsRedHatFamily' = $environment.IsCentOS -or $environment.IsFedora -or $environment.IsRedHat}
         $environment += @{'IsSUSEFamily' = $environment.IsSLES -or $environment.IsOpenSUSE}
         $environment += @{'IsAlpine' = $LinuxInfo.ID -match 'alpine'}
-        $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner'}
+        $environment += @{'IsMariner' = $LinuxInfo.ID -match 'mariner' -or $LinuxInfo.ID -match 'azurelinux'}
 
         # Workaround for temporary LD_LIBRARY_PATH hack for Fedora 24
         # https://github.com/PowerShell/PowerShell/issues/2511
@@ -2207,6 +2207,8 @@ function Get-RedHatPackageManager {
         "yum install -y -q"
     } elseif ($environment.IsFedora -or (Get-Command -Name dnf -CommandType Application -ErrorAction SilentlyContinue)) {
         "dnf install -y -q"
+    } elseif ($environment.IsMariner -or (Get-Command -Name Test-DscConfiguration -CommandType Application -ErrorAction SilentlyContinue)) {
+        "tdnf install -y -q"
     } else {
         throw "Error determining package manager for this distribution."
     }

From 7ee4e2442429deb26db0b8b8c32f95fcd660bf64 Mon Sep 17 00:00:00 2001
From: "Travis Plunk (HE/HIM)" <tplunk@ntdev.microsoft.com>
Date: Fri, 5 Sep 2025 09:56:32 -0700
Subject: [PATCH 2/4] Update cross-compilation error messages for linux-arm to
 include AzureLinux support

---
 build.psm1 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.psm1 b/build.psm1
index ea7dbb85cdc..d76dd7f63ff 100644
--- a/build.psm1
+++ b/build.psm1
@@ -353,8 +353,8 @@ function Start-PSBuild {
         $PSModuleRestore = $true
     }
 
-    if ($Runtime -eq "linux-arm" -and $environment.IsLinux -and -not $environment.IsUbuntu) {
-        throw "Cross compiling for linux-arm is only supported on Ubuntu environment"
+    if ($Runtime -eq "linux-arm" -and $environment.IsLinux -and -not $environment.IsUbuntu -and -not $environment.IsMariner) {
+        throw "Cross compiling for linux-arm is only supported on AzureLinux/Ubuntu environment"
     }
 
     if ("win-arm","win-arm64" -contains $Runtime -and -not $environment.IsWindows) {
@@ -2280,8 +2280,8 @@ function Start-PSBootstrap {
             # Note that when it is null, Invoke-Expression (but not &) must be used to interpolate properly
             $sudo = if (!$NoSudo) { "sudo" }
 
-            if ($BuildLinuxArm -and $environment.IsLinux -and -not $environment.IsUbuntu) {
-                Write-Error "Cross compiling for linux-arm is only supported on Ubuntu environment"
+            if ($BuildLinuxArm -and $environment.IsLinux -and -not $environment.IsUbuntu -and -not $environment.IsMariner) {
+                Write-Error "Cross compiling for linux-arm is only supported on AzureLinux/Ubuntu environment"
                 return
             }
 

From 791b6ef44796edf45988e541dab4bc3a6eb9c3ee Mon Sep 17 00:00:00 2001
From: "Travis Plunk (HE/HIM)" <tplunk@ntdev.microsoft.com>
Date: Fri, 5 Sep 2025 10:04:10 -0700
Subject: [PATCH 3/4] Add ps_official_build parameter to signing templates for
 consistency across builds

---
 .pipelines/PowerShell-Coordinated_Packages-Official.yml | 3 ++-
 .pipelines/templates/linux.yml                          | 1 +
 .pipelines/templates/mac.yml                            | 1 +
 .pipelines/templates/windows-hosted-build.yml           | 2 ++
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.pipelines/PowerShell-Coordinated_Packages-Official.yml b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
index 5804b1591bb..e88bb757fa4 100644
--- a/.pipelines/PowerShell-Coordinated_Packages-Official.yml
+++ b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
@@ -99,7 +99,8 @@ variables:
   # Disable BinSkim at job level to override NonOfficial template defaults
   - name: ob_sdl_binskim_enabled
     value: false
-  
+  - name: ps_official_build
+    value: ${{ parameters.OfficialBuild }}
 
 extends:
   template: ${{ variables.templateFile }}
diff --git a/.pipelines/templates/linux.yml b/.pipelines/templates/linux.yml
index 6c47fd8abfd..83b7aa58ef3 100644
--- a/.pipelines/templates/linux.yml
+++ b/.pipelines/templates/linux.yml
@@ -201,5 +201,6 @@ jobs:
   - template: /.pipelines/templates/obp-file-signing.yml@self
     parameters:
       binPath: $(DropRootPath)
+      OfficialBuild: $(ps_official_build)
 
   - template: /.pipelines/templates/step/finalize.yml@self
diff --git a/.pipelines/templates/mac.yml b/.pipelines/templates/mac.yml
index 310c5695979..b08becedc22 100644
--- a/.pipelines/templates/mac.yml
+++ b/.pipelines/templates/mac.yml
@@ -148,5 +148,6 @@ jobs:
   - template: /.pipelines/templates/obp-file-signing.yml@self
     parameters:
       binPath: $(DropRootPath)
+      OfficialBuild: $(ps_official_build)
 
   - template: /.pipelines/templates/step/finalize.yml@self
diff --git a/.pipelines/templates/windows-hosted-build.yml b/.pipelines/templates/windows-hosted-build.yml
index 35dadbb839c..8cd622149fa 100644
--- a/.pipelines/templates/windows-hosted-build.yml
+++ b/.pipelines/templates/windows-hosted-build.yml
@@ -206,6 +206,7 @@ jobs:
   - template: /.pipelines/templates/obp-file-signing.yml@self
     parameters:
       binPath: '$(Pipeline.Workspace)/Symbols_$(Architecture)'
+      OfficialBuild: $(ps_official_build)
 
   ## first we sign all the files in the bin folder
   - ${{ if eq(variables['Architecture'], 'fxdependent') }}:
@@ -213,6 +214,7 @@ jobs:
       parameters:
         binPath: '$(GlobalToolArtifactPath)/publish/PowerShell.Windows.x64/release'
         globalTool: 'true'
+        OfficialBuild: $(ps_official_build)
 
   - pwsh: |
       Get-ChildItem '$(GlobalToolArtifactPath)/obj/PowerShell.Windows.x64/release'

From aed3e3ae652e3b7ffe329b5a1c2b9e10fa88c148 Mon Sep 17 00:00:00 2001
From: "Travis Plunk (HE/HIM)" <tplunk@ntdev.microsoft.com>
Date: Fri, 5 Sep 2025 10:09:52 -0700
Subject: [PATCH 4/4] Change job pool type from windows to linux in PowerShell
 Coordinated Packages pipeline

---
 .pipelines/PowerShell-Coordinated_Packages-Official.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pipelines/PowerShell-Coordinated_Packages-Official.yml b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
index e88bb757fa4..96b4192c792 100644
--- a/.pipelines/PowerShell-Coordinated_Packages-Official.yml
+++ b/.pipelines/PowerShell-Coordinated_Packages-Official.yml
@@ -144,7 +144,7 @@ extends:
       - job: SetVars
         displayName: Set Variables
         pool:
-          type: windows
+          type: linux
 
         variables:
           - name: ob_outputDirectory