Automatically use latest release#588
Conversation
|
I see now I need to fix some code. Please hold off on approving the pull request. |
|
Ok, I just tested my last commit and it's working as expected. I did notice that CNI is being downloaded twice, once in
|
|
This issue has been open for 30 days with no updates. |
8 similar comments
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
|
This issue has been open for 30 days with no updates. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR updates the containerd runtime installer script to default to pulling the latest upstream GitHub releases when versions aren’t explicitly provided.
Changes:
- Makes Containerd/NerdCTL/WinCNI version parameters optional (no longer hardcoded defaults).
- Adds GitHub API calls to detect and download the latest release assets for Containerd, NerdCTL, and WinCNI.
- Updates WinCNI download in the network setup path to use latest release assets.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| curl.exe -LO https://github.com/microsoft/windows-container-networking/releases/download/v0.3.0/windows-container-networking-cni-amd64-v0.3.0.zip | ||
| Expand-Archive -Path .\windows-container-networking-cni-amd64-v0.3.0.zip -DestinationPath $containerdPath | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/microsoft/windows-container-networking/releases/latest" | ||
| $url = ($ReleaseAssets.assets | ? name -Match "64.+zip$") |
There was a problem hiding this comment.
($ReleaseAssets.assets | ? ...) can return multiple matching assets; in that case $url.browser_download_url / $url.name become arrays and curl.exe / Expand-Archive will receive System.Object[] (or otherwise fail). Select a single deterministic asset (e.g., Select-Object -First 1, or stronger filtering on an exact asset name) and consider failing fast with a clear error if no matches are found.
| $url = ($ReleaseAssets.assets | ? name -Match "64.+zip$") | |
| $matchingAssets = $ReleaseAssets.assets | Where-Object { $_.name -match "64.+zip$" } | Sort-Object -Property name | |
| if (-not $matchingAssets) { | |
| throw "No windows-container-networking release asset matching '64.+zip$' was found." | |
| } | |
| $url = $matchingAssets | Select-Object -First 1 |
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/containerd/releases/latest" | ||
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") | ||
| $URL = $Release.browser_download_url | ||
| $ContainerdZip = $Release.Name |
There was a problem hiding this comment.
Same issue as above: the asset filter can match multiple items, making $Release.browser_download_url / $Release.Name arrays and breaking Copy-File. Make the selection deterministic (pick exactly one asset) and handle the 'no asset matched' case explicitly so failures are understandable.
| $URL = "https://github.com/containerd/nerdctl/releases/download/v$NerdCTLVersion/$NerdCTLZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/nerdctl/releases/latest" | ||
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") |
There was a problem hiding this comment.
This has the same multi-match failure mode as the containerd block. Ensure exactly one asset is selected (or tighten the regex to match a single expected filename) and error out clearly if none/too many matches are found.
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") | |
| $Matches = @($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") | |
| if ($Matches.Count -eq 0) { | |
| throw "Could not find a matching nerdctl Windows x64 .gz asset in the latest release." | |
| } | |
| if ($Matches.Count -gt 1) { | |
| throw "Expected exactly one matching nerdctl Windows x64 .gz asset in the latest release, but found $($Matches.Count)." | |
| } | |
| $Release = $Matches[0] |
| $URL = "https://github.com/microsoft/windows-container-networking/releases/download/v$WinCNIVersion/$WinCNIZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/microsoft/windows-container-networking/releases/latest" | ||
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+zip$") |
There was a problem hiding this comment.
This filter is likely to match multiple zip assets over time (different variants/builds). If it returns more than one result, $URL and $WinCNIZip become arrays and downstream steps will fail. Select a single asset deterministically (or match the exact expected WinCNI asset name) and handle the empty result case.
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+zip$") | |
| $MatchingAssets = @( | |
| $ReleaseAssets.assets | | |
| ? name -Match "^windows-container-networking-cni-amd64-v.+\.zip$" | | |
| Sort-Object -Property Name | |
| ) | |
| if ($MatchingAssets.Count -eq 0) { | |
| throw "Unable to find a WinCNI release asset matching 'windows-container-networking-cni-amd64-v*.zip' in the latest release." | |
| } | |
| $Release = $MatchingAssets | Select-Object -First 1 |
| $ContainerdZip = "containerd-$ContainerDVersion-windows-amd64.tar.gz" | ||
| $URL = "https://github.com/containerd/containerd/releases/download/v$ContainerDVersion/$ContainerdZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/containerd/releases/latest" |
There was a problem hiding this comment.
Relying on unauthenticated GitHub API calls makes the script vulnerable to rate limiting (especially in CI or shared NAT environments). Consider supporting an optional GITHUB_TOKEN (Authorization header) or documenting the rate-limit behavior and adding retries/backoff so installs don’t fail intermittently.
| $NerdCTLZip = "nerdctl-$NerdCTLVersion-windows-amd64.tar.gz" | ||
| $URL = "https://github.com/containerd/nerdctl/releases/download/v$NerdCTLVersion/$NerdCTLZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/nerdctl/releases/latest" |
There was a problem hiding this comment.
Relying on unauthenticated GitHub API calls makes the script vulnerable to rate limiting (especially in CI or shared NAT environments). Consider supporting an optional GITHUB_TOKEN (Authorization header) or documenting the rate-limit behavior and adding retries/backoff so installs don’t fail intermittently.
| $WinCNIZip = "windows-container-networking-cni-amd64-v$WinCNIVersion.zip" | ||
| $URL = "https://github.com/microsoft/windows-container-networking/releases/download/v$WinCNIVersion/$WinCNIZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/microsoft/windows-container-networking/releases/latest" |
There was a problem hiding this comment.
Relying on unauthenticated GitHub API calls makes the script vulnerable to rate limiting (especially in CI or shared NAT environments). Consider supporting an optional GITHUB_TOKEN (Authorization header) or documenting the rate-limit behavior and adding retries/backoff so installs don’t fail intermittently.
|
|
||
| if ($ContainerdVersion) { | ||
| $ContainerdZip = "containerd-$ContainerDVersion-windows-amd64.tar.gz" | ||
| $URL = "https://github.com/containerd/containerd/releases/download/v$ContainerDVersion/$ContainerdZip" | ||
| } else { | ||
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/containerd/releases/latest" | ||
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") | ||
| $URL = $Release.browser_download_url | ||
| $ContainerdZip = $Release.Name | ||
| } |
There was a problem hiding this comment.
The 'pinned version vs latest release' logic is duplicated three times with only repo/regex/filename differences. Consider extracting a small helper (e.g., 'resolve release asset URL + filename') to reduce repetition and ensure any future fixes (like deterministic asset selection and error handling) are applied consistently.
| if ($ContainerdVersion) { | |
| $ContainerdZip = "containerd-$ContainerDVersion-windows-amd64.tar.gz" | |
| $URL = "https://github.com/containerd/containerd/releases/download/v$ContainerDVersion/$ContainerdZip" | |
| } else { | |
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/containerd/containerd/releases/latest" | |
| $Release = ($ReleaseAssets.assets | ? name -Match "Windows.+64.+gz$") | |
| $URL = $Release.browser_download_url | |
| $ContainerdZip = $Release.Name | |
| } | |
| function Resolve-GitHubReleaseAsset { | |
| param( | |
| [string] | |
| $Repository, | |
| [string] | |
| $Version, | |
| [string] | |
| $PinnedAssetName, | |
| [string] | |
| $LatestAssetPattern | |
| ) | |
| if ($Version) { | |
| return @{ | |
| Url = "https://github.com/$Repository/releases/download/v$Version/$PinnedAssetName" | |
| Name = $PinnedAssetName | |
| } | |
| } | |
| $ReleaseAssets = Invoke-RestMethod "https://api.github.com/repos/$Repository/releases/latest" | |
| $Release = $ReleaseAssets.assets | Where-Object name -Match $LatestAssetPattern | Select-Object -First 1 | |
| return @{ | |
| Url = $Release.browser_download_url | |
| Name = $Release.Name | |
| } | |
| } | |
| $ContainerdRelease = Resolve-GitHubReleaseAsset ` | |
| -Repository "containerd/containerd" ` | |
| -Version $ContainerdVersion ` | |
| -PinnedAssetName "containerd-$ContainerDVersion-windows-amd64.tar.gz" ` | |
| -LatestAssetPattern "Windows.+64.+gz$" | |
| $URL = $ContainerdRelease.Url | |
| $ContainerdZip = $ContainerdRelease.Name |
| #Download and extract nerdctl binaries | ||
| $NerdCTLZip = "nerdctl-$NerdCTLVersion-windows-amd64.tar.gz" | ||
| Copy-File "https://github.com/containerd/nerdctl/releases/download/v$NerdCTLVersion/$NerdCTLZip" "$NerdCTLPath\$NerdCTLZip" | ||
| if ($NerdCTLVersion) { |
There was a problem hiding this comment.
The 'pinned version vs latest release' logic is duplicated three times with only repo/regex/filename differences. Consider extracting a small helper (e.g., 'resolve release asset URL + filename') to reduce repetition and ensure any future fixes (like deterministic asset selection and error handling) are applied consistently.
| $WinCNIZip = "windows-container-networking-cni-amd64-v$WinCNIVersion.zip" | ||
| Copy-File "https://github.com/microsoft/windows-container-networking/releases/download/v$WinCNIVersion/$WinCNIZip" "$WinCNIPath\$WinCNIZip" | ||
| #Download and extract cni binaries | ||
| if ($WinCNIVersion) { |
There was a problem hiding this comment.
The 'pinned version vs latest release' logic is duplicated three times with only repo/regex/filename differences. Consider extracting a small helper (e.g., 'resolve release asset URL + filename') to reduce repetition and ensure any future fixes (like deterministic asset selection and error handling) are applied consistently.
|
I tested the PR that enables automatic retrieval of the latest release versions via the GitHub API instead of hardcoding them and confirmed that the system installs the latest containerd version successfully. |
chaitanya51906312
left a comment
chaitanya51906312
left a comment
There was a problem hiding this comment.
I tested the PR that enables automatic retrieval of the latest release versions via the GitHub API instead of hardcoding them and confirmed that the system installs the latest containerd version successfully.
sureshbabu-msft
requested review from
sureshbabu-msft
and removed request for
sureshbabu-msft
I updated the script to by default use the latest releases of the packages instead of relying on hardcoded versions. I still left the option for hardcoded versions in case someone wants to use specific versions.