[backport v1.7] feat: adding dokcerfile templates for ACN images that are missing it and bumping Go version to 1.24.13 (#4341)

behzad-mir · web-flow · commit 7478ace68782 · 2026-04-22T22:44:12.000Z
feat: adding dokcerfile templates for ACN images that are missing it an dbumping Go version to 1.24.13 (#4289) * feat: add Dockerfile templates for ACN images and bump Go to 1.24.13 This PR extends the Dockerfile template system (used by CNI/CNS) to all remaining Go-based images for consistent base image version management. Changes: - Added Dockerfile templates for azure-ipam, azure-ip-masq-merger, azure-iptables-monitor, and cilium-log-collector - Added corresponding pipeline Dockerfile templates - Updated build/images.mk with render-simple and render-pipe targets - Bumped Go version to 1.24.13 (via rolling tag 1.24-azurelinux3.0) - Bumped ipv6-hp-bpf Go version to 1.24.13 (Debian bookworm image) CVE Impact: - Fixes 5 stdlib CVEs including CRITICAL CVE-2025-68121 (crypto/tls) - Remaining: CVE-2026-25679 (requires Go 1.25.8+) * fix: use msft-go in signed pipeline Cherry-picked from jpayne3506/msft-goSigned (0ffec35) This removes the dependency on the ADO GOVERSION variable and instead extracts Go directly from the msft-go container image referenced in each project's Dockerfile, keeping the signed pipeline in sync with the Dockerfile-based build.
diff --git a/.pipelines/build/binary.steps.yaml b/.pipelines/build/binary.steps.yaml
@@ -10,34 +10,37 @@ parameters:
 
 
 steps:
-- task: GoTool@0
+- task: ShellScript@2
+  displayName: "Install msft-go"
   inputs:
-    version: '$(GOVERSION)'
+    scriptPath: $(REPO_ROOT)/.pipelines/build/scripts/install-go.sh
+  env:
+      name: $(name)
 
 - bash: |
     # Ubuntu
     if [[ -f /etc/debian_version ]];then
       sudo apt-get update -y
       if [[ $GOARCH =~ amd64 ]]; then
         sudo apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-multilib tree
-        for dir in /usr/include/x86_64-linux-gnu/*; do 
-          sudo ln -sfn "$dir" /usr/include/$(basename "$dir") 
+        for dir in /usr/include/x86_64-linux-gnu/*; do
+          sudo ln -sfn "$dir" /usr/include/$(basename "$dir")
         done
-  
+
       elif [[ $GOARCH =~ arm64 ]]; then
         sudo apt-get install -y llvm clang linux-libc-dev linux-headers-generic libbpf-dev libc6-dev nftables iproute2 gcc-aarch64-linux-gnu tree
-        for dir in /usr/include/aarch64-linux-gnu/*; do 
+        for dir in /usr/include/aarch64-linux-gnu/*; do
           sudo ln -sfn "$dir" /usr/include/$(basename "$dir")
         done
       fi
     # Mariner
     else
       sudo tdnf install -y llvm clang libbpf-devel nftables tree
-      for dir in /usr/include/aarch64-linux-gnu/*; do 
+      for dir in /usr/include/aarch64-linux-gnu/*; do
         if [[ -d $dir ]]; then
-          sudo ln -sfn "$dir" /usr/include/$(basename "$dir") 
+          sudo ln -sfn "$dir" /usr/include/$(basename "$dir")
         elif [[ -f "$dir" ]]; then
-          sudo ln -Tsfn "$dir" /usr/include/$(basename "$dir") 
+          sudo ln -Tsfn "$dir" /usr/include/$(basename "$dir")
         fi
       done
     fi
diff --git a/.pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile b/.pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile
@@ -1,3 +1,5 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: .pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile.tmpl
 ARG ARCH
 
 FROM scratch AS linux
diff --git a/.pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile.tmpl b/.pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile.tmpl
@@ -0,0 +1,9 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC_PIPE}}
+ARG ARCH
+
+FROM scratch AS linux
+ARG ARTIFACT_DIR
+
+COPY ${ARTIFACT_DIR}/bin/azure-ip-masq-merger /azure-ip-masq-merger
+ENTRYPOINT ["/azure-ip-masq-merger"]
diff --git a/.pipelines/build/dockerfiles/azure-ipam.Dockerfile b/.pipelines/build/dockerfiles/azure-ipam.Dockerfile
@@ -1,7 +1,9 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: .pipelines/build/dockerfiles/azure-ipam.Dockerfile.tmpl
 ARG ARCH
 
 
-# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
 FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
 ARG ARTIFACT_DIR .
 
diff --git a/.pipelines/build/dockerfiles/azure-ipam.Dockerfile.tmpl b/.pipelines/build/dockerfiles/azure-ipam.Dockerfile.tmpl
@@ -0,0 +1,18 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC_PIPE}}
+ARG ARCH
+
+
+# {{.WIN_HPC_IMG}}
+FROM --platform=windows/${ARCH} {{.WIN_HPC_PIN}} as windows
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz.exe /dropgz.exe
+ENTRYPOINT [ "/dropgz.exe" ]
+
+
+FROM scratch AS linux
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz /dropgz
+ENTRYPOINT [ "/dropgz" ]
diff --git a/.pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile b/.pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile
@@ -1,10 +1,12 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: .pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile.tmpl
 ARG ARCH
 
 # mcr.microsoft.com/azurelinux/base/core:3.0
-FROM mcr.microsoft.com/azurelinux/base/core@sha256:9948138108a3d69f1dae62104599ac03132225c3b7a5ac57b85a214629c8567d AS mariner-core
+FROM mcr.microsoft.com/azurelinux/base/core@sha256:a452d39c91576f5a2c983c7d3b62521fabd08e16b4a7237e24bf2be3b06e1651 AS mariner-core
 
 # mcr.microsoft.com/azurelinux/distroless/minimal:3.0
-FROM mcr.microsoft.com/azurelinux/distroless/minimal@sha256:0801b80a0927309572b9adc99bd1813bc680473175f6e8175cd4124d95dbd50c AS mariner-distroless
+FROM mcr.microsoft.com/azurelinux/distroless/minimal@sha256:22810fd97d6ad5ec7d5bdd5b00233a3050be01d9e26b47b16cb6f1a7f178834b AS mariner-distroless
 
 FROM mariner-core AS iptables
 RUN tdnf install -y iptables
diff --git a/.pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile.tmpl b/.pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile.tmpl
@@ -0,0 +1,23 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC_PIPE}}
+ARG ARCH
+
+# {{.MARINER_CORE_IMG}}
+FROM {{.MARINER_CORE_PIN}} AS mariner-core
+
+# {{.MARINER_DISTROLESS_IMG}}
+FROM {{.MARINER_DISTROLESS_PIN}} AS mariner-distroless
+
+FROM mariner-core AS iptools
+RUN tdnf install -y iptables iproute
+
+FROM mariner-distroless AS linux
+ARG ARTIFACT_DIR
+COPY --from=iptools /usr/sbin/*tables* /usr/sbin/
+COPY --from=iptools /usr/sbin/ip /usr/sbin/
+COPY --from=iptools /usr/lib /usr/lib
+COPY --from=iptools /usr/lib64 /usr/lib64
+COPY ${ARTIFACT_DIR}/bin/azure-iptables-monitor /azure-iptables-monitor
+COPY ${ARTIFACT_DIR}/bin/azure-block-iptables /azure-block-iptables
+
+ENTRYPOINT ["/azure-iptables-monitor"]
diff --git a/.pipelines/build/dockerfiles/cilium-log-collector.Dockerfile b/.pipelines/build/dockerfiles/cilium-log-collector.Dockerfile
@@ -1,3 +1,5 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: .pipelines/build/dockerfiles/cilium-log-collector.Dockerfile.tmpl
 ARG ARCH
 
 FROM mcr.microsoft.com/oss/v2/fluent/fluent-bit:v4.2.2 as linux
diff --git a/.pipelines/build/dockerfiles/cilium-log-collector.Dockerfile.tmpl b/.pipelines/build/dockerfiles/cilium-log-collector.Dockerfile.tmpl
@@ -0,0 +1,7 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC_PIPE}}
+ARG ARCH
+
+FROM mcr.microsoft.com/oss/v2/fluent/fluent-bit:v4.2.2 as linux
+ARG ARTIFACT_DIR
+COPY ${ARTIFACT_DIR}/bin/out_azure_app_insights.so /out_azure_app_insights.so
diff --git a/.pipelines/build/images.jobs.yaml b/.pipelines/build/images.jobs.yaml
@@ -49,9 +49,17 @@ jobs:
         targetPath: $(REPO_ROOT)
         artifact: '${{ job_data.templateContext.repositoryArtifact }}'
 
-    - task: GoTool@0
+    - task: ShellScript@2
+      displayName: "Install crane"
+      inputs:
+        scriptPath: $(REPO_ROOT)/.pipelines/build/scripts/install-crane.sh
+
+    - task: ShellScript@2
+      displayName: "Install msft-go"
       inputs:
-        version: '$(GOVERSION)'
+        scriptPath: $(REPO_ROOT)/.pipelines/build/scripts/install-go.sh
+      env:
+        name: $(name)
 
     - task: ShellScript@2
       inputs:
@@ -76,15 +84,15 @@ jobs:
     - task: ShellScript@2
       displayName: "Package with DropGZ"
       condition: and(
-        succeeded(), 
+        succeeded(),
         eq(variables.packageWithDropGZ, 'True'))
       inputs:
         scriptPath: $(REPO_ROOT)/.pipelines/build/scripts/dropgz.sh
 
     - ${{ if not(contains(job_data.job, 'linux')) }}:
       - task: onebranch.pipeline.signing@1
         condition: and(
-          succeeded(), 
+          succeeded(),
           eq(variables.packageWithDropGZ, 'True'))
         inputs:
           command: 'sign'
@@ -94,7 +102,7 @@ jobs:
 
     # OneBranch artifacts are stored on a Windows machine which obliterates
     # Linux file permissions.
-    # This task is added (along with ob_extract_root_artifact in jobs that 
+    # This task is added (along with ob_extract_root_artifact in jobs that
     # download the artifact) to protect those file permissions from changing
     # during image build time.
     #
diff --git a/.pipelines/build/scripts/install-crane.sh b/.pipelines/build/scripts/install-crane.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -eux
+
+# Install crane (google/go-containerregistry) for daemonless container image extraction.
+# crane can pull and export image filesystems without a Docker daemon.
+# Go is pre-installed in the build container, so we use go install.
+# Rely on go install for supply chain security and reproducibility
+if ! command -v crane &> /dev/null; then
+  go install github.com/google/go-containerregistry/cmd/crane@v0.21.3
+  sudo mv "$(go env GOPATH)/bin/crane" /usr/local/bin/crane
+fi
+
+crane version
diff --git a/.pipelines/build/scripts/install-go.sh b/.pipelines/build/scripts/install-go.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Install Go by extracting it from the msft-go container image.
+# The golang image reference is read directly from the source Dockerfile for the
+# current image (identified by $name), keeping the pipeline in sync with the build.
+#
+# Priority:
+#   1. MSFT_GO_IMAGE env var (explicit override)
+#   2. Parsed from the source Dockerfile for $name
+#   3. Hardcoded fallback digest below
+#
+# To update the fallback, run:
+#   skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0 --format "{{.Name}}@{{.Digest}}"
+DEFAULT_IMAGE="mcr.microsoft.com/oss/go/microsoft/golang@sha256:3999f970bb52b7413ef9be2803173d4fd7f1f3c59362a98a0c78d155e3a0e59f"
+
+# Resolves the golang image from the source Dockerfile for the given $name.
+# Echoes the image reference, or empty string if it cannot be determined.
+resolve_go_image() {
+  if [[ "${name:-}" == "npm" ]]; then
+    # npm uses OS-specific Dockerfiles with a tag-based reference.
+    # The image may be field 2 (no --platform) or field 3 (with --platform),
+    # so extract the mcr.* token directly.
+    # e.g. FROM mcr.../golang:1.25.5 AS builder
+    # e.g. FROM --platform=linux/amd64 mcr.../golang:1.25.5 AS builder
+    local buildfile="${REPO_ROOT}/npm/${OS:-linux}.Dockerfile"
+    grep -m1 '^FROM.*golang' "${buildfile}" 2>/dev/null | grep -o 'mcr[^ ]*' || true
+
+  else
+    # All other images use a digest-pinned reference and always have --platform,
+    # making the image consistently field 3: FROM --platform=X IMAGE AS alias
+    local buildfile
+    if [[ "${name:-}" == "ipv6-hp-bpf" ]]; then
+      buildfile="${REPO_ROOT}/bpf-prog/ipv6-hp-bpf/linux.Dockerfile"
+    elif [[ -n "${name:-}" ]]; then
+      buildfile="${REPO_ROOT}/${name}/Dockerfile"
+    fi
+
+    if [[ -n "${buildfile:-}" && -f "${buildfile}" ]]; then
+      grep -m1 '^FROM.*golang' "${buildfile}" | awk '{print $3}' || true
+    fi
+  fi
+}
+
+if [[ -z "${MSFT_GO_IMAGE:-}" ]]; then
+  MSFT_GO_IMAGE="$(resolve_go_image)"
+  MSFT_GO_IMAGE="${MSFT_GO_IMAGE:-$DEFAULT_IMAGE}"
+fi
+
+ARCH="${ARCH:-amd64}"
+
+# Extract /usr/local/go from the image without needing a Docker daemon.
+# crane export streams the full image filesystem; we extract just usr/local/go.
+crane export --platform "linux/${ARCH}" "$MSFT_GO_IMAGE" - | sudo tar -xf - -C / usr/local/go
+
+echo "##vso[task.prependpath]/usr/local/go/bin"
diff --git a/Makefile b/Makefile
@@ -965,6 +965,10 @@ test-k8se2e-only: ## Run k8s network conformance test, use TYPE=basic for only d
 dockerfiles: renderkit ## Render all Dockerfile templates with current state of world
 	@make -f build/images.mk render PATH=cns
 	@make -f build/images.mk render PATH=cni
+	@make -f build/images.mk render PATH=azure-ipam
+	@make -f build/images.mk render PATH=azure-ip-masq-merger
+	@make -f build/images.mk render PATH=azure-iptables-monitor
+	@make -f build/images.mk render PATH=cilium-log-collector
 
 regenerate-crd: ## Regenerate CRDs
 	for makefile in $$(find ./crd/ -name "Makefile" -type f -printf '%h\n'); do \
diff --git a/azure-ip-masq-merger/Dockerfile b/azure-ip-masq-merger/Dockerfile
@@ -1,8 +1,10 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: azure-ip-masq-merger/Dockerfile.tmpl
 ARG ARCH
 ARG OS
 
-# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0 --format "{{.Name}}@{{.Digest}}"
-FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:3999f970bb52b7413ef9be2803173d4fd7f1f3c59362a98a0c78d155e3a0e59f AS go
+# mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:bc7423b52b62e8f0281b5f7f564eb1862dc315bc57e1373c6a81e87ef3ac39ab AS go
 
 FROM go AS azure-ip-masq-merger
 ARG OS
diff --git a/azure-ip-masq-merger/Dockerfile.tmpl b/azure-ip-masq-merger/Dockerfile.tmpl
@@ -0,0 +1,18 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC}}
+ARG ARCH
+ARG OS
+
+# {{.GO_IMG}}
+FROM --platform=linux/${ARCH} {{.GO_PIN}} AS go
+
+FROM go AS azure-ip-masq-merger
+ARG OS
+ARG VERSION
+WORKDIR /azure-ip-masq-merger
+COPY ./azure-ip-masq-merger .
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/ip-masq-merger -trimpath -ldflags "-s -w -X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
+
+FROM scratch AS linux
+COPY --from=azure-ip-masq-merger /go/bin/ip-masq-merger azure-ip-masq-merger
+ENTRYPOINT [ "/azure-ip-masq-merger" ]
diff --git a/azure-ipam/Dockerfile b/azure-ipam/Dockerfile
@@ -1,20 +1,22 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: azure-ipam/Dockerfile.tmpl
 ARG ARCH
 ARG DROPGZ_VERSION=v0.0.12
 ARG OS_VERSION
 ARG OS
 
-# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0 --format "{{.Name}}@{{.Digest}}"
-FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:3999f970bb52b7413ef9be2803173d4fd7f1f3c59362a98a0c78d155e3a0e59f AS go
+# mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:bc7423b52b62e8f0281b5f7f564eb1862dc315bc57e1373c6a81e87ef3ac39ab AS go
 
-# skopeo inspect docker://mcr.microsoft.com/azurelinux/base/core:3.0 --format "{{.Name}}@{{.Digest}}"
-FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:b46476be0b5c9691ad20f78871819950c01433bdfad81d72c61618f4a6202b25 AS mariner-core
+# mcr.microsoft.com/azurelinux/base/core:3.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:a452d39c91576f5a2c983c7d3b62521fabd08e16b4a7237e24bf2be3b06e1651 AS mariner-core
 
 FROM go AS azure-ipam
 ARG OS
 ARG VERSION
 WORKDIR /azure-ipam
 COPY ./azure-ipam .
-RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-ipam -trimpath -ldflags "-s -w -X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-ipam -trimpath -ldflags "-s -w -X main.version="$VERSION" -X github.com/Azure/azure-container-networking/azure-ipam/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" .
 
 FROM mariner-core AS compressor
 ARG OS
@@ -37,7 +39,8 @@ FROM scratch AS linux
 COPY --from=dropgz /go/bin/dropgz dropgz
 ENTRYPOINT [ "/dropgz" ]
 
-# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
-FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS hpc
+FROM hpc AS windows
 COPY --from=dropgz /go/bin/dropgz dropgz.exe
 ENTRYPOINT [ "/dropgz.exe" ]
diff --git a/azure-ipam/Dockerfile.tmpl b/azure-ipam/Dockerfile.tmpl
@@ -0,0 +1,46 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC}}
+ARG ARCH
+ARG DROPGZ_VERSION=v0.0.12
+ARG OS_VERSION
+ARG OS
+
+# {{.GO_IMG}}
+FROM --platform=linux/${ARCH} {{.GO_PIN}} AS go
+
+# {{.MARINER_CORE_IMG}}
+FROM --platform=linux/${ARCH} {{.MARINER_CORE_PIN}} AS mariner-core
+
+FROM go AS azure-ipam
+ARG OS
+ARG VERSION
+WORKDIR /azure-ipam
+COPY ./azure-ipam .
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-ipam -trimpath -ldflags "-s -w -X main.version="$VERSION" -X github.com/Azure/azure-container-networking/azure-ipam/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" .
+
+FROM mariner-core AS compressor
+ARG OS
+WORKDIR /payload
+COPY --from=azure-ipam /go/bin/* /payload
+COPY --from=azure-ipam /azure-ipam/*.conflist /payload
+RUN cd /payload && sha256sum * > sum.txt
+RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done
+
+FROM go AS dropgz
+ARG DROPGZ_VERSION
+ARG OS
+ARG VERSION
+RUN go mod download github.com/azure/azure-container-networking/dropgz@$DROPGZ_VERSION
+WORKDIR /go/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_VERSION
+COPY --from=compressor /payload/* pkg/embed/fs/
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/dropgz -trimpath -ldflags "-s -w -X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
+
+FROM scratch AS linux
+COPY --from=dropgz /go/bin/dropgz dropgz
+ENTRYPOINT [ "/dropgz" ]
+
+# {{.WIN_HPC_IMG}}
+FROM --platform=windows/${ARCH} {{.WIN_HPC_PIN}} AS hpc
+FROM hpc AS windows
+COPY --from=dropgz /go/bin/dropgz dropgz.exe
+ENTRYPOINT [ "/dropgz.exe" ]
diff --git a/azure-iptables-monitor/Dockerfile b/azure-iptables-monitor/Dockerfile
diff --git a/azure-iptables-monitor/Dockerfile.tmpl b/azure-iptables-monitor/Dockerfile.tmpl
diff --git a/bpf-prog/ipv6-hp-bpf/linux.Dockerfile b/bpf-prog/ipv6-hp-bpf/linux.Dockerfile
diff --git a/build/images.mk b/build/images.mk
diff --git a/cilium-log-collector/Dockerfile b/cilium-log-collector/Dockerfile
diff --git a/cilium-log-collector/Dockerfile.tmpl b/cilium-log-collector/Dockerfile.tmpl

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+# !! AUTOGENERATED - DO NOT EDIT !!`
	`2`	`+# SOURCE: .pipelines/build/dockerfiles/azure-ip-masq-merger.Dockerfile.tmpl`
`1`	`3`	`ARG ARCH`
`2`	`4`
`3`	`5`	`FROM scratch AS linux`