Skip to content

Laksh/cherry pick specific#2425

Open
LakshK98 wants to merge 3 commits into
microsoft:dev/v0.0.33-windowsfrom
LakshK98:laksh/cherry-pick-specific
Open

Laksh/cherry pick specific#2425
LakshK98 wants to merge 3 commits into
microsoft:dev/v0.0.33-windowsfrom
LakshK98:laksh/cherry-pick-specific

Conversation

@LakshK98

@LakshK98 LakshK98 commented Jun 8, 2026

Copy link
Copy Markdown

Description

Problem

The OB pipeline for tag v0.0.33-windows-rc.2 fails with two errors:

  1. kubectl_shell: docker build fails because target shell-target not found in cli/Dockerfile
  2. agent_win: output/windows_amd64/*.exe not found

Root cause: branch dev/v0.0.33-windows was created from commit 82d621c (May 7, 2025) and is missing upstream changes that restructured the Windows build pipeline.

Cherry-picked following commits to resolve the issue: 59c1655c (1946) and fd482c08 (#1997)

Related Issue

If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request.

Checklist

  • I have read the contributing documentation.
  • I signed and signed-off the commits (git commit -S -s ...). See this documentation on signing commits.
  • I have correctly attributed the author(s) of the code.
  • I have tested the changes locally.
  • I have followed the project's style guidelines.
  • I have updated the documentation, if necessary.
  • I have added tests, if applicable.

Screenshots (if applicable) or Testing Completed

Please add any relevant screenshots or GIFs to showcase the changes made.

Additional Notes

Add any additional notes or context about the pull request here.

Please refer to the CONTRIBUTING.md file for more information on how to contribute to this project.

carlotaarvela and others added 2 commits June 8, 2026 10:09
@carlotaarvela @kamilprz @LakshK98
feat(cli): CLI image with bash (microsoft#1946)
b278b62 
Create cli image that supports bash

- [ ] I have read the [contributing
documentation](https://retina.sh/docs/Contributing/overview).
- [ ] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [ ] I have correctly attributed the author(s) of the code.
- [ ] I have tested the changes locally.
- [ ] I have followed the project's style guidelines.
- [ ] I have updated the documentation, if necessary.
- [ ] I have added tests, if applicable.

Please add any relevant screenshots or GIFs to showcase the changes
made.

Add any additional notes or context about the pull request here.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

---------

Signed-off-by: Kamil <kamil.prz@gmail.com>
Co-authored-by: Kamil <kamil.prz@gmail.com>
@kamilprz @LakshK98
fix: CVE-2013-3900 - Updates to Windows image (microsoft#1997)
05dc5df 
This PR tackles CVE-2013-3900 which is present on the Windows images.
The Windows registry must be updated to mitigate the CVE, thus we had to
separate the our Windows/Linux build process, so that Windows runs on a
Windows host VM.

The Windows image build step is now separate into two steps. The
binaries are built as part of a separate Makefile target. The GitHub
Action runs this on an Ubuntu host (intentionally - its faster than on
Windows). The Windows 2019/2022 image build actions then use those
binaries to complete the build on their respective Windows based hosts.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900

- [x] I have read the [contributing
documentation](https://retina.sh/docs/Contributing/overview).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [] I have updated the documentation, if necessary.
- [] I have added tests, if applicable.

Vulnerability scan on pre-fix Windows 2022.
`ghcr.io/microsoft/retina/retina-agent:4895b43-windows-ltsc2022-amd64`
<img width="1156" height="165" alt="image"
src="https://github.com/user-attachments/assets/4f4f32b7-b7f1-4081-93ce-1af47c824727"
/>

Vulnerability scan after the fix. Doesn't detect the same CVE.
`ghcr.io/kamilprz/retina/retina-agent:357857e-windows-ltsc2022-amd64`
<img width="554" height="100" alt="image"
src="https://github.com/user-attachments/assets/69b75e58-1140-4760-b5d6-e3c3627b4523"
/>

Add any additional notes or context about the pull request here.

---------

Signed-off-by: Kamil <kamil.prz@gmail.com>
@LakshK98 LakshK98 requested a review from a team as a code owner June 8, 2026 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikeZappa87 MikeZappa87 Awaiting requested review from MikeZappa87 MikeZappa87 is a code owner automatically assigned from microsoft/retina

@carlotaarvela carlotaarvela Awaiting requested review from carlotaarvela carlotaarvela is a code owner automatically assigned from microsoft/retina

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LakshK98 @carlotaarvela @kamilprz