From 1791ed068c4f70aebfcc98dcf340932f7be5e577 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Wed, 18 Dec 2024 17:48:53 +0100
Subject: [PATCH 1/9] chore: rename local for disk size

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 build-jenkins-agent-windows.pkr.hcl | 2 +-
 locals.pkr.hcl                      | 2 +-
 sources.pkr.hcl                     | 5 +----
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index eae40a806..b6c388910 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -9,7 +9,7 @@ build {
     image_sku       = "${var.agent_os_version}-datacenter-core-g2"
     image_version   = try(local.images_versions["azure"]["windows"][var.agent_os_version][var.architecture], "N/A")
     os_type         = "Windows"
-    os_disk_size_gb = local.windows_disk_size_gb
+    os_disk_size_gb = local.disk_size_gb
     winrm_insecure  = true
     winrm_timeout   = "20m"
     winrm_use_ssl   = true
diff --git a/locals.pkr.hcl b/locals.pkr.hcl
index 9e2a8d11f..f2530bf48 100644
--- a/locals.pkr.hcl
+++ b/locals.pkr.hcl
@@ -34,7 +34,7 @@ locals {
     "staging_packer_images" = ["East US 2"]
     "dev_packer_images"     = ["East US 2"]
   }
-  windows_disk_size_gb = 150 # Must be greater than 127 Gb to allow Azure template to work with
+  disk_size_gb = 150 # Must be greater than 127 Gb to allow Azure template for Windows
   provisioning_env_vars = concat(
     [for key, value in yamldecode(file(var.provision_env_file)) : "${upper(key)}=${value}"],
     [
diff --git a/sources.pkr.hcl b/sources.pkr.hcl
index cb8f02835..46ee85f58 100644
--- a/sources.pkr.hcl
+++ b/sources.pkr.hcl
@@ -1,16 +1,13 @@
 # This source defines all the common settings for any AWS AMI (whatever Operating System)
 source "amazon-ebs" "base" {
-
-
   ami_name      = "${local.image_name}-${var.architecture}-${local.now_unix_timestamp}"
   instance_type = local.aws_instance_types[var.architecture]
 
-
   # Define custom rootfs for build to avoid later filesystem extension during agent startups
   launch_block_device_mappings {
     delete_on_termination = true
     device_name           = "/dev/sda1"
-    volume_size           = local.windows_disk_size_gb # TODO: check if we can rename this local to cover both windows and Ubuntu
+    volume_size           = local.disk_size_gb # TODO: check if we can rename this local to cover both windows and Ubuntu
     volume_type           = "gp3"
   }
 

From 56a18537b51a80cbcb42747752968eb346373315 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Wed, 18 Dec 2024 18:14:27 +0100
Subject: [PATCH 2/9] feat(windows) add AWS EC2 builds (2019 and 2022) #1611

Note: partial revert of https://github.com/jenkins-infra/packer-images/pull/734

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 Jenkinsfile_k8s                     | 32 +----------------------------
 build-jenkins-agent-ubuntu.pkr.hcl  |  4 +---
 build-jenkins-agent-windows.pkr.hcl | 22 ++++++++++++++++++++
 locals.pkr.hcl                      |  3 +--
 sources.pkr.hcl                     |  5 ++++-
 5 files changed, 29 insertions(+), 37 deletions(-)

diff --git a/Jenkinsfile_k8s b/Jenkinsfile_k8s
index 1575e5768..ea08a2c9a 100644
--- a/Jenkinsfile_k8s
+++ b/Jenkinsfile_k8s
@@ -95,7 +95,7 @@ pipeline {
           }
         }
         excludes {
-          // Only build Ubuntu images for arm64 CPU in AWS (notValues)
+          // Only build arm64 VMs when OS is Ubuntu (notValues) as Windows Server amr64 does not exist anywhere
           exclude {
             axis {
               name 'cpu_architecture'
@@ -105,36 +105,6 @@ pipeline {
               name 'agent_type'
               notValues 'ubuntu-22.04'
             }
-            axis {
-              name 'compute_type'
-              values 'amazon-ebs'
-            }
-          }
-          // Exclude 'amazon-ebs' Windows builds while testing for Linux AMI
-          exclude {
-            axis {
-              name 'agent_type'
-              values 'windows-2019', 'windows-2022'
-            }
-            axis {
-              name 'compute_type'
-              values 'amazon-ebs'
-            }
-          }
-          // Only build Ubuntu images for arm64 CPU in Azure (notValues)
-          exclude {
-            axis {
-              name 'cpu_architecture'
-              values 'arm64'
-            }
-            axis {
-              name 'agent_type'
-              notValues 'ubuntu-22.04'
-            }
-            axis {
-              name 'compute_type'
-              values 'azure-arm'
-            }
           }
           // No build on Windows or Docker, not yet implemented
           exclude {
diff --git a/build-jenkins-agent-ubuntu.pkr.hcl b/build-jenkins-agent-ubuntu.pkr.hcl
index 4fc58a078..eb7ea2c83 100644
--- a/build-jenkins-agent-ubuntu.pkr.hcl
+++ b/build-jenkins-agent-ubuntu.pkr.hcl
@@ -6,8 +6,6 @@ build {
   source "amazon-ebs.base" {
     name         = "ubuntu"
     ssh_username = "ubuntu"
-    # Egg-and-chicken: what is the base image to start from (eg. what is my egg)?
-    source_ami = try(local.images_versions["aws"]["ubuntu"][var.agent_os_version][var.architecture], "N/A")
   }
 
   source "azure-arm.base" {
@@ -17,7 +15,7 @@ build {
     image_publisher = "canonical"
     # List available SKUs with the command `az vm image list-skus --offer 0001-com-ubuntu-server-jammy --location eastus --publisher canonical --output table`
     image_sku = local.az_instance_image_sku[var.architecture]
-    image_version = try(local.images_versions["azure"]["ubuntu"][var.agent_os_version][var.architecture], "N/A")
+    image_version = try(local.images_versions["azure"][var.agent_os_type][var.agent_os_version][var.architecture], "N/A")
     os_type   = "Linux"
   }
 
diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index b6c388910..b9841e2ed 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -1,4 +1,14 @@
 build {
+  source "amazon-ebs.base" {
+    name           = "windows"
+    communicator   = "winrm"
+    user_data_file = "./provisioning/setupWinRM.ps1"
+    winrm_insecure = true
+    winrm_timeout  = "20m"
+    winrm_use_ssl  = true
+    winrm_username = local.windows_winrm_user[var.image_type]
+  }
+
   source "azure-arm.base" {
     name         = "windows"
     communicator = "winrm"
@@ -131,4 +141,16 @@ build {
       "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10  } else { break } }"
     ]
   }
+
+  # This provisioner must be the last for AWS EBS builds, after reboots
+  provisioner "powershell" {
+    only              = ["amazon-ebs.windows"]
+    elevated_user     = local.windows_winrm_user[var.image_type]
+    elevated_password = build.Password
+
+    inline = [
+      "& 'C:/Program Files/Amazon/EC2Launch/ec2launch' reset --block",
+      "& 'C:/Program Files/Amazon/EC2Launch/ec2launch' sysprep --block",
+    ]
+  }
 }
diff --git a/locals.pkr.hcl b/locals.pkr.hcl
index f2530bf48..562cb18a4 100644
--- a/locals.pkr.hcl
+++ b/locals.pkr.hcl
@@ -5,7 +5,6 @@ locals {
   image_name            = format("jenkins-agent-%s-%s-%s", var.agent_os_type, var.agent_os_version, var.architecture)
   unique_image_name     = format("%s-%s", local.image_name, local.now_unix_timestamp)
 
-
   aws_instance_types = {
     "amd64" = "t3.xlarge"
     "arm64" = "t4g.xlarge"
@@ -19,7 +18,7 @@ locals {
   windows_winrm_user = {
     "azure-arm" = "packer"
     "docker"    = "packer"
-    "amazon-ebs" = "Administrator"
+    "amazon-ebs" = "Administrator" # In AWS EC2, WinRM super admin must be the "Administrator" account
   }
 
   images_versions = yamldecode(file("./images-versions.yaml"))
diff --git a/sources.pkr.hcl b/sources.pkr.hcl
index 46ee85f58..2b1752681 100644
--- a/sources.pkr.hcl
+++ b/sources.pkr.hcl
@@ -3,6 +3,10 @@ source "amazon-ebs" "base" {
   ami_name      = "${local.image_name}-${var.architecture}-${local.now_unix_timestamp}"
   instance_type = local.aws_instance_types[var.architecture]
 
+  # Egg-and-chicken: what is the base image to start from (eg. what is my egg)?
+  # Note: tracked by updatecli
+  source_ami = try(local.images_versions["aws"][var.agent_os_type][var.agent_os_version][var.architecture], "N/A")
+
   # Define custom rootfs for build to avoid later filesystem extension during agent startups
   launch_block_device_mappings {
     delete_on_termination = true
@@ -17,7 +21,6 @@ source "amazon-ebs" "base" {
     var.aws_destination_region
   ]
 
-
   # To improve audit and garbage collecting, we provide tags
   tags = {
     Name          = "${local.image_name}-Packer-${var.architecture}"

From 2d1694ec467a58b8ebf94fcdf9e46de8f8a6b0eb Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Wed, 18 Dec 2024 18:08:05 +0100
Subject: [PATCH 3/9] wip: add base AMI ID for Windows 2019 + 2022. Also track
 them with updatecli manifests.

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>

fixup

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 images-versions.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/images-versions.yaml b/images-versions.yaml
index 1a7949ea5..a5486e4e4 100644
--- a/images-versions.yaml
+++ b/images-versions.yaml
@@ -14,6 +14,11 @@ aws:
     "22.04":
       amd64: ami-09ab820c5a11a5cf7
       arm64: ami-011c271ddbf145636
+  windows:
+    "2019":
+      amd64: ami-08b54f8d132ebd12d
+    "2022":
+      amd64: ami-091cb95e3a8474173
 docker:
   ubuntu:
     "22.04":

From 71f933964a51528b1df531a87522c86887de2b2d Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Wed, 18 Dec 2024 18:29:56 +0100
Subject: [PATCH 4/9] feat(aws) enforce IMDS v2

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 sources.pkr.hcl | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sources.pkr.hcl b/sources.pkr.hcl
index 2b1752681..83408a609 100644
--- a/sources.pkr.hcl
+++ b/sources.pkr.hcl
@@ -15,6 +15,14 @@ source "amazon-ebs" "base" {
     volume_type           = "gp3"
   }
 
+  # Enforce IMDS v2 as per https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
+  imds_support = "v2.0"
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens = "required"
+    http_put_response_hop_limit = 1 # Do not allow access to IMDS through NAT-ed containers
+    instance_metadata_tags = "disabled"
+  }
 
   # Where to export the AMI
   ami_regions = [

From 417eaa87ef6eb9e01b4103d1900baea47d2b21ad Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Wed, 18 Dec 2024 18:31:01 +0100
Subject: [PATCH 5/9] cleanup: remove unused `install-packer` script

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 install-packer.sh | 65 -----------------------------------------------
 1 file changed, 65 deletions(-)
 delete mode 100755 install-packer.sh

diff --git a/install-packer.sh b/install-packer.sh
deleted file mode 100755
index 5a09cbec7..000000000
--- a/install-packer.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-# install-packer: install packer for the current architecture,
-#  in the directory specified as 1st argument, in the version specified as 2nd argument
-
-packer_install_dir="${1:?First argument missing: directory where to install packer.}"
-packer_version="${2:?Second argument missing: version of packer to install.}"
-
-set -eu -o pipefail
-
-packer_cmd="packer"
-temp_dir="$(mktemp -d)"
-mkdir -p "${packer_install_dir}"
-
-## check if packer exists or install it
-echo "===================================="
-
-## Check for presence of requirements or fail fast
-for cli in curl unzip
-do
-  if ! command -v $cli >/dev/null 2>&1
-  then
-    echo "ERROR: command line ${cli} required but not found. Exiting."
-    exit 1
-  fi
-done
-
-echo "= Installing Packer version ${packer_version} to ${packer_install_dir}"
-
-if ! command -v ${packer_cmd} >/dev/null 2>&1
-then
-  if test -x "${packer_install_dir}/${packer_cmd}"
-  then
-    packer_cmd="${packer_install_dir}/packer"
-  else
-    echo "Detecting CPU architecture..."
-    arch=$(uname -m)
-    if [[ $arch == x86_64* ]]; then
-        echo "X64 Architecture"
-        packer_download_url="https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_amd64.zip"
-    elif [[ $arch == i*86 ]]; then
-        echo "X32 Architecture"
-        packer_download_url="https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_386.zip"
-    elif [[ $arch == arm* ]]; then
-        echo "ARM Architecture 32b"
-        packer_download_url="https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_arm.zip"
-    elif [[ $arch == aarch64 ]]; then
-        echo "ARM Architecture 64b"
-        packer_download_url="https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_arm64.zip"
-    else
-        echo "ERROR: unknwon architecture (${arch}). Exiting."
-        exit 2
-    fi
-
-    zip_file="${temp_dir}/packer.zip"
-    curl -sSL -o "${zip_file}" "${packer_download_url}"
-    unzip "${zip_file}" -d "${packer_install_dir}"
-    packer_cmd="${packer_install_dir}/packer"
-  fi
-fi
-
-echo "= Packer installed, running sanity check (command '${packer_cmd} version')..."
-"${packer_cmd}" version
-echo "===================================="
-
-exit 0

From 80a8b89f7a183215ccce69e2798dbb1c50d2b84d Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Thu, 19 Dec 2024 11:22:15 +0100
Subject: [PATCH 6/9] tests(windows) run less tests concurrently, fine tune
 provisioner pauses and prelaunch hadolint to avoid timeouts

- Note about `goss`: default for MaxConcurrent seems to be 50 - https://github.com/goss-org/goss/blob/00e9355293bbe8b554f8b874cced6a55aa92ffd4/util/config.go\#L79

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 build-jenkins-agent-windows.pkr.hcl | 18 ++++++------------
 provisioning/windows-provision.ps1  |  6 +++++-
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index b9841e2ed..9b9fd11aa 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -60,19 +60,18 @@ build {
   }
 
   provisioner "file" {
+    # Previous provisioner might restart
     pause_before = "1m"
     source       = "./provisioning/addSSHPubKey.ps1"
     destination  = "C:/"
   }
 
   provisioner "file" {
-    pause_before = "1m"
     source       = "./provisioning/visualstudio.vsconfig"
     destination  = "C:/"
   }
 
   provisioner "powershell" {
-    pause_before      = "1m"
     environment_vars  = local.provisioning_env_vars
     elevated_user     = local.windows_winrm_user[var.image_type]
     elevated_password = build.Password
@@ -83,6 +82,8 @@ build {
   # ref. https:#www.packer.io/docs/builders/azure/arm#windows
   provisioner "windows-restart" {
     max_retries = 3
+    # Previous provisioner might restart
+    pause_before = "1m"
   }
 
   provisioner "file" {
@@ -111,20 +112,13 @@ build {
   }
 
   provisioner "powershell" {
-    pause_before     = "2m" # long pause as 1m is not enough
     environment_vars = local.provisioning_env_vars
     inline = [
       "$ErrorActionPreference = 'Stop'",
       "goss --version",
-      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate",
-      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate",
-      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate",
-    ]
-  }
-
-  provisioner "powershell" {
-    environment_vars = local.provisioning_env_vars
-    inline = [
+      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate",
+      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate",
+      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-common.yaml --loglevel DEBUG validate",
       "Remove-Item -Force C:/goss-windows.yaml",
       "Remove-Item -Force C:/goss-common.yaml",
       "Remove-Item -Force C:/visualstudio.vsconfig",
diff --git a/provisioning/windows-provision.ps1 b/provisioning/windows-provision.ps1
index 262b31404..5905e3389 100644
--- a/provisioning/windows-provision.ps1
+++ b/provisioning/windows-provision.ps1
@@ -165,7 +165,11 @@ $downloads = [ordered]@{
     };
     'hadolint' = @{
         'url' = 'https://github.com/hadolint/hadolint/releases/download/v{0}/hadolint-Windows-x86_64.exe' -f $env:HADOLINT_VERSION;
-        'local' = "$baseDir\hadolint.exe"
+        'local' = "$baseDir\hadolint.exe";
+        'postExpand' = {
+            ## First call to hadolint is slow (initialize some local resources). Lets pre-heat it to avoid timeouts during tests later
+            & "$baseDir\hadolint.exe" -v;
+        };
     };
     'cst' = @{
         'url' = 'https://github.com/GoogleContainerTools/container-structure-test/releases/download/v{0}/container-structure-test-windows-amd64.exe' -f $env:CST_VERSION;

From db45ea3ee44bf187608244723d8ca278dfcd6c39 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Thu, 19 Dec 2024 22:02:52 +0100
Subject: [PATCH 7/9] fixup: goss flag

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 build-jenkins-agent-windows.pkr.hcl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index 9b9fd11aa..3109fdd33 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -116,9 +116,9 @@ build {
     inline = [
       "$ErrorActionPreference = 'Stop'",
       "goss --version",
-      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate",
-      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate",
-      "goss --use-alpha=1 --max-concurrent=10 --gossfile C:/goss-common.yaml --loglevel DEBUG validate",
+      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate --max-concurrent=10 ",
+      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate --max-concurrent=10 ",
+      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate --max-concurrent=10 ",
       "Remove-Item -Force C:/goss-windows.yaml",
       "Remove-Item -Force C:/goss-common.yaml",
       "Remove-Item -Force C:/visualstudio.vsconfig",

From 69c099e197ccdd7b6b6763324da28ac3bf499976 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Fri, 20 Dec 2024 08:13:10 +0100
Subject: [PATCH 8/9] wip: sequential tests

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 build-jenkins-agent-windows.pkr.hcl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index 3109fdd33..c82b097de 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -116,9 +116,9 @@ build {
     inline = [
       "$ErrorActionPreference = 'Stop'",
       "goss --version",
-      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate --max-concurrent=10 ",
-      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate --max-concurrent=10 ",
-      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate --max-concurrent=10 ",
+      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate --max-concurrent=1",
+      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate --max-concurrent=1",
+      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate --max-concurrent=1",
       "Remove-Item -Force C:/goss-windows.yaml",
       "Remove-Item -Force C:/goss-common.yaml",
       "Remove-Item -Force C:/visualstudio.vsconfig",

From 84b877622a9548a93c03b4517a1129358ed50b09 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Fri, 20 Dec 2024 09:33:11 +0100
Subject: [PATCH 9/9] fixups

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 build-jenkins-agent-windows.pkr.hcl | 6 +++---
 tests/goss-common.yaml              | 5 -----
 tests/goss-linux.yaml               | 5 +++++
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/build-jenkins-agent-windows.pkr.hcl b/build-jenkins-agent-windows.pkr.hcl
index c82b097de..1738db46a 100644
--- a/build-jenkins-agent-windows.pkr.hcl
+++ b/build-jenkins-agent-windows.pkr.hcl
@@ -116,9 +116,9 @@ build {
     inline = [
       "$ErrorActionPreference = 'Stop'",
       "goss --version",
-      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate --max-concurrent=1",
-      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate --max-concurrent=1",
-      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate --max-concurrent=1",
+      "goss --use-alpha=1 --gossfile C:/goss-windows-${var.agent_os_version}.yaml --loglevel DEBUG validate --max-concurrent=4",
+      "goss --use-alpha=1 --gossfile C:/goss-windows.yaml --loglevel DEBUG validate --max-concurrent=4",
+      "goss --use-alpha=1 --gossfile C:/goss-common.yaml --loglevel DEBUG validate --max-concurrent=4",
       "Remove-Item -Force C:/goss-windows.yaml",
       "Remove-Item -Force C:/goss-common.yaml",
       "Remove-Item -Force C:/visualstudio.vsconfig",
diff --git a/tests/goss-common.yaml b/tests/goss-common.yaml
index 3884b3134..8c5b82938 100644
--- a/tests/goss-common.yaml
+++ b/tests/goss-common.yaml
@@ -51,11 +51,6 @@ command:
     exit-status: 0
     stdout:
       - 0.4.9
-  hadolint:
-    exec: hadolint -v
-    exit-status: 0
-    stdout:
-      - 2.12.0
   jq:
     exec: jq --version
     exit-status: 0
diff --git a/tests/goss-linux.yaml b/tests/goss-linux.yaml
index 6da94f3ed..2aa1d3b09 100644
--- a/tests/goss-linux.yaml
+++ b/tests/goss-linux.yaml
@@ -37,6 +37,11 @@ command:
     exit-status: 0
     stdout:
       - 1.55.2
+  hadolint:
+    exec: hadolint --version
+    exit-status: 0
+    stdout:
+      - 2.12.0
   helm:
     exec: helm version
     exit-status: 0