ci-automation: Generate digests files for the built artifacts

2025-09-22 22:21:10 +02:00 · 2022-07-11 20:09:58 +02:00 · 2022-07-11 20:09:58 +02:00 · 4e6f44e7b8
commit 4e6f44e7b8
parent d475d36766
6 changed files with 19 additions and 6 deletions
--- a/ci-automation/ci_automation_common.sh
+++ b/ci-automation/ci_automation_common.sh
@ -187,7 +187,8 @@ function docker_image_to_buildcache() {
    local tarball="$(basename "$image")-${version}.tar.gz"

    $docker save "${image}":"${version}" | $PIGZ -c > "${tarball}"
-    sign_artifacts "${SIGNER:-}" "${tarball}"
+    create_digests "${SIGNER:-}" "${tarball}"
+    sign_artifacts "${SIGNER:-}" "${tarball}"*
    copy_to_buildcache "containers/${version}" "${tarball}"*
 }
 # --
--- a/ci-automation/image.sh
+++ b/ci-automation/image.sh
@ -39,6 +39,7 @@
 #   2. "./ci-cleanup.sh" with commands to clean up temporary build resources,
 #        to be run after this step finishes / when this step is aborted.
 #   3. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
+#   4. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.

 function image_build() {
    # Run a subshell, so the traps, environment changes and global
@ -105,6 +106,7 @@ function _image_build_impl() {

    # Delete uncompressed generic image before signing and upload
    rm "images/latest/flatcar_production_image.bin" "images/latest/flatcar_production_update.bin"
+    create_digests "${SIGNER}" "images/latest/"*
    sign_artifacts "${SIGNER}" "images/latest/"*
    copy_to_buildcache "images/${arch}/${vernum}/" "images/latest/"*

--- a/ci-automation/packages.sh
+++ b/ci-automation/packages.sh
@ -64,6 +64,7 @@
 #   3. "./ci-cleanup.sh" with commands to clean up temporary build resources,
 #        to be run after this step finishes / when this step is aborted.
 #   4. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
+#   5. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.

 function packages_build() {
    # Run a subshell, so the traps, environment changes and global
@ -175,9 +176,12 @@ function _packages_build_impl() {
    docker_commit_to_buildcache "${packages_container}" "${packages_image}" "${docker_vernum}"

    # Publish torcx manifest and docker tarball to "images" cache so tests can pull it later.
-    sign_artifacts "${SIGNER}" \
+    create_digests "${SIGNER}" \
        "${torcx_tmp}/torcx/${arch}-usr/latest/torcx_manifest.json" \
        "${torcx_tmp}/torcx/pkgs/${arch}-usr/docker/"*/*.torcx.tgz
+    sign_artifacts "${SIGNER}" \
+        "${torcx_tmp}/torcx/${arch}-usr/latest/torcx_manifest.json"* \
+        "${torcx_tmp}/torcx/pkgs/${arch}-usr/docker/"*/*.torcx.tgz*
    copy_to_buildcache "images/${arch}/${vernum}/torcx" \
        "${torcx_tmp}/torcx/${arch}-usr/latest/torcx_manifest.json"*
    copy_to_buildcache "images/${arch}/${vernum}/torcx" \
--- a/ci-automation/sdk_bootstrap.sh
+++ b/ci-automation/sdk_bootstrap.sh
@ -56,6 +56,7 @@
 #   3. "./ci-cleanup.sh" with commands to clean up temporary build resources,
 #        to be run after this step finishes / when this step is aborted.
 #   4. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
+#   5. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.

 function sdk_bootstrap() {
    # Run a subshell, so the traps, environment changes and global
@ -141,9 +142,11 @@ function _sdk_bootstrap_impl() {
    local uid=$(id --user)
    local gid=$(id --group)
    sudo chown --recursive "${uid}:${gid}" __build__
-    cd "__build__/images/catalyst/builds/flatcar-sdk"
-    sign_artifacts "${SIGNER}" "${dest_tarball}"*
-    copy_to_buildcache "sdk/${ARCH}/${FLATCAR_SDK_VERSION}" "${dest_tarball}"*
-    cd -
+    (
+      cd "__build__/images/catalyst/builds/flatcar-sdk"
+      create_digests "${SIGNER}" "${dest_tarball}"
+      sign_artifacts "${SIGNER}" "${dest_tarball}"*
+      copy_to_buildcache "sdk/${ARCH}/${FLATCAR_SDK_VERSION}" "${dest_tarball}"*
+    )
 }
 # --
--- a/ci-automation/sdk_container.sh
+++ b/ci-automation/sdk_container.sh
@ -37,6 +37,7 @@
 #   2. "./ci-cleanup.sh" with commands to clean up temporary build resources,
 #        to be run after this step finishes / when this step is aborted.
 #   3. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
+#   4. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.

 function sdk_container_build() {
    # Run a subshell, so the traps, environment changes and global
--- a/ci-automation/vms.sh
+++ b/ci-automation/vms.sh
@ -42,6 +42,7 @@
 #   2. "./ci-cleanup.sh" with commands to clean up temporary build resources,
 #        to be run after this step finishes / when this step is aborted.
 #   3. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
+#   4. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.

 function vm_build() {
    # Run a subshell, so the traps, environment changes and global
@ -131,6 +132,7 @@ function _vm_build_impl() {
        -v "${vernum}" \
        mv "${CONTAINER_IMAGE_ROOT}/${arch}-usr/" "./${images_out}/"

+    create_digests "${SIGNER}" "images/latest/"*
    sign_artifacts "${SIGNER}" "images/latest/"*
    copy_to_buildcache "images/${arch}/${vernum}/" "images/latest/"*
 }