From 0702b7bcfb1c35970447257085478f4fcf633442 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Tue, 11 Nov 2025 23:17:45 +0900 Subject: [PATCH 1/2] ci-automation/release: Set up rclone config for mapping into container The wrong variable was used to set up the mapping of the rclone config into the rclone container and it wasn't set up in the right function. Move it into the right function and use the right variable name but also don't rely on /proc/PID/fd/FD to be mappable into the container but instead use a regular temp file. Signed-off-by: Kai Lueke --- ci-automation/release.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ci-automation/release.sh b/ci-automation/release.sh index c17312aa64..5074297ce5 100644 --- a/ci-automation/release.sh +++ b/ci-automation/release.sh @@ -91,8 +91,6 @@ function _inside_mantle() { secret_to_file gcp_json_key_path "${GCP_JSON_KEY}" google_release_credentials_file="" secret_to_file google_release_credentials_file "${GOOGLE_RELEASE_CREDENTIALS}" - rclone_configuration_file="" - secret_to_file rclone_configuration_file "${RCLONE_CONFIGURATION_FILE}" for platform in aws azure; do for arch in amd64 arm64; do @@ -164,13 +162,21 @@ function copy_from_bincache_to_bucket() { local arch="${2}" local version="${3}" + rclone_configuration_file="$(mktemp)" + chmod 600 "${rclone_configuration_file}" + + ( + trap "rm -f ${rclone_configuration_file}" EXIT + echo "${RCLONE_CONFIGURATION_FILE}" | base64 --decode > "${rclone_configuration_file}" + echo "Copying the images from bincache to CloudFlare bucket" docker run --rm \ - -v "${RCLONE_CONFIGURATION_FILE}:/opt/rclone.conf:ro" \ + -v "${rclone_configuration_file}:/opt/rclone.conf:ro" \ docker.io/rclone/rclone:1.71.1 \ --config "/opt/rclone.conf" \ sync \ --http-url "https://${BUILDCACHE_SERVER}/images/${arch}/${version}" :http: "r2:flatcar/${channel}/${arch}-usr/${version}" + ) # Note: There is no "current" symlink and when switching the release to current we # could at a later stage (when the update payloads are selected in Nebraska) either # use folder copies where we delete the old "current" folder first, or we could From 39a03b4f8f75ed1bf47f2837d45e9851634d41a0 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Tue, 11 Nov 2025 23:22:17 +0900 Subject: [PATCH 2/2] ci-automation/release.sh: Update comment about current state Signed-off-by: Kai Lueke --- ci-automation/release.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ci-automation/release.sh b/ci-automation/release.sh index 5074297ce5..0f20ed4cca 100644 --- a/ci-automation/release.sh +++ b/ci-automation/release.sh @@ -177,11 +177,6 @@ function copy_from_bincache_to_bucket() { sync \ --http-url "https://${BUILDCACHE_SERVER}/images/${arch}/${version}" :http: "r2:flatcar/${channel}/${arch}-usr/${version}" ) - # Note: There is no "current" symlink and when switching the release to current we - # could at a later stage (when the update payloads are selected in Nebraska) either - # use folder copies where we delete the old "current" folder first, or we could - # use a clever Caddy redirect to make "current" point to the wanted version for - # each channel. } function publish_sdk() { @@ -249,12 +244,13 @@ function _release_build_impl() { echo "====" - # Future: trigger copy to Origin in a secure way # Future: trigger update payload signing + + # In separate unified pipeline with sub jobs per channel? # Future: trigger website update # Future: trigger release email sending # Future: trigger push to nebraska - # Future: trigger Origin symlink switch + # Future: trigger Origin current-release.txt switch } TEMPLATE='