mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
1ecea3544f
flatcar-scripts/ci-automation/release.sh
Kai Lueke b30654ef22 ci-automation: Prepare release job 
The old pipeline had a release job where mantle's plume release tool
was invoked to publish the cloud images.
Implement a release job in the new pipeline with the same goals and
eventually even more automation.
2022-09-05 11:41:41 +02:00

108 lines
4.5 KiB
Bash
Raw Blame History

#!/bin/bash
# Copyright (c) 2022 The Flatcar Maintainers.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# >>> This file is supposed to be SOURCED from the repository ROOT. <<<
#
# release_build() is currently called with no positional INPUT parameters but uses the signing env vars.
# Release build automation stub.
# This script will release the image build from bincache to the cloud offers.
#
# PREREQUISITES:
#
# 1. SDK version and OS image version are recorded in sdk_container/.repo/manifests/version.txt
# 2. Scripts repo version tag of OS image version to be built is available and checked out.
# 3. Mantle container docker image reference is stored in sdk_container/.repo/manifests/mantle-container.
# 4. Vendor image and torcx docker tarball + manifest to run tests for are available on buildcache
# ( images/[ARCH]/[FLATCAR_VERSION]/ )
# 5. SDK container is either
# - available via ghcr.io/flatcar-linux/flatcar-sdk-[ARCH]:[VERSION] (official SDK release)
# OR
# - available via build cache server "/containers/[VERSION]/flatcar-sdk-[ARCH]-[VERSION].tar.gz"
# (dev SDK)
#
# INPUT:
#
# (none)
#
# OPTIONAL INPUT:
#
# 1. SIGNER. Environment variable. Name of the owner of the artifact signing key.
# Defaults to nothing if not set - in such case, artifacts will not be signed.
# If provided, SIGNING_KEY environment variable should also be provided, otherwise this environment variable will be ignored.
#
# 2. SIGNING_KEY. Environment variable. The artifact signing key.
# Defaults to nothing if not set - in such case, artifacts will not be signed.
# If provided, SIGNER environment variable should also be provided, otherwise this environment variable will be ignored.
#
# OUTPUT:
#
# 1. The cloud images are published with mantle's plume and ore tools
# 2. The AWS AMI text files are pushed to buildcache ( images/[ARCH]/[FLATCAR_VERSION]/ )
# 3. "./ci-cleanup.sh" with commands to clean up temporary build resources,
# to be run after this step finishes / when this step is aborted.
# 4. If signer key was passed, signatures of artifacts from point 1, pushed along to buildcache.
# 5. DIGESTS of the artifacts from point 1, pushed to buildcache. If signer key was passed, armored ASCII files of the generated DIGESTS files too, pushed to buildcache.
function release_build() {
# Run a subshell, so the traps, environment changes and global
# variables are not spilled into the caller.
(
set -euo pipefail
_release_build_impl "${@}"
)
}
function _inside_mantle() {
# Run a subshell for the same reasons as above
(
set -euo pipefail
source ci-automation/ci_automation_common.sh
source sdk_container/.repo/manifests/version.txt
# TODO: set up credentials
# TODO: run mantle pre-release and release for all platforms
# (needs changes in mantle to consume from buildcache via https)
# TODO: run ore for AWS marketplace upload
)
}
function _release_build_impl() {
source ci-automation/ci_automation_common.sh
source ci-automation/gpg_setup.sh
init_submodules
source sdk_container/.repo/manifests/version.txt
local sdk_version="${FLATCAR_SDK_VERSION}"
local docker_sdk_vernum="$(vernum_to_docker_image_version "${sdk_version}")"
local vernum="${FLATCAR_VERSION}"
local docker_vernum="$(vernum_to_docker_image_version "${vernum}")"
local container_name="flatcar-publish-${docker_vernum}"
local mantle_ref
mantle_ref=$(cat sdk_container/.repo/manifests/mantle-container)
# A job on each worker prunes old mantle images (docker image prune), no need to do it here
echo "docker rm -f '${container_name}'" >> ./ci-cleanup.sh
touch sdk_container/.env # This file should already contain the required credentials as env vars
docker run --pull always --rm --name="${container_name}" --net host \
-w /work -v "$PWD":/work "${mantle_ref}" bash -c "source ci-automation/release.sh; _inside_mantle"
# TODO: sign and copy resulting AMI text file to buildcache
# TODO: run CF template update
# TODO: publish SDK container image if not published yet (i.e., on new majors)
echo "===="
echo "Done, now you can copy the images to Origin"
echo "===="
# Future: trigger copy to Origin in a secure way
# Future: trigger update payload signing
# Future: trigger website update
# Future: trigger release email sending
# Future: trigger push to nebraska
# Future: trigger Origin symlink switch
}
Reference in New Issue View Git Blame Copy Permalink