build an rot-all TUF repo with staging/dev and prod/rel images

oxidecomputer · Oct 17, 2023 · 60cddbc · 60cddbc
1 parent 15d59b1
commit 60cddbc
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/.github/buildomat/jobs/tuf-repo.sh b/.github/buildomat/jobs/tuf-repo.sh
@@ -25,6 +25,21 @@
 #: job = "helios / build trampoline OS image"
 #:
 #: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.parta"
+#: from_output = "/work/repo-rot-all.zip.parta"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.partb"
+#: from_output = "/work/repo-rot-all.zip.partb"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.sha256.txt"
+#: from_output = "/work/repo-rot-all.zip.sha256.txt"
+#:
+#: [[publish]]
 #: series = "rot-prod-rel"
 #: name = "repo.zip.parta"
 #: from_output = "/work/repo-rot-prod-rel.zip.parta"
@@ -168,6 +183,38 @@ caboose_util_rot() {
 }
 
 SERIES_LIST=()
+
+# Create an initial `manifest-rot-all.toml` containing the SP images for all
+# boards. While we still need to build multiple TUF repos,
+# `add_hubris_artifacts` below will append RoT images to this manifest (in
+# addition to the single-RoT manifest it creates).
+prep_rot_all_series() {
+    series="rot-all"
+
+    SERIES_LIST+=("$series")
+
+    manifest=/work/manifest-$series.toml
+    cp /work/manifest.toml "$manifest"
+
+    for board_rev in "${ALL_BOARDS[@]}"; do
+        board=${board_rev%-?}
+        tufaceous_board=${board//sidecar/switch}
+        sp_image="/work/hubris/${board_rev}.zip"
+        sp_caboose_version=$(/work/caboose-util read-version "$sp_image")
+        sp_caboose_board=$(/work/caboose-util read-board "$sp_image")
+
+        cat >>"$manifest" <<EOF
+[[artifact.${tufaceous_board}_sp]]
+name = "$sp_caboose_board"
+version = "$sp_caboose_version"
+[artifact.${tufaceous_board}_sp.source]
+kind = "file"
+path = "$sp_image"
+EOF
+    done
+}
+prep_rot_all_series
+
 add_hubris_artifacts() {
     series="$1"
     rot_dir="$2"
@@ -177,6 +224,7 @@ add_hubris_artifacts() {
     SERIES_LIST+=("$series")
 
     manifest=/work/manifest-$series.toml
+    manifest_rot_all=/work/manifest-rot-all.toml
     cp /work/manifest.toml "$manifest"
 
     for board in gimlet psc sidecar; do
@@ -198,6 +246,20 @@ path = "$rot_image_a"
 [artifact.${tufaceous_board}_rot.source.archive_b]
 kind = "file"
 path = "$rot_image_b"
+EOF
+
+        cat >>"$manifest_rot_all" <<EOF
+[[artifact.${tufaceous_board}_rot]]
+name = "$rot_caboose_board-$rot_dir"
+version = "$rot_caboose_version"
+[artifact.${tufaceous_board}_rot.source]
+kind = "composite-rot"
+[artifact.${tufaceous_board}_rot.source.archive_a]
+kind = "file"
+path = "$rot_image_a"
+[artifact.${tufaceous_board}_rot.source.archive_b]
+kind = "file"
+path = "$rot_image_b"
 EOF
     done