Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store firmware binaries in CAS #156

Merged
merged 8 commits into from
Nov 1, 2023
Merged

Store firmware binaries in CAS #156

merged 8 commits into from
Nov 1, 2023

Conversation

AlCutter
Copy link
Collaborator

This PR updates the Makefile and cloudbuild configs to store the applet firmware binary in the correct CAS location.

See transparency-dev/armored-witness-common#15

mhutchinson
mhutchinson approved these changes Oct 31, 2023
View reviewed changes
Copy link
Contributor

@mhutchinson mhutchinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval modulo the cloudbuild changes because I can only give a coin-flip answer to whether this would work.

release/cloudbuild.yaml
Comment on lines +39 to +41
entrypoint: bash
args:
- gcloud
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like @jiggoha to take a look at this entrypoint swapping business.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the reason Al has added that here is so that the sha256sum and other bash commands work correctly. The environment variables here get populated correctly not because of bash environment variables, but because of Cloud Build substitution vars. So without the entrypoint, we can't do any logic here. Is that right, Al?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, that's right

jiggoha
jiggoha previously approved these changes Nov 1, 2023
View reviewed changes
@jiggoha jiggoha dismissed their stale review November 1, 2023 11:54

Need to add a comment about copying the manifest

jiggoha
jiggoha reviewed Nov 1, 2023
View reviewed changes
release/cloudbuild_ci.yaml Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following our video call just now, I think we can/should delete the ### Copy the signed manifest to the public artifacts bucket. step here. We can directly copy the local file to the log for it to be sequenced.

(Commenting on the file because I can't seem to figure out how to comment on a single line of code if it's not been modified in a PR?)

@AlCutter
Copy link
Collaborator Author

AlCutter commented Nov 1, 2023

Approval modulo the cloudbuild changes because I can only give a coin-flip answer to whether this would work.

Me too :)

I wonder if there's way we could have a "dry-run" on PRs for at least the CI GCB config where it doesn't actually store/modify anything?

@AlCutter AlCutter merged commit 6936d89 into transparency-dev:main Nov 1, 2023
2 checks passed
@AlCutter AlCutter deleted the bins_in_CAS branch November 1, 2023 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiggoha jiggoha jiggoha left review comments

@mhutchinson mhutchinson mhutchinson approved these changes

Assignees

@mhutchinson mhutchinson

@jiggoha jiggoha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlCutter @mhutchinson @jiggoha