From 7fed4f257618e18685d7e5a44c7b692e07215a4a Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Wed, 17 Jan 2024 15:36:48 +0000 Subject: [PATCH] Pass through more build args --- Dockerfile | 6 +++++- release/cloudbuild_ci.yaml | 35 ++++++++++++++++++++++++++--------- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index f9b9517..5482695 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,8 @@ ARG LOG_ORIGIN ARG LOG_PUBLIC_KEY ARG OS_PUBLIC_KEY1 ARG OS_PUBLIC_KEY2 +ARG GIT_SEMVER_TAG +ARG CONSOLE # Install dependencies. RUN apt-get update && apt-get install -y make @@ -31,6 +33,8 @@ RUN echo "${OS_PUBLIC_KEY2}" > /tmp/os2.pub ENV LOG_ORIGIN=${LOG_ORIGIN} \ LOG_PUBLIC_KEY="/tmp/log.pub" \ OS_PUBLIC_KEY1="/tmp/os1.pub" \ - OS_PUBLIC_KEY2="/tmp/os2.pub" + OS_PUBLIC_KEY2="/tmp/os2.pub" \ + GIT_SEMVER_TAG=${GIT_SEMVER_TAG} \ + CONSOLE=${CONSOLE} RUN make imx diff --git a/release/cloudbuild_ci.yaml b/release/cloudbuild_ci.yaml index 1505b4c..4b6146d 100644 --- a/release/cloudbuild_ci.yaml +++ b/release/cloudbuild_ci.yaml @@ -1,16 +1,29 @@ steps: + # First create a fake tag we'll use throughout the CI build process below. + # Unfortunately, GCB has no concept of dynamically creating substitutions or + # passing ENV vars between steps, so the best we can do is to create a file + # containing our tag in the shared workspace which other steps can inspect. + - name: bash + script: | + date +'0.0.%s-incompatible' > /workspace/fake_tag + cat /workspace/fake_tag ### Build the bootloader binary and upload it to GCS. # Use the dockerfile to build an image containing the bootloader artifact. - name: gcr.io/cloud-builders/docker + entrypoint: bash args: - - build - - --build-arg - - TAMAGO_VERSION=${_TAMAGO_VERSION} - - --build-arg - - LOG_ORIGIN=${_ORIGIN} - - -t - - builder-image - - . + - -c + - | + docker build \ + --build-arg=TAMAGO_VERSION=${_TAMAGO_VERSION} \ + --build-arg=LOG_ORIGIN=${_ORIGIN} \ + --build-arg=LOG_PUBLIC_KEY=${_LOG_PUBLIC_KEY} \ + --build-arg=OS_PUBLIC_KEY1=${_OS_PUBLIC_KEY1} \ + --build-arg=OS_PUBLIC_KEY2=${_OS_PUBLIC_KEY2} \ + --build-arg=GIT_SEMVER_TAG=$(cat /workspace/fake_tag) \ + --build-arg=CONSOLE=${_CONSOLE} \ + -t builder-image \ + . # Prepare a container with a copy of the artifacts. - name: gcr.io/cloud-builders/docker args: @@ -48,7 +61,7 @@ steps: - | go run github.com/transparency-dev/armored-witness/cmd/manifest@main \ create \ - --git_tag=${_MANUAL_TAG} \ + --git_tag=$(cat /workspace/fake_tag) \ --git_commit_fingerprint=${COMMIT_SHA} \ --firmware_file=output/armored-witness-boot.imx \ --firmware_type=BOOTLOADER \ @@ -134,10 +147,14 @@ substitutions: _FIRMWARE_BUCKET: armored-witness-firmware-ci-1 _MANUAL_TAG: 0.0.0 _TAMAGO_VERSION: '1.21.5' + _CONSOLE: 'on' # Log-related. _ENTRIES_DIR: firmware-log-sequence # This must correspond with the trailing number on the _FIRMWARE_BUCKET, _ORIGIN, _LOG_NAME values. _KEY_VERSION: '1' _LOG_NAME: armored-witness-firmware-log-ci-1 _ORIGIN: transparency.dev/armored-witness/firmware_transparency/ci/1 + _LOG_PUBLIC_KEY: transparency.dev-aw-ftlog-ci+f5479c1e+AR6gW0mycDtL17iM2uvQUThJsoiuSRirstEj9a5AdCCu + _OS_PUBLIC_KEY1: transparency.dev-aw-os1-ci+7a0eaef3+AcsqvmrcKIbs21H2Bm2fWb6oFWn/9MmLGNc6NLJty2eQ + _OS_PUBLIC_KEY2: transparency.dev-aw-os2-ci+af8e4114+AbBJk5MgxRB+68KhGojhUdSt1ts5GAdRIT1Eq9zEkgQh _CHECKPOINT_CACHE: 'public, max-age=30' \ No newline at end of file