Skip to content

Commit

Permalink
Add Cloud Build config to copy WithSecure sig from Github to GCS.
Browse files Browse the repository at this point in the history
  • Loading branch information
jiggoha committed Sep 15, 2023
1 parent bf21f10 commit 3f3a529
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions release/cloudbuild_withsecure_signature.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# This Cloud Build trigger copies the WithSecure signature for a certain
# Trusted OS release version to the bucket (and "subdir") that contains the
# Trusted OS as built by transparency.dev and the detached signature as signed
# by transparency.dev.
#
# WithSecure is expected to overwrite the _WITHSECURE_SIG_FILE and
# _RELEASE_VERSION_FILE for each release. Reading _RELEASE_VERSION_FILE allows
# Cloud Build to copy the signature to the proper "subdir" (as mentioned
# above).
#
# This is the second Cloud Build trigger for a given release. The first should
# have already created the Trusted OS elf file and the transparency.dev
# detached signature.
#
# The Trusted OS elf should only be used if both signatures are verified
# sucessfully.
steps:
# Read the release version for which the WithSecure signature is. Cloud Build
# does not allow dynamically setting env vars, so writing to a file as a
# workaround:
# https://stackoverflow.com/questions/52337831/how-do-i-set-an-environment-or-substitution-variable-via-a-step-in-google-cloud.
- name: ubuntu
args: ['bash', '-c', 'cat ${_WITHSECURE_DIR}/${_RELEASE_VERSION_FILE} > _RELEASE_VERSION']
# Copy the WithSecure signature to the bucket.
- name: gcr.io/cloud-builders/gcloud
entrypoint: sh
args:
- -c
- 'gcloud storage cp ${_WITHSECURE_DIR}/${_WITHSECURE_SIG_FILE} gs://${_TRUSTED_OS_BUCKET}/$(cat _RELEASE_VERSION)/trusted_os_withsecure.sig'
substitutions:
_TRUSTED_OS_BUCKET: trusted-os-artifacts-ci
_WITHSECURE_DIR: release/withsecure
_WITHSECURE_SIG_FILE: trusted_os.sig
_RELEASE_VERSION_FILE: release_version.txt

0 comments on commit 3f3a529

Please sign in to comment.