Skip to content

Commit

Permalink
Add buildomat jobs for select images
Browse files Browse the repository at this point in the history
It's useful to have some images that have gone through a
`permslip sign`. Do so in a very limited fashion.
  • Loading branch information
labbott committed Oct 29, 2024
1 parent 7fcfe60 commit 38d2e1b
Show file tree
Hide file tree
Showing 23 changed files with 527 additions and 0 deletions.
14 changes: 14 additions & 0 deletions .github/buildomat/build-one.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash

set -o errexit
set -o pipefail
set -o xtrace
set -o nounset

name=$1
toml=$2
image=$3

cargo xtask dist $toml
cp target/$name/dist/$image/build-$name-image-$image.zip /work/
touch /work/this_is_not_signed.txt
26 changes: 26 additions & 0 deletions .github/buildomat/force-git-over-https.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/usr/bin/env bash
#
# The token authentication mechanism that affords us access to other private
# repositories requires that we use HTTPS URLs for GitHub, rather than SSH.
#
override_urls=(
'git://github.com/'
'[email protected]:'
'ssh://github.com/'
'ssh://[email protected]/'
'git+ssh://[email protected]/'
)
for (( i = 0; i < ${#override_urls[@]}; i++ )); do
git config --add --global url.https://github.com/.insteadOf \
"${override_urls[$i]}"
done

#
# Require that cargo use the git CLI instead of the built-in support. This
# achieves two things: first, SSH URLs should be transformed on fetch without
# requiring Cargo.toml rewriting, which is especially difficult in transitive
# dependencies; second, Cargo does not seem willing on its own to look in
# ~/.netrc and find the temporary token that buildomat generates for our job,
# so we must use git which uses curl.
#
export CARGO_NET_GIT_FETCH_WITH_CLI=true
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-c-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-c-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-c-lab app/gimlet/rev-c-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-c.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-c"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-c app/gimlet/rev-c.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-d-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-d-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-d-lab app/gimlet/rev-d-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-d.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-d"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-d app/gimlet/rev-d.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-e-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-e-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-e-lab app/gimlet/rev-e-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-e.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-e"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-e app/gimlet/rev-e.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-f-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-f-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-f-lab app/gimlet/rev-f-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/gimlet-f.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build gimlet-f"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh gimlet-f app/gimlet/rev-f.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/psc-b.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build psc-b"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh psc-b app/psc/rev-b.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/psc-c.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build psc-c"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh psc-c app/psc/rev-c.toml default
38 changes: 38 additions & 0 deletions .github/buildomat/jobs/rot.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#!/bin/bash
#:
#: name = "build rot"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: ]
#: access_repos = [
#: "oxidecomputer/permission-slip",
#: ]
#:

set -o errexit
set -o pipefail
set -o xtrace

_cleanup () {
kill $(jobs -p)
}

trap _cleanup SIGINT SIGTERM EXIT

source .github/buildomat/force-git-over-https.sh
source .github/buildomat/permslip-setup.sh


cargo xtask dist app/oxide-rot-1/app-dev.toml
$PERMSLIP_DIR/target/release/permslip --url=http://localhost:41340 \
sign "UNTRUSTED bart" \
target/oxide-rot-1-selfsigned/dist/a/build-oxide-rot-1-selfsigned-image-a.zip \
--version 0.0.0-ci > /work/build-oxide-rot-1-selfsigned-image-a.zip

$PERMSLIP_DIR/target/release/permslip --url=http://localhost:41340 \
sign "UNTRUSTED bart" \
target/oxide-rot-1-selfsigned/dist/b/build-oxide-rot-1-selfsigned-image-b.zip \
--version 0.0.0-ci > /work/build-oxide-rot-1-selfsigned-image-b.zip
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-b-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-b-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-b-lab app/sidecar/rev-b-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-b.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-b"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-b app/sidecar/rev-b.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-c-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-c-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-c-lab app/sidecar/rev-c-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-c.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-c"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-c app/sidecar/rev-c.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-d-lab.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-d-lab"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-d-lab app/sidecar/rev-d-lab.toml default
16 changes: 16 additions & 0 deletions .github/buildomat/jobs/sidecar-d.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
#:
#: name = "build sidecar-d"
#: variety = "basic"
#: target = "ubuntu-22.04"
#: rust_toolchain = true
#: output_rules = [
#: "=/work/*.zip",
#: "=/work/this_is_not_signed.txt",
#: ]

set -o errexit
set -o pipefail
set -o xtrace

exec .github/buildomat/build-one.sh sidecar-d app/sidecar/rev-d.toml default
Loading

0 comments on commit 38d2e1b

Please sign in to comment.