Skip to content

Commit

Permalink
Write to a single bucket for the Trusted OS artifacts. (#69)
Browse files Browse the repository at this point in the history 
* Write to a single bucket for the Trusted OS artifacts.

* Revert firmware file rename.
  • Loading branch information
@jiggoha
jiggoha authored Sep 28, 2023
1 parent 58d9346 commit d20c485
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
9 changes: 5 additions & 4 deletions release/cloudbuild_ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,13 @@ steps:
- storage
- cp
- output/trusted_os.elf
- gs://${_TRUSTED_OS_BUCKET}/${_TEST_TAG_NAME}/trusted_os.elf
- gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/${_TEST_TAG_NAME}/trusted_os.elf
- name: gcr.io/cloud-builders/gcloud
args:
- storage
- cp
- output/trusted_os.sig
- gs://${_TRUSTED_OS_BUCKET}/${_TEST_TAG_NAME}/trusted_os_transparency_dev.sig
- gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/${_TEST_TAG_NAME}/trusted_os_transparency_dev.sig
### Construct log entry / Claimant Model statement.
- name: golang
args:
Expand Down Expand Up @@ -89,10 +89,11 @@ steps:
- storage
- cp
- output/trusted_os_manifest.json
- gs://${_TRUSTED_OS_BUCKET}/${_TEST_TAG_NAME}/trusted_os_manifest.json
- gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/${_TEST_TAG_NAME}/trusted_os_manifest.json
substitutions:
# Build-related.
_TRUSTED_OS_BUCKET: trusted-os-artifacts-ci
_FIRMWARE_BUCKET: armored-witness-firmware-ci
_FIRMWARE_COMPONENT: trusted-os
_TAMAGO_VERSION: '1.20.6'
_TEST_TAG_NAME: '0.1.2'
# Signing-related.
Expand Down
10 changes: 6 additions & 4 deletions release/cloudbuild_withsecure_signature.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@ steps:
- -c
- >-
gcloud storage cp ${_WITHSECURE_DIR}/${_TEST_TAG_NAME}.txt
gs://${_TRUSTED_OS_BUCKET}/$(echo ${_TEST_TAG_NAME} | sed -e "s/^withsecure_v//")/trusted_os_manifest.txt
gs://${_FIRMWARE_BUCKET}/${_FIRMWARE_COMPONENT}/$(echo ${_TEST_TAG_NAME} | sed -e "s/^withsecure_v//")/trusted_os_manifest.txt
### Write the firmware release to the transparency log.
# Copy the signed note to the sequence bucket, preparing to write to log.
- name: gcr.io/cloud-builders/gcloud
args:
- storage
- cp
- ${_WITHSECURE_DIR}/${_TEST_TAG_NAME}.txt
- 'gs://${_LOG_NAME}/${_ENTRIES_DIR}/trusted_os_manifest.txt'
- gs://${_LOG_NAME}/${_ENTRIES_DIR}/trusted_os_manifest.txt
# Sequence log entry.
- name: gcr.io/cloud-builders/gcloud
args:
Expand All @@ -50,12 +50,14 @@ steps:

substitutions:
# TODO(jayhou): do not use CI bucket when we flip this trigger to prod.
_TRUSTED_OS_BUCKET: trusted-os-artifacts-ci
_FIRMWARE_BUCKET: armored-witness-firmware-ci
_FIRMWARE_COMPONENT: trusted-os
_WITHSECURE_DIR: release/withsecure
# TODO(jayhou): remove this when we flip this trigger to prod.
_TEST_TAG_NAME: withsecure_v0.1.2
# Log-related.
_ENTRIES_DIR: firmware-log-sequence
# TODO(jayhou): switch to prod origin.
_ORIGIN: transparency.dev/armored-witness/firmware_transparency/ci/0
# TODO(jayhou): do not use CI bucket when we flip this trigger to prod.
_LOG_NAME: firmware-log-ci
_LOG_NAME: armored-witness-firmware-log-ci

0 comments on commit d20c485

Please sign in to comment.