Generate build material at end of build #620
Conversation
Including a manifest and the RELEASE.toml used permits checks made in other tools that will drive the test and release automation. The generated manifest needs to include followed symlinks: the thar images that are linked to, when uploaded (if they are anywhere in the process), become regular files copied from their linked targets in the set of resulting artifacts. Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
These will be shipped with the build artifacts throughout their lifecycle spent in release automation land. Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
Makefile.toml
Outdated
| [tasks.build] | ||
| dependencies = [ | ||
| "link-clean", | ||
| "build-variant", | ||
| "check-licenses", | ||
| "link-variant", | ||
| "gen-build-material" |
There was a problem hiding this comment.
nit: generate vs gen since the other tasks aren't abbreviated.
Maybe also manifest vs material
There was a problem hiding this comment.
I went back and forth on the use of material vs. manifest in the naming myself. I hesitated to name it generate-build-manifest as it's gathering and generating materials from the build (specifically, I see the copying of the RELEASE.toml in as part of the generation process, but not specifically for the manifest). I'm fine with either as long as we end up with both RELEASE.toml and build-manifest.txt on the otherside 👍
There was a problem hiding this comment.
Code-wise this looks good.
Creating the manifest is one piece of this puzzle. We should also have a little bit of logic to make sure we get the proper artifacts out of the build process. For example, we know we should get *{boot, root, data, root.verity}* artifacts. If we don't get those, we should probably fail this step as everything is going to go haywire in later steps.
|
@zmrow good point, in fact, I noticed just now that some of the buildspecs aren't actually collecting these artifacts (definitely will need to collect them at the end of the build!). I think that's probably where we'd want to make some assertions about the edit: created #630 to track this |
|
Let's ship this! |
|
@bcressey any objections to getting this into |
|
@bcressey any objections to merging this code? |
|
Closing for now, not needed or used at this time. |
Issue #, if available:
https://github.com/bottlerocket-os/PRVATE-release-automation/issues/9
https://github.com/bottlerocket-os/PRVATE-release-automation/issues/19
Description of changes:
At the conclusion of the build, the
gen-build-materialtask is executed to generate, copy, and collect build details for the sake of artifact collection. I chose to add this step in theMakefile.tomltask here instead of the buildspec because I think we'll want to make this a strong assumption and tightly bindmanifest+RELEASE.tomlto a given build.For the purposes of artifact propagation and transport these two added "artifacts" allow for checkpointed confirmation of contents as well as assertions of the cross-checking of release details at later stages (and future stages) of the release automation processes.
example build-manifest.txt
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.