-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate build material at end of build #620
Conversation
Including a manifest and the RELEASE.toml used permits checks made in other tools that will drive the test and release automation. The generated manifest needs to include followed symlinks: the thar images that are linked to, when uploaded (if they are anywhere in the process), become regular files copied from their linked targets in the set of resulting artifacts. Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
These will be shipped with the build artifacts throughout their lifecycle spent in release automation land. Signed-off-by: Jacob Vallejo <jakeev@amazon.com>
Makefile.toml
Outdated
[tasks.build] | ||
dependencies = [ | ||
"link-clean", | ||
"build-variant", | ||
"check-licenses", | ||
"link-variant", | ||
"gen-build-material" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: generate
vs gen
since the other tasks aren't abbreviated.
Maybe also manifest
vs material
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went back and forth on the use of material vs. manifest in the naming myself. I hesitated to name it generate-build-manifest
as it's gathering and generating materials from the build (specifically, I see the copying of the RELEASE.toml
in as part of the generation process, but not specifically for the manifest). I'm fine with either as long as we end up with both RELEASE.toml
and build-manifest.txt
on the otherside 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code-wise this looks good.
Creating the manifest is one piece of this puzzle. We should also have a little bit of logic to make sure we get the proper artifacts out of the build process. For example, we know we should get *{boot, root, data, root.verity}*
artifacts. If we don't get those, we should probably fail this step as everything is going to go haywire in later steps.
@zmrow good point, in fact, I noticed just now that some of the buildspecs aren't actually collecting these artifacts (definitely will need to collect them at the end of the build!). I think that's probably where we'd want to make some assertions about the edit: created #630 to track this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🌱
Let's ship this! |
@bcressey any objections to getting this into |
@bcressey any objections to merging this code? |
Closing for now, not needed or used at this time. |
Issue #, if available:
https://github.com/bottlerocket-os/PRVATE-release-automation/issues/9
https://github.com/bottlerocket-os/PRVATE-release-automation/issues/19
Description of changes:
At the conclusion of the build, the
gen-build-material
task is executed to generate, copy, and collect build details for the sake of artifact collection. I chose to add this step in theMakefile.toml
task here instead of the buildspec because I think we'll want to make this a strong assumption and tightly bindmanifest+RELEASE.toml
to a given build.For the purposes of artifact propagation and transport these two added "artifacts" allow for checkpointed confirmation of contents as well as assertions of the cross-checking of release details at later stages (and future stages) of the release automation processes.
example build-manifest.txt
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.