add p11 to configs, add example of master config for sign, clean building configs from old arches and branches, add forkflow for sign

2024-09-02 17:37:59 +03:00 · 2024-09-02 17:37:59 +03:00 · 860494ac3e
commit 860494ac3e
parent 9a42b17608
6 changed files with 154 additions and 17 deletions
--- a/.gitea/workflows/building.yaml
+++ b/.gitea/workflows/building.yaml
@ -2,7 +2,7 @@ name: Building cloud-images
 on: 
  push:
    tags:
-      - '*'
+      - 'build*'

 jobs:
  building:
--- a/.gitea/workflows/signing.yaml
+++ b/.gitea/workflows/signing.yaml
@ -0,0 +1,51 @@
+name: Signing cloud-images
+on: 
+  push:
+    tags:
+      - 'sign*'
+
+jobs:
+  building:
+    runs-on: alt-sisyphus
+    steps:
+      - name: Configure ssh
+        run: |
+          mkdir -p ~/.ssh/
+          echo "$SSH_KEY" > ~/.ssh/builder.key
+          chmod 600 ~/.ssh/builder.key
+          echo "SSH_USER=$SSH_USER, SSH_HOST=$SSH_HOST, SSH_TAISHAN_USER=$SSH_T_USER, SSH_TAISHAN_HOST=$SSH_T_HOST, SSH_TAISHAN_PORT=$SSH_T_PORT"
+          #> ~/.ssh/known_hosts #SSH_KH: ${{ secrets.BUILDER_SSH_KH }}
+          cat >>~/.ssh/config <<END
+          Host builder
+            HostName $SSH_HOST
+            User $SSH_USER
+            IdentityFile ~/.ssh/builder.key
+            StrictHostKeyChecking no
+          Host taishan
+            HostName $SSH_T_HOST
+            User $SSH_T_USER
+            Port $SSH_T_PORT
+            IdentityFile ~/.ssh/builder.key 
+            StrictHostKeyChecking no
+          END
+        env:
+          SSH_USER: ${{ secrets.BUILDER_SSH_USER }}
+          SSH_KEY: ${{ secrets.BUILDER_SSH_KEY }}
+          SSH_HOST: ${{ secrets.BUILDER_SSH_HOST }}
+          SSH_T_USER: ${{ secrets.TAISHAN_SSH_USER }}
+          SSH_T_PORT: ${{ secrets.TAISHAN_SSH_PORT }}
+          SSH_T_HOST: ${{ secrets.TAISHAN_SSH_HOST }}
+      - name: Display Python version
+        run: ssh builder 'python3 --version'
+      - name: Check script folder
+        run: |
+          ssh builder 'ls -a cloud-build/'
+      - name: Update building script from git
+        run: |
+          ssh builder 'cd cloud-build && git pull -f origin configs --rebase'                    
+      - name: Run sign script
+        run: |
+          ssh builder 'cd cloud-build && ./cloud-build.py --built-images-dir ~/images --stages copy_external_files sign sync -c ~/sign-config/master.yaml'                    
+      - name: Check scripts result for x86
+        run: |
+          ssh builder 'ls -a proto/Sisyphus/cloud/x86_64/' 
--- a/configs/cb-aarch64.yaml
+++ b/configs/cb-aarch64.yaml
@ -66,6 +66,10 @@ branches:
    arches:
      aarch64:
    branding: alt-starterkit
+  p11:
+    arches:
+      aarch64:
+    branding: alt-starterkit

 scripts:
  machine_id:
--- a/configs/cb-ve-x86.yaml
+++ b/configs/cb-ve-x86.yaml
@ -41,8 +41,6 @@ images:
    scripts:
    - securetty
    - netsharedpath
-    exclude_branches:
-    - c8

 branches:
  Sisyphus:
@ -54,6 +52,11 @@ branches:
      i586:
      x86_64:
    branding: alt-starterkit
+  p11:
+    arches:
+      i586:
+      x86_64:
+    branding: alt-starterkit

 scripts:
  securetty:
--- a/configs/cb-vm.yaml
+++ b/configs/cb-vm.yaml
@ -13,12 +13,7 @@ images:
    kinds:
    - qcow2c
    exclude_arches:
-    - aarch64
-    - armh
-    - ppc64le
    - i586
-    exclude_branches:
-    - c8
    rename:
      regex: '(.*)\.qcow2c$'
      to: '\1.qcow2'
@ -27,13 +22,7 @@ images:
    kinds:
    - qcow2c
    exclude_arches:
-    - aarch64
-    - armh
-    - ppc64le
    - i586
-    exclude_branches:
-    - p8
-    - c8
    #tests:
    #- method: prog(cloud-build-test-cloud)
    rename:
@ -72,9 +61,11 @@ branches:
    arches:
      i586:
      x86_64:
-      # aarch64:
-      # ppc64le:
-      # armh:
+    branding: alt-starterkit
+  p11:                       
+    arches:                  
+      i586:                  
+      x86_64:                
    branding: alt-starterkit

 scripts:
--- a/configs/example_master.yaml
+++ b/configs/example_master.yaml
@ -0,0 +1,88 @@
+---
+remote: '/home/builder/proto/{branch}/cloud/{arch}'
+key: <VALUE>
+repository_url: http://mirror.yandex.ru/altlinux/{branch}/branch
+try_build_all: True
+log_level: debug
+
+external_files: '~/external-files'
+
+rebuild_after:
+  days: 99999
+
+images:
+  rootfs-minimal:
+    target: ve/docker
+    kinds:
+    - tar.xz
+  rootfs-systemd:
+    target: ve/systemd-networkd
+    kinds:
+    - tar.xz
+  rootfs-systemd-etcnet:
+    target: ve/systemd-etcnet
+    kinds:
+    - tar.xz
+  rootfs-sysvinit:
+    target: ve/sysvinit-etcnet
+    kinds:
+    - tar.xz
+    exclude_branches:
+    - c8
+  opennebula:
+    target: vm/opennebula-systemd
+    kinds:
+    - qcow2
+    exclude_arches:
+    - armh
+    - ppc64le
+    - i586
+    exclude_branches:
+    - c8
+  cloud:
+    target: vm/cloud-systemd
+    kinds:
+    - qcow2
+    exclude_arches:
+    - armh
+    - ppc64le
+    - i586
+    exclude_branches:
+    - c8
+  workstation-cloud:
+    target: vm/alt-workstation-cloud
+    kinds:
+    - qcow2c
+    exclude_arches:
+    - armh
+    - ppc64le
+    - i586
+    exclude_branches:
+    - p8
+    - c8
+    # rename:
+      # regex: '(.*)\.qcow2c$'
+      # to: '\1.qcow2'
+
+branches:
+  Sisyphus:
+    arches:
+      i586:
+      x86_64:
+      aarch64:
+      ppc64le:
+  p10:
+    arches:
+      i586:
+      x86_64:
+      aarch64:
+      ppc64le:
+      armh:
+  p11:
+    arches:
+      i586:
+      x86_64:                    
+      aarch64:                   
+      ppc64le:
+      armh:
+...