Skip to content

Commit

Permalink
build: Refactor upload process
Browse files Browse the repository at this point in the history 
Signed-off-by: Paulo Gomes <[email protected]>
  • Loading branch information
@pjbgf
pjbgf committed Jan 23, 2024
1 parent a39f1c6 commit d80e82a
Show file tree
Hide file tree
Showing 8 changed files with 118 additions and 366 deletions.
28 changes: 25 additions & 3 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,30 @@
RUNNER ?= docker
POLICIES = $(shell find policy -mindepth 2 -maxdepth 2 -type d | sort -u | cut -f 2 -d'/')
POLICIES = $(shell find policy -mindepth 1 -maxdepth 1 -type d | sort -u | cut -f 2 -d'/')

# GPG Signing
DRY_RUN ?= false
SIGN_KEY_EMAIL ?= [email protected]
PRIVATE_KEY ?=
PRIVATE_KEY_PASS_PHRASE ?=
TESTING_PRIVATE_KEY ?=
TESTING_PRIVATE_KEY_PASS_PHRASE ?=

# S3 Upload
TESTING_AWS_ACCESS_KEY_ID ?=
TESTING_AWS_SECRET_ACCESS_KEY ?=
TESTING_AWS_S3_BUCKET ?=
PRODUCTION_AWS_ACCESS_KEY_ID ?=
PRODUCTION_AWS_SECRET_ACCESS_KEY ?=
PRODUCTION_AWS_S3_BUCKET ?=

ifeq ($(DRY_RUN),true)
DRY_RUN_SIGN := --dry-run
endif

SHELL := /bin/bash

include hack/make/version.mk
include hack/make/tools.mk

.PHONY: build
build: ## build all policies.
Expand Down Expand Up @@ -55,15 +65,27 @@ build: ## build all policies.
$(RUNNER) run --rm \
-e USER=$(shell id -u) -e GROUP=$(shell id -g) \
-v $(shell pwd)/build/$(subst :,/,$*):/dist \
rancher-selinux:$(subst :,/,$*) ./repo-metadata
rancher-selinux:$(subst :,/,$*) ./metadata

upload: $(AWSCLI) version ## uploads all artefacts from each policy into S3.
$(MAKE) $(addsuffix -upload, $(POLICIES))

%-upload:
RPM_CHANNEL=$(RPM_CHANNEL) POLICY=$(subst :,/,$*) \
TESTING_AWS_ACCESS_KEY_ID="$(TESTING_AWS_ACCESS_KEY_ID)" \
TESTING_AWS_SECRET_ACCESS_KEY="$(TESTING_AWS_SECRET_ACCESS_KEY)" \
TESTING_AWS_S3_BUCKET="$(TESTING_AWS_S3_BUCKET)" \
PRODUCTION_AWS_ACCESS_KEY_ID="$(PRODUCTION_AWS_ACCESS_KEY_ID)" \
PRODUCTION_AWS_SECRET_ACCESS_KEY="$(PRODUCTION_AWS_SECRET_ACCESS_KEY)" \
PRODUCTION_AWS_S3_BUCKET="$(PRODUCTION_AWS_S3_BUCKET)" \
./hack/upload

version: ## parse and display version.
ifdef VERSION_MSG
@echo $(VERSION_MSG); exit 1
endif

@echo Version Information
@echo
@echo RPM_VERSION: $(RPM_VERSION)
@echo RPM_RELEASE: $(RPM_RELEASE)
@echo RPM_CHANNEL: $(RPM_CHANNEL)
Expand Down
7 changes: 7 additions & 0 deletions hack/make/tools.mk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
TOOLS_BIN := $(shell mkdir -p build/tools && realpath build/tools)

AWSCLI = $(TOOLS_BIN)/aws/dist/aws
$(AWSCLI): ## Download awscliv2 if not yet downloaded.
curl "https://awscli.amazonaws.com/awscli-exe-linux-$(shell uname -m).zip" -o "$(TOOLS_BIN)/awscliv2.zip"
cd $(TOOLS_BIN) && unzip -q $(TOOLS_BIN)/awscliv2.zip
rm $(TOOLS_BIN)/awscliv2.zip
86 changes: 86 additions & 0 deletions hack/upload
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
#!/bin/bash
set -eo pipefail

declare AWS_S3_BUCKET_VAR

function check_vars()
{
echo "checking for required vars"

local required_vars
required_vars=(RPM_CHANNEL POLICY)

for var in "${required_vars[@]}"; do
[ -z "${!var}" ] && echo "$var is not set." && var_unset=true
done

[ -n "${var_unset}" ] && exit 1
return 0
}

function aws_auth()
{
case "${RPM_CHANNEL}" in
"testing")
export AWS_ACCESS_KEY_ID="${TESTING_AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${TESTING_AWS_SECRET_ACCESS_KEY}"
export AWS_S3_BUCKET_VAR=TESTING_AWS_S3_BUCKET
;;
"production")
export AWS_ACCESS_KEY_ID="${PRODUCTION_AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${PRODUCTION_AWS_SECRET_ACCESS_KEY}"
export AWS_S3_BUCKET_VAR=PRODUCTION_AWS_S3_BUCKET
;;
*)
echo "RPM_CHANNEL $RPM_CHANNEL does not match one of: [testing, production]"
exit 1
;;
esac

required_vars=("${AWS_S3_BUCKET_VAR}" AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY)
for var in "${required_vars[@]}"; do
[ -z "${!var}" ] && echo "$var is not set." && var_unset=true
done

[ -n "${var_unset}" ] && echo "failing rpm upload" && exit 1
return 0
}

function upload_artefacts()
{
case "${POLICY}" in
"centos7")
S3_POLICY_DIR="centos/7"
;;
"centos8")
S3_POLICY_DIR="centos/8"
;;
"centos9")
S3_POLICY_DIR="centos/9"
;;
"fedora37")
S3_POLICY_DIR="fedora/37"
;;
"microos")
S3_POLICY_DIR="microos"
;;
*)
echo "unsupported policy: ${POLICY}"
exit 1
;;
esac

echo "Uploading RPMs packages and repo metadata files"
##############################
echo aws s3 cp "build/${POLICY}/noarch/" "s3://${!AWS_S3_BUCKET_VAR}/rancher/${RPM_CHANNEL}/${S3_POLICY_DIR}/noarch/" --recursive
echo aws s3 cp "build/${POLICY}/source/" "s3://${!AWS_S3_BUCKET_VAR}/rancher/${RPM_CHANNEL}/${S3_POLICY_DIR}/source/" --recursive
}

function main()
{
check_vars
aws_auth
upload_artefacts
}

main
72 changes: 0 additions & 72 deletions policy/centos7/scripts/upload-repo
View file

This file was deleted.

73 changes: 0 additions & 73 deletions policy/centos8/scripts/upload-repo
View file

This file was deleted.

73 changes: 0 additions & 73 deletions policy/centos9/scripts/upload-repo
View file

This file was deleted.

Loading

0 comments on commit d80e82a

Please sign in to comment.