55a6faf925
Why I did it [Ci]: Support to sign image for cisco-8000 uefi secure boot
108 lines
3.8 KiB
YAML
108 lines
3.8 KiB
YAML
# Starter pipeline
|
|
# Start with a minimal pipeline that you can customize to build and deploy your code.
|
|
# Add steps that build, run tests, deploy, and more:
|
|
# https://aka.ms/yaml
|
|
|
|
schedules:
|
|
- cron: "0 8 * * *"
|
|
displayName: Daily midnight build
|
|
branches:
|
|
include:
|
|
- master
|
|
- 202012
|
|
always: true
|
|
|
|
trigger: none
|
|
pr: none
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: cisco-8000
|
|
type: github
|
|
name: Cisco-8000-sonic/platform-cisco-8000
|
|
endpoint: cisco-connection
|
|
|
|
|
|
variables:
|
|
- group: SONIC-AKV-STROAGE-1
|
|
- name: StorageSASKey
|
|
value: $(sonicstorage-SasToken)
|
|
- name: SONIC_ENABLE_SECUREBOOT_SIGNATURE
|
|
value: y
|
|
- name: SIGNING_KEY
|
|
value: /etc/certificates/sonic-secure-boot-private.pem
|
|
- name: SIGNING_CERT
|
|
value: $(Build.StagingDirectory)/target/sonic-secure-boot-public.pem
|
|
|
|
stages:
|
|
- stage: Build
|
|
pool: sonic
|
|
variables:
|
|
CACHE_MODE: wcache
|
|
SKIP_CHECKOUT: true
|
|
TERM: ''
|
|
PACKAGE_URL: "https://sonicstorage.blob.core.windows.net/packages"
|
|
|
|
jobs:
|
|
- template: azure-pipelines-build.yml
|
|
parameters:
|
|
buildOptions: 'USERNAME=admin SONIC_BUILD_JOBS=$(nproc) ${{ variables.VERSION_CONTROL_OPTIONS }}'
|
|
preSteps:
|
|
- template: azure-pipelines-download-certificate.yml
|
|
- checkout: self
|
|
submodules: recursive
|
|
path: s
|
|
displayName: 'Checkout code'
|
|
- checkout: cisco-8000
|
|
submodules: recursive
|
|
path: s/platform/cisco-8000
|
|
displayName: 'Checkout cisco-8000'
|
|
- script: |
|
|
cisco_ref=$(cat platform/checkout/cisco-8000.ini | grep '^ref=' | cut -d= -f2)
|
|
echo "The cisco 8000 release version is $cisco_ref"
|
|
echo "##vso[task.setvariable variable=cisco.ref]$cisco_ref"
|
|
displayName: 'Export cisco release version'
|
|
- task: DownloadGitHubRelease@0
|
|
inputs:
|
|
connection: cisco-connection
|
|
userRepository: Cisco-8000-sonic/platform-cisco-8000
|
|
defaultVersionType: specificTag
|
|
version: $(cisco.ref)
|
|
itemPattern: 'artifactory-*.tar.gz'
|
|
downloadPath: '$(System.ArtifactsDirectory)'
|
|
- script: |
|
|
make PLATFORM=cisco-8000 platform/cisco-8000
|
|
tar xfz $(System.ArtifactsDirectory)/artifactory-*.tar.gz -C platform/cisco-8000
|
|
displayName: 'Setup cisco artifacts'
|
|
- script: |
|
|
set -ex
|
|
filename=$(find platform/cisco-8000/artifactory/sonic -name cisco-* -type f | head -n 1)
|
|
if [ -z "$filename" ]; then
|
|
echo "Cisco sai package not found" 1>&2
|
|
exit 1
|
|
fi
|
|
cd $(dirname $filename)
|
|
echo "PWD=$(pwd)"
|
|
ls -l *.deb
|
|
while read -r package; do
|
|
# Cisco version format: <VERSION>-sai-<sai-ver>-<distribution>-<COMMIT HASH>
|
|
# The <sai-ver> may contain several values in one build, the part is skipped when publishing to storage
|
|
# See https://github.com/Cisco-8000-sonic/sdk/blob/master/azure-pipelines.yml
|
|
# The $PACKAGE_URL is only accessible for AZP
|
|
version=$(echo $package | awk -F_ '{print $(NF-1)}' | cut -d- -f1,2,4,5)
|
|
package_url="$PACKAGE_URL/sai/ciscosai/master/$version/$package"
|
|
echo "Override package $package from $package_url"
|
|
wget "$package_url$StorageSASKey" -O "$package"
|
|
done < <(ls *.deb)
|
|
env:
|
|
StorageSASKey: $(StorageSASKey)
|
|
condition: ne(variables['Build.Reason'], 'PullRequest')
|
|
displayName: "Override cisco sai packages"
|
|
- script: |
|
|
echo "SONIC_ENABLE_SECUREBOOT_SIGNATURE := y" >> rules/config.user
|
|
echo "SIGNING_KEY := $(SIGNING_KEY)" >> rules/config.user
|
|
echo "SIGNING_CERT := $(SIGNING_CERT)" >> rules/config.user
|
|
displayName: "Enable secure boot signature"
|
|
jobGroups:
|
|
- name: cisco-8000
|