sonic-buildimage/.azure-pipelines/official-build-cisco-8000.yml
xumia 03f1b87e65 [Ci]: Support to sign image for cisco-8000 uefi secure boot (#10616)
Why I did it
[Ci]: Support to sign image for cisco-8000 uefi secure boot
2022-04-24 21:13:41 -07:00

108 lines
3.8 KiB
YAML

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
schedules:
- cron: "0 8 * * *"
displayName: Daily midnight build
branches:
include:
- master
- 202012
always: true
trigger: none
pr: none
resources:
repositories:
- repository: cisco-8000
type: github
name: Cisco-8000-sonic/platform-cisco-8000
endpoint: cisco-connection
variables:
- group: SONIC-AKV-STROAGE-1
- name: StorageSASKey
value: $(sonicstorage-SasToken)
- name: SONIC_ENABLE_SECUREBOOT_SIGNATURE
value: y
- name: SIGNING_KEY
value: /etc/certificates/sonic-secure-boot-private.pem
- name: SIGNING_CERT
value: $(Build.StagingDirectory)/target/sonic-secure-boot-public.pem
stages:
- stage: Build
pool: sonic
variables:
CACHE_MODE: wcache
SKIP_CHECKOUT: true
TERM: ''
PACKAGE_URL: "https://sonicstorage.blob.core.windows.net/packages"
jobs:
- template: azure-pipelines-build.yml
parameters:
buildOptions: 'USERNAME=admin SONIC_BUILD_JOBS=$(nproc) ${{ variables.VERSION_CONTROL_OPTIONS }}'
preSteps:
- template: azure-pipelines-download-certificate.yml
- checkout: self
submodules: recursive
path: s
displayName: 'Checkout code'
- checkout: cisco-8000
submodules: recursive
path: s/platform/cisco-8000
displayName: 'Checkout cisco-8000'
- script: |
cisco_ref=$(cat platform/checkout/cisco-8000.ini | grep '^ref=' | cut -d= -f2)
echo "The cisco 8000 release version is $cisco_ref"
echo "##vso[task.setvariable variable=cisco.ref]$cisco_ref"
displayName: 'Export cisco release version'
- task: DownloadGitHubRelease@0
inputs:
connection: cisco-connection
userRepository: Cisco-8000-sonic/platform-cisco-8000
defaultVersionType: specificTag
version: $(cisco.ref)
itemPattern: 'artifactory-*.tar.gz'
downloadPath: '$(System.ArtifactsDirectory)'
- script: |
make PLATFORM=cisco-8000 platform/cisco-8000
tar xfz $(System.ArtifactsDirectory)/artifactory-*.tar.gz -C platform/cisco-8000
displayName: 'Setup cisco artifacts'
- script: |
set -ex
filename=$(find platform/cisco-8000/artifactory/sonic -name cisco-* -type f | head -n 1)
if [ -z "$filename" ]; then
echo "Cisco sai package not found" 1>&2
exit 1
fi
cd $(dirname $filename)
echo "PWD=$(pwd)"
ls -l *.deb
while read -r package; do
# Cisco version format: <VERSION>-sai-<sai-ver>-<distribution>-<COMMIT HASH>
# The <sai-ver> may contain several values in one build, the part is skipped when publishing to storage
# See https://github.com/Cisco-8000-sonic/sdk/blob/master/azure-pipelines.yml
# The $PACKAGE_URL is only accessible for AZP
version=$(echo $package | awk -F_ '{print $(NF-1)}' | cut -d- -f1,2,4,5)
package_url="$PACKAGE_URL/sai/ciscosai/master/$version/$package"
echo "Override package $package from $package_url"
wget "$package_url$StorageSASKey" -O "$package"
done < <(ls *.deb)
env:
StorageSASKey: $(StorageSASKey)
condition: ne(variables['Build.Reason'], 'PullRequest')
displayName: "Override cisco sai packages"
- script: |
echo "SONIC_ENABLE_SECUREBOOT_SIGNATURE := y" >> rules/config.user
echo "SIGNING_KEY := $(SIGNING_KEY)" >> rules/config.user
echo "SIGNING_CERT := $(SIGNING_CERT)" >> rules/config.user
displayName: "Enable secure boot signature"
jobGroups:
- name: cisco-8000