Skip to content

Publish portenta x8 images #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Publish portenta x8 images #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
121 changes: 121 additions & 0 deletions .github/workflows/foundries-prerelease.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
on:
workflow_call:
inputs:
factory:
description: "Factory name"
type: string
default: 'arduino'
branch:
description: "Branch name"
type: string
default: 'main'
target-version:
description: "Target version"
type: string
board:
description: "Board name"
type: string
default: 'portentax8'
environment:
description: "Environment name"
type: string
default: 'production'
artifacts:
description: "A comma-separated list of artifact names"
type: string
slack-message:
description: "Slack message text"
type: string
permissions:
contents: read # Required to checkout repository.
id-token: write # Required to access OIDC token.
env:
DOMAIN: '{"staging": "oniudra", "production": "arduino"}'
BOARDS: '{"portentax8": "portenta-x8"}'
jobs:
Deploy:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Fioctl
run: |
curl -o /usr/local/bin/fioctl -LO https://github.com/foundriesio/fioctl/releases/download/v0.44/fioctl-linux-amd64
chmod +x /usr/local/bin/fioctl

- name: Configure Login to FoundriesFactory
run: |
printf "clientcredentials:\n client_id: %s\n client_secret: %s" "${{ secrets.FOUNDRIES_CLIENT_ID }}" "${{ secrets.FOUNDRIES_CLIENT_SECRET }}" > $HOME/.config/fioctl.yaml

- name: Download Offline Update and TUF root keys
id: download-offline-update
run: |
fioctl targets offline-update ${{ fromJSON(env.BOARDS)[inputs.board] }}-lmp-$TARGET offline-updates --tag $BRANCH --factory $FACTORY
curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" "https://api.foundries.io/ota/repo/$FACTORY/api/v1/user_repo/1.root.json" > offline-updates/tuf/1.root.json
curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" "https://api.foundries.io/ota/repo/$FACTORY/api/v1/user_repo/2.root.json" > offline-updates/tuf/2.root.json
tar zcf offline-update-$TARGET.tar.gz offline-updates
MD5SUM=($(md5sum offline-update-$TARGET.tar.gz))
echo "md5sum=$MD5SUM" >> $GITHUB_OUTPUT
env:
TARGET: ${{ inputs.target-version }}
BRANCH: ${{ inputs.branch }}
FACTORY: ${{ inputs.factory }}

- name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: 'us-east-1'
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: GHA_FoundriesRelease_via_FederatedOIDC
mask-aws-account-id: true

- name: Get info.json
run: |
aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/info.json .
env:
PREFIX: ${{ inputs.board}}image

- name: Update info.json
run: |
jq --arg target "$TARGET" '.latest.version |= $target' info.json > info.json.tmp && mv info.json.tmp info.json
jq --arg url "$URL" '.latest.url |= $url' info.json > info.json.tmp && mv info.json.tmp info.json
jq --arg md5sum "$MD5SUM" '.latest.md5sum |= $md5sum' info.json > info.json.tmp && mv info.json.tmp info.json
env:
TARGET: ${{ inputs.target-version }}
URL: https://downloads.${{ fromJSON(env.DOMAIN)[inputs.environment] }}.cc/${{ inputs.board}}image/offline-update-${{ inputs.target-version }}.tar.gz
MD5SUM: ${{ steps.download-offline-update.outputs.md5sum }}

- name: Download artifacts
run: |
[ ! -d ${TARGET} ] && mkdir ${TARGET}
cd ${TARGET}
for ARTIFACT in $(echo ${{ inputs.artifacts }} | tr ',' '\n')
do
echo ${BASE_URL}/${ARTIFACT}
curl -H "OSF-TOKEN: ${{ secrets.FOUNDRIES_TOKEN }}" -fLO ${BASE_URL}/${ARTIFACT}
done
cd ../
tar zcvf $TARGET.tar.gz $TARGET
env:
TARGET: ${{ inputs.target-version }}
BASE_URL: https://ci.foundries.io/projects/${{ inputs.factory }}/lmp/builds/${{ inputs.target-version }}

- name: Upload "pre-release" artifacts
run: |
aws s3 cp info.json s3://${{ secrets.S3_BUCKET }}/$PREFIX/info-pre.json
aws s3 cp offline-update-$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/
aws s3 cp $TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/
env:
TARGET: ${{ inputs.target-version }}
PREFIX: ${{ inputs.board}}image

- name: Send message to Slack
uses: archive/github-actions-slack@v2.0.0
id: notify
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: ${{ secrets.SLACK_CHANNEL }}
slack-text: ${{ inputs.slack-message }}
slack-optional-icon_emoji: ":bookmark:"
53 changes: 53 additions & 0 deletions .github/workflows/foundries-promote.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
on:
workflow_call:
inputs:
target-version:
description: "Target version"
type: string
board:
description: "Board name"
type: string
default: 'portentax8'
environment:
description: "Environment name"
type: string
default: 'production'
slack-message:
description: "Slack message text"
type: string
permissions:
contents: read # Required to checkout repository.
id-token: write # Required to access OIDC token.
jobs:
Promote:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: 'us-east-1'
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: GHA_FoundriesPromote_via_FederatedOIDC
mask-aws-account-id: true

- name: Promote pre-release ${{ inputs.target-version }} to release
run: |
aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/offline-update-$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/update-latest.tar.gz
aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/$TARGET.tar.gz s3://${{ secrets.S3_BUCKET }}/$PREFIX/image-latest.tar.gz
aws s3 cp s3://${{ secrets.S3_BUCKET }}/$PREFIX/info-pre.json s3://${{ secrets.S3_BUCKET }}/$PREFIX/info.json
env:
TARGET: ${{ inputs.target-version }}
PREFIX: ${{ inputs.board}}image

- name: Send message to Slack
uses: archive/github-actions-slack@v2.0.0
id: notify
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: ${{ secrets.SLACK_CHANNEL }}
slack-text: ${{ inputs.slack-message }}
slack-optional-icon_emoji: ":fire:"
51 changes: 51 additions & 0 deletions .github/workflows/foundries-target.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
on:
workflow_call:
inputs:
factory:
description: "Factory name"
type: string
default: 'arduino'
branch:
description: "Branch name"
type: string
default: 'main'
environment:
description: "Environment name"
type: string
default: 'production'
outputs:
factory-version:
description: "Factory Target Latest Version"
value: ${{ jobs.GetTargetVersion.outputs.target-version }}
bucket-version:
description: "Bucket Target Latest Version"
value: ${{ jobs.GetDeployedVersion.outputs.bucket-version }}
permissions:
contents: read
env:
DOMAIN: '{"staging": "oniudra", "production": "arduino"}'
jobs:
GetTargetVersion:
runs-on: 'ubuntu-latest'
outputs:
target-version: ${{ steps.fetch-targets.outputs.target-version }}
steps:
- name: Fetch Latest Target
id: fetch-targets
run: |
TARGET=$(curl -H "osf-token: ${{ secrets.FOUNDRIES_TOKEN }}" \
-H 'accept: application/json' \
'https://api.foundries.io/ota/factories/${{ inputs.factory }}/targets/' \
| jq -r '.[] | .custom | select(has("tags")) | select(.tags | any(. == "main")) | .version' \
| sort | tail -1)
echo "target-version=$TARGET" >> $GITHUB_OUTPUT
GetDeployedVersion:
runs-on: 'ubuntu-latest'
environment: ${{ inputs.environment }}
outputs:
bucket-version: ${{ steps.get-info-pre-json.outputs.latest-version }}
steps:
- name: Get info-pre.json
id: get-info-pre-json
run: |
echo "latest-version=$(curl https://downloads.${{ fromJSON(env.DOMAIN)[inputs.environment] }}.cc/portentax8image/info-pre.json | jq -r '.latest.version')" >> $GITHUB_OUTPUT
28 changes: 28 additions & 0 deletions .github/workflows/portenta-x8-prerelease.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Upload Portenta X8 image pre-release

on:
schedule:
# Runs at 00:00 UTC every day
- cron: '0 0 * * *'

jobs:
GetVersions:
uses: ./.github/workflows/foundries-target.yml
with:
factory: arduino
branch: main
environment: staging
secrets: inherit

UploadPreRelease:
needs: [GetVersions]
uses: ./.github/workflows/foundries-prerelease.yml
if: ${{ needs.GetVersions.outputs.factory-version > needs.GetVersions.outputs.bucket-version }}
with:
factory: arduino
branch: main
target-version: ${{ needs.GetVersions.outputs.factory-version }}
artifacts: "portenta-x8-mfgtools/artifacts/mfgtool-files-portenta-x8.tar.gz,portenta-x8/artifacts/imx-boot-portenta-x8,portenta-x8/artifacts/u-boot-portenta-x8.itb,portenta-x8/artifacts/sit-portenta-x8.bin,assemble-system-image/artifacts/main/lmp-factory-image-portenta-x8.wic.gz"
slack-message: Foundries Factory Target version ${{ needs.GetVersions.outputs.factory-version }} is available for testing
environment: staging
secrets: inherit
18 changes: 18 additions & 0 deletions .github/workflows/portenta-x8-promote.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Promote Portenta X8 image pre-release

on:
workflow_dispatch:
inputs:
target-version:
description: 'Target version to promote'
required: true
type: string

jobs:
Promote:
uses: ./.github/workflows/foundries-promote.yml
with:
target-version: ${{ inputs.target-version }}
environment: staging
slack-message: "Foundries Factory Target version ${{ inputs.target-version }} has been promoted to production"
secrets: inherit