|
| 1 | +#!/bin/bash |
| 2 | +#: |
| 3 | +#: name = "helios / build recovery OS image" |
| 4 | +#: variety = "basic" |
| 5 | +#: target = "helios-latest" |
| 6 | +#: rust_toolchain = "1.66.1" |
| 7 | +#: output_rules = [ |
| 8 | +#: "=/work/helios/image/output/zfs.img", |
| 9 | +#: "=/work/helios/image/output/rom", |
| 10 | +#: ] |
| 11 | +#: access_repos = [ |
| 12 | +#: "oxidecomputer/amd-apcb", |
| 13 | +#: "oxidecomputer/amd-efs", |
| 14 | +#: "oxidecomputer/amd-firmware", |
| 15 | +#: "oxidecomputer/amd-flash", |
| 16 | +#: "oxidecomputer/amd-host-image-builder", |
| 17 | +#: "oxidecomputer/boot-image-tools", |
| 18 | +#: "oxidecomputer/chelsio-t6-roms", |
| 19 | +#: "oxidecomputer/compliance-pilot", |
| 20 | +#: "oxidecomputer/facade", |
| 21 | +#: "oxidecomputer/helios", |
| 22 | +#: "oxidecomputer/helios-omnios-build", |
| 23 | +#: "oxidecomputer/helios-omnios-extra", |
| 24 | +#: "oxidecomputer/nanobl-rs", |
| 25 | +#: ] |
| 26 | +#: |
| 27 | +#: [dependencies.package] |
| 28 | +#: job = "helios / package" |
| 29 | +#: |
| 30 | + |
| 31 | +set -o errexit |
| 32 | +set -o pipefail |
| 33 | +set -o xtrace |
| 34 | + |
| 35 | +cargo --version |
| 36 | +rustc --version |
| 37 | + |
| 38 | +source "$(pwd)/tools/helios_version" |
| 39 | + |
| 40 | +# |
| 41 | +# The token authentication mechanism that affords us access to other private |
| 42 | +# repositories requires that we use HTTPS URLs for GitHub, rather than SSH. |
| 43 | +# |
| 44 | +override_urls=( |
| 45 | + 'git://github.com/' |
| 46 | + 'git@github.com:' |
| 47 | + 'ssh://github.com/' |
| 48 | + 'ssh://git@github.com/' |
| 49 | + 'git+ssh://git@github.com/' |
| 50 | +) |
| 51 | +for (( i = 0; i < ${#override_urls[@]}; i++ )); do |
| 52 | + git config --add --global url.https://github.com/.insteadOf \ |
| 53 | + "${override_urls[$i]}" |
| 54 | +done |
| 55 | + |
| 56 | +# |
| 57 | +# Require that cargo use the git CLI instead of the built-in support. This |
| 58 | +# achieves two things: first, SSH URLs should be transformed on fetch without |
| 59 | +# requiring Cargo.toml rewriting, which is especially difficult in transitive |
| 60 | +# dependencies; second, Cargo does not seem willing on its own to look in |
| 61 | +# ~/.netrc and find the temporary token that buildomat generates for our job, |
| 62 | +# so we must use git which uses curl. |
| 63 | +# |
| 64 | +export CARGO_NET_GIT_FETCH_WITH_CLI=true |
| 65 | + |
| 66 | +pfexec mkdir -p /work |
| 67 | +cd /work |
| 68 | + |
| 69 | +# /work/gz: Global Zone artifacts to be placed in the Helios image. |
| 70 | +mkdir gz && cd gz |
| 71 | +ptime -m tar xvzf /input/package/work/trampoline-global-zone-packages.tar.gz |
| 72 | +cd - |
| 73 | + |
| 74 | +# Checkout helios at a pinned commit |
| 75 | +git clone https://github.com/oxidecomputer/helios.git |
| 76 | +cd helios |
| 77 | + |
| 78 | +git checkout "$COMMIT" |
| 79 | + |
| 80 | +# Create the "./helios-build" command, which lets us build images |
| 81 | +gmake setup |
| 82 | + |
| 83 | +# Commands that "./helios-build" would ask us to run (either explicitly |
| 84 | +# or implicitly, to avoid an error). |
| 85 | +pfexec pkg install /system/zones/brand/omicron1/tools |
| 86 | +pfexec zfs create -p rpool/images/build |
| 87 | + |
| 88 | +./helios-build experiment-image \ |
| 89 | + -p helios-netdev=https://pkg.oxide.computer/helios-netdev \ |
| 90 | + -F optever=0.21 \ |
| 91 | + -P /work/gz/root \ |
| 92 | + -R |
0 commit comments