[isar-cip-core,2/2] .gitlab-ci.yml: Add v2 QEMU security targets for swupdate testing

Commit Message

Sai.Sathujoda@toshiba-tsip.com Feb. 14, 2024, 12:28 p.m. UTC

From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>

For LAVA swupdate testing, v2 QEMU security targets are built with a
minor change in cip-core-image-security.bb. and their .swu artifacts
are deployed to s3 buckets for using in LAVA job definitions.

Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
---
 .gitlab-ci.yml | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

Comments

Jan Kiszka Feb. 14, 2024, 12:36 p.m. UTC | #1

On 14.02.24 13:28, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
> 
> For LAVA swupdate testing, v2 QEMU security targets are built with a
> minor change in cip-core-image-security.bb. and their .swu artifacts
> are deployed to s3 buckets for using in LAVA job definitions.
> 
> Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
> ---
>  .gitlab-ci.yml | 40 +++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 4f87ec3..c7837f4 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -25,6 +25,7 @@ variables:
>    dtb: none
>    deploy: enable
>    deploy_kernelci: disable
> +  use_swu: disable
>  
>  stages:
>    - build
> @@ -63,9 +64,10 @@ default:
>      - if [ "${release}" = "bookworm" ]; then base_yaml="${base_yaml}:kas/opt/bookworm.yml"; fi
>      - if [ "${release}" = "sid" ]; then base_yaml="${base_yaml}:kas/opt/sid.yml"; fi
>      - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-partitions.yml"; fi
> +    - if [ "${use_swu}" = "enable" ]; then echo "PV = \"2.0\"" >> recipes-core/images/cip-core-image-security.bb; fi
>      - echo "Building ${base_yaml}"
>      - kas build ${base_yaml}
> -    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG}; fi
> +    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG} ${use_swu}; fi
>      - if [ "${deploy_kernelci}" = "enable" ]; then scripts/deploy-kernelci.py ${release} ${target} ${extension} ${dtb}; fi
>  
>  # base image
> @@ -106,6 +108,18 @@ build:qemu-amd64-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-amd64-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-amd64-base]
> +  variables:
> +    target: qemu-amd64
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-amd64-base-kernelci:
>    extends:
>      - .build_base
> @@ -128,6 +142,18 @@ build:qemu-arm64-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-arm64-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-arm64-base]
> +  variables:
> +    target: qemu-arm64
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-arm64-base-kernelci:
>    extends:
>      - .build_base
> @@ -150,6 +176,18 @@ build:qemu-arm-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-arm-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-arm-base]
> +  variables:
> +    target: qemu-arm
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-arm-base-kernelci:
>    extends:
>      - .build_base

This will build v2 in a separate job, no? Means, you will not be able to
reuse the 99% of the build artifacts from the v1 build. Or am I missing
something?

Jan

Sai.Sathujoda@toshiba-tsip.com Feb. 14, 2024, 3:29 p.m. UTC | #2

Hi Jan,

Thanks for your comments. I am sending v2 patches by correcting this flaw. Please review them.

Thanks and Regards,
Sai Ashrith Sathujoda

-----Original Message-----
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Jan Kiszka via lists.cip-project.org
Sent: Wednesday, February 14, 2024 6:06 PM
To: ashrith sai(ＴＳＩＰ) <Sai.Sathujoda@toshiba-tsip.com>; cip-dev@lists.cip-project.org
Cc: dinesh kumar(ＴＳＩＰ TMIEC ODG Porting) <dinesh.kumar@toshiba-tsip.com>; hayashi kazuhiro(林 和宏 ＤＭＥ ○ＤＩＧ□ＭＰＳ○ＭＰ４) <kazuhiro3.hayashi@toshiba.co.jp>; Quirin Gylstorff <quirin.gylstorff@siemens.com>
Subject: Re: [cip-dev] [isar-cip-core 2/2] .gitlab-ci.yml: Add v2 QEMU security targets for swupdate testing

On 14.02.24 13:28, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
> 
> For LAVA swupdate testing, v2 QEMU security targets are built with a 
> minor change in cip-core-image-security.bb. and their .swu artifacts 
> are deployed to s3 buckets for using in LAVA job definitions.
> 
> Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
> ---
>  .gitlab-ci.yml | 40 +++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4f87ec3..c7837f4 
> 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -25,6 +25,7 @@ variables:
>    dtb: none
>    deploy: enable
>    deploy_kernelci: disable
> +  use_swu: disable
>  
>  stages:
>    - build
> @@ -63,9 +64,10 @@ default:
>      - if [ "${release}" = "bookworm" ]; then base_yaml="${base_yaml}:kas/opt/bookworm.yml"; fi
>      - if [ "${release}" = "sid" ]; then base_yaml="${base_yaml}:kas/opt/sid.yml"; fi
>      - if [ "${encrypt}" = "enable" ]; then 
> base_yaml="${base_yaml}:kas/opt/encrypt-partitions.yml"; fi
> +    - if [ "${use_swu}" = "enable" ]; then echo "PV = \"2.0\"" >> 
> + recipes-core/images/cip-core-image-security.bb; fi
>      - echo "Building ${base_yaml}"
>      - kas build ${base_yaml}
> -    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG}; fi
> +    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh 
> + ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG} 
> + ${use_swu}; fi
>      - if [ "${deploy_kernelci}" = "enable" ]; then 
> scripts/deploy-kernelci.py ${release} ${target} ${extension} ${dtb}; 
> fi
>  
>  # base image
> @@ -106,6 +108,18 @@ build:qemu-amd64-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-amd64-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-amd64-base]
> +  variables:
> +    target: qemu-amd64
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-amd64-base-kernelci:
>    extends:
>      - .build_base
> @@ -128,6 +142,18 @@ build:qemu-arm64-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-arm64-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-arm64-base]
> +  variables:
> +    target: qemu-arm64
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-arm64-base-kernelci:
>    extends:
>      - .build_base
> @@ -150,6 +176,18 @@ build:qemu-arm-base:
>      wic_targz: disable
>      targz: enable
>  
> +build:qemu-arm-base-v2:
> +  extends:
> +    - .build_base
> +  needs: [build:qemu-arm-base]
> +  variables:
> +    target: qemu-arm
> +    extension: security
> +    use_rt: disable
> +    wic_targz: disable
> +    targz: enable
> +    use_swu: enable
> +
>  build:qemu-arm-base-kernelci:
>    extends:
>      - .build_base

This will build v2 in a separate job, no? Means, you will not be able to reuse the 99% of the build artifacts from the v1 build. Or am I missing something?

Jan

--
Siemens AG, Technology
Linux Expert Center

Patch

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4f87ec3..c7837f4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,6 +25,7 @@  variables:
   dtb: none
   deploy: enable
   deploy_kernelci: disable
+  use_swu: disable
 
 stages:
   - build
@@ -63,9 +64,10 @@  default:
     - if [ "${release}" = "bookworm" ]; then base_yaml="${base_yaml}:kas/opt/bookworm.yml"; fi
     - if [ "${release}" = "sid" ]; then base_yaml="${base_yaml}:kas/opt/sid.yml"; fi
     - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-partitions.yml"; fi
+    - if [ "${use_swu}" = "enable" ]; then echo "PV = \"2.0\"" >> recipes-core/images/cip-core-image-security.bb; fi
     - echo "Building ${base_yaml}"
     - kas build ${base_yaml}
-    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG}; fi
+    - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG} ${use_swu}; fi
     - if [ "${deploy_kernelci}" = "enable" ]; then scripts/deploy-kernelci.py ${release} ${target} ${extension} ${dtb}; fi
 
 # base image
@@ -106,6 +108,18 @@  build:qemu-amd64-base:
     wic_targz: disable
     targz: enable
 
+build:qemu-amd64-base-v2:
+  extends:
+    - .build_base
+  needs: [build:qemu-amd64-base]
+  variables:
+    target: qemu-amd64
+    extension: security
+    use_rt: disable
+    wic_targz: disable
+    targz: enable
+    use_swu: enable
+
 build:qemu-amd64-base-kernelci:
   extends:
     - .build_base
@@ -128,6 +142,18 @@  build:qemu-arm64-base:
     wic_targz: disable
     targz: enable
 
+build:qemu-arm64-base-v2:
+  extends:
+    - .build_base
+  needs: [build:qemu-arm64-base]
+  variables:
+    target: qemu-arm64
+    extension: security
+    use_rt: disable
+    wic_targz: disable
+    targz: enable
+    use_swu: enable
+
 build:qemu-arm64-base-kernelci:
   extends:
     - .build_base
@@ -150,6 +176,18 @@  build:qemu-arm-base:
     wic_targz: disable
     targz: enable
 
+build:qemu-arm-base-v2:
+  extends:
+    - .build_base
+  needs: [build:qemu-arm-base]
+  variables:
+    target: qemu-arm
+    extension: security
+    use_rt: disable
+    wic_targz: disable
+    targz: enable
+    use_swu: enable
+
 build:qemu-arm-base-kernelci:
   extends:
     - .build_base