diff --git a/docs/manifest-pipeline.md b/docs/manifest-pipeline.md
index 7f2d5329e1170033b2c22827f149e8cbfc64e34e..24c7227300bbdb03dcb0cd7da26ec11b57942ab9 100644
--- a/docs/manifest-pipeline.md
+++ b/docs/manifest-pipeline.md
@@ -89,6 +89,7 @@ image, etc. The upload to Azure simply takes advantage of the three [variables
defined at group level][5]:
* `AZURE_STORAGE_ACCOUNT`: the name of the blob storage account software artifacts shall be uploaded to.
+* `AZURE_STORAGE_KEY`: the storage key necessary for [SAS token][6] generation.
* `AZURE_CONTAINER_NAME`: the name of the blob storage container used to store software artifacts.
* `AZURE_STORAGE_SAS_TOKEN`: the [SAS token][6] associated to the corresponding Azure container.
diff --git a/scripts/generate_report.sh b/scripts/generate_report.sh
index 7a1bcda8dfad0f46cbbea4602056e1ad9810a9b8..3834fda0313062794bef26f904b722f0a01f4093 100644
--- a/scripts/generate_report.sh
+++ b/scripts/generate_report.sh
@@ -6,47 +6,123 @@ AZURE_CONTAINER_NAME=$3
AZURE_PATH=$4
if [ "$CI_JOB_STATUS" == "success" ]; then
+
+ # Get the current year and month
+ current_year=$(date -u '+%Y')
+ current_month=$(date -u '+%m')
+
+ # Calculate the token expiration month and year
+ future_month=$(( (current_month + 6) % 12 ))
+ future_year=$(( current_year + (current_month + 6) / 12 ))
+
+ # Adjust the year if the future month is 0
+ if [ $future_month -eq 0 ]; then
+ future_month=12
+ future_year=$(( future_year - 1 ))
+ fi
+
+ # Format the expiration date
+ expire_date="${future_year}-${future_month}-01T00:00Z"
+
if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_bundle=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename --permissions r --expiry "$expire_date" --output tsv)
+ url_bundle=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename --output tsv | sed -E 's/\?s.*//')
fi
+
case none in
*${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;;
*)
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- ;;
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_uboot=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename --permissions r --expiry "$expire_date" --output tsv)
+ url_uboot=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename --output tsv | sed -E 's/\?s.*//')
+ ;;
esac
case none in
*${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;;
*)
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- ;;
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_kernel=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename --permissions r --expiry "$expire_date" --output tsv)
+ url_kernel=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename --output tsv | sed -E 's/\?s.*//')
+ ;;
+ esac
+
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_filesystem=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name --permissions r --expiry "$expire_date" --output tsv)
+ url_filesystem=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name --output tsv | sed -E 's/\?s.*//')
+ sas_image=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --permissions r --expiry "$expire_date" --output tsv)
+ url_image=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --output tsv | sed -E 's/\?s.*//')
+ sas_bmap=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --permissions r --expiry "$expire_date" --output tsv)
+ url_bmap=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name --output tsv | sed -E 's/\?s.*//')
+
+
+ case "$AZURE_CONTAINER_NAME" in
+ *"private"*)
+ for i in bundle uboot kernel filesystem image bmap; do
+ if [ -n "\$url_$i" ]; then
+ eval echo -e "\$url_$i?\$sas_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ fi
+ done
+ ;;
+ *)
+ for i in bundle uboot kernel filesystem image bmap; do
+ if [ -n "\$url_$i" ]; then
+ eval echo -e "\$url_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ fi
+ done
+ ;;
esac
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
if [ ! -n "$CI_COMMIT_TAG" ]; then
if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_bundle=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_bundle=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest --output tsv | sed -E 's/\?s.*//')
fi
case none in
*${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;;
*)
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_uboot=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_uboot=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest --output tsv | sed -E 's/\?s.*//')
;;
esac
case none in
*${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;;
*)
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_kernel=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_kernel=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest --output tsv | sed -E 's/\?s.*//')
;;
esac
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
- echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+
+ # Generate read-only SAS token with 6-months expiration policy
+ sas_filesystem=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_filesystem=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest --output tsv | sed -E 's/\?s.*//')
+ sas_image=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_image=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --output tsv | sed -E 's/\?s.*//')
+ sas_bmap=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --permissions r --expiry "$expire_date" --output tsv)
+ url_bmap=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name_latest --output tsv | sed -E 's/\?s.*//')
+
+ case "$AZURE_CONTAINER_NAME" in
+ *"private"*)
+ for i in bundle uboot kernel filesystem image bmap; do
+ if [ -n "\$url_$i" ]; then
+ eval echo -e "\$url_$i?\$sas_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ fi
+ done
+ ;;
+ *)
+ for i in bundle uboot kernel filesystem image bmap; do
+ if [ -n "\$url_$i" ]; then
+ eval echo -e "\$url_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
+ fi
+ done
+ ;;
+ esac
fi
else
echo -e "JOBS FAILED" >>Link_report_"$BOARD"_"$IMAGE_NAME".txt