Skip to content
Snippets Groups Projects
Commit f9a26792 authored by Lorenzo Pagliai's avatar Lorenzo Pagliai
Browse files

[ARTIFACTS][URL] Insert blob SAS token in URL 

* For software artifacts that are saved within private Azure container
  it is necessary to add a blob SAS token in order for the URL to
correctly work. For such purpose we include the generation of a 6-months
duration read-only SAS token to be attached to the URL.
* Add AZURE_STORAGE_KEY among necessary CI/CD variables.
parent 9cfa350f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/manifest-pipeline.md
+ 1
0
View file @ f9a26792
...@@ -89,6 +89,7 @@ image, etc. The upload to Azure simply takes advantage of the three [variables ...@@ -89,6 +89,7 @@ image, etc. The upload to Azure simply takes advantage of the three [variables
defined at group level][5]: defined at group level][5]:
* `AZURE_STORAGE_ACCOUNT`: the name of the blob storage account software artifacts shall be uploaded to. * `AZURE_STORAGE_ACCOUNT`: the name of the blob storage account software artifacts shall be uploaded to.
* `AZURE_STORAGE_KEY`: the storage key necessary for [SAS token][6] generation.
* `AZURE_CONTAINER_NAME`: the name of the blob storage container used to store software artifacts. * `AZURE_CONTAINER_NAME`: the name of the blob storage container used to store software artifacts.
* `AZURE_STORAGE_SAS_TOKEN`: the [SAS token][6] associated to the corresponding Azure container. * `AZURE_STORAGE_SAS_TOKEN`: the [SAS token][6] associated to the corresponding Azure container.
......
scripts/generate_report.sh
+ 90
14
View file @ f9a26792
...@@ -6,47 +6,123 @@ AZURE_CONTAINER_NAME=$3 ...@@ -6,47 +6,123 @@ AZURE_CONTAINER_NAME=$3
AZURE_PATH=$4 AZURE_PATH=$4
if [ "$CI_JOB_STATUS" == "success" ]; then if [ "$CI_JOB_STATUS" == "success" ]; then
# Get the current year and month
current_year=$(date -u '+%Y')
current_month=$(date -u '+%m')
# Calculate the token expiration month and year
future_month=$(( (current_month + 6) % 12 ))
future_year=$(( current_year + (current_month + 6) / 12 ))
# Adjust the year if the future month is 0
if [ $future_month -eq 0 ]; then
future_month=12
future_year=$(( future_year - 1 ))
fi
# Format the expiration date
expire_date="${future_year}-${future_month}-01T00:00Z"
if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
sas_bundle=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename --permissions r --expiry "$expire_date" --output tsv)
url_bundle=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename --output tsv | sed -E 's/\?s.*//')
fi fi
case none in case none in
*${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;; *${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;;
*) *)
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
;; sas_uboot=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename --permissions r --expiry "$expire_date" --output tsv)
url_uboot=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename --output tsv | sed -E 's/\?s.*//')
;;
esac esac
case none in case none in
*${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;; *${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;;
*) *)
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
;; sas_kernel=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename --permissions r --expiry "$expire_date" --output tsv)
url_kernel=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename --output tsv | sed -E 's/\?s.*//')
;;
esac
# Generate read-only SAS token with 6-months expiration policy
sas_filesystem=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name --permissions r --expiry "$expire_date" --output tsv)
url_filesystem=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name --output tsv | sed -E 's/\?s.*//')
sas_image=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --permissions r --expiry "$expire_date" --output tsv)
url_image=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --output tsv | sed -E 's/\?s.*//')
sas_bmap=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name --permissions r --expiry "$expire_date" --output tsv)
url_bmap=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name --output tsv | sed -E 's/\?s.*//')
case "$AZURE_CONTAINER_NAME" in
*"private"*)
for i in bundle uboot kernel filesystem image bmap; do
if [ -n "\$url_$i" ]; then
eval echo -e "\$url_$i?\$sas_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
fi
done
;;
*)
for i in bundle uboot kernel filesystem image bmap; do
if [ -n "\$url_$i" ]; then
eval echo -e "\$url_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
fi
done
;;
esac esac
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
if [ ! -n "$CI_COMMIT_TAG" ]; then if [ ! -n "$CI_COMMIT_TAG" ]; then
if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then if [[ ! "${CI_JOB_NAME}" =~ "embedded" ]]; then
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
sas_bundle=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest --permissions r --expiry "$expire_date" --output tsv)
url_bundle=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bundle_filename_latest --output tsv | sed -E 's/\?s.*//')
fi fi
case none in case none in
*${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;; *${UBOOT_FILE}*) echo "Not deployed U-Boot for this board since not present" ;;
*) *)
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
sas_uboot=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest --permissions r --expiry "$expire_date" --output tsv)
url_uboot=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$uboot_filename_latest --output tsv | sed -E 's/\?s.*//')
;; ;;
esac esac
case none in case none in
*${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;; *${KERNEL_FILE}*) echo "Not deployed Kernel for this board since not present" ;;
*) *)
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
sas_kernel=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest --permissions r --expiry "$expire_date" --output tsv)
url_kernel=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$kernel_filename_latest --output tsv | sed -E 's/\?s.*//')
;; ;;
esac esac
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt # Generate read-only SAS token with 6-months expiration policy
echo -e $(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name_latest) | sed -E 's/\?s.*//' >> Link_report_"$BOARD"_"$IMAGE_NAME".txt sas_filesystem=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest --permissions r --expiry "$expire_date" --output tsv)
url_filesystem=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$filesystem_name_latest --output tsv | sed -E 's/\?s.*//')
sas_image=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --permissions r --expiry "$expire_date" --output tsv)
url_image=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --output tsv | sed -E 's/\?s.*//')
sas_bmap=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$image_name_latest --permissions r --expiry "$expire_date" --output tsv)
url_bmap=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name $AZURE_PATH/$DEPLOY_PATH/$bmap_name_latest --output tsv | sed -E 's/\?s.*//')
case "$AZURE_CONTAINER_NAME" in
*"private"*)
for i in bundle uboot kernel filesystem image bmap; do
if [ -n "\$url_$i" ]; then
eval echo -e "\$url_$i?\$sas_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
fi
done
;;
*)
for i in bundle uboot kernel filesystem image bmap; do
if [ -n "\$url_$i" ]; then
eval echo -e "\$url_$i" >> Link_report_"$BOARD"_"$IMAGE_NAME".txt
fi
done
;;
esac
fi fi
else else
echo -e "JOBS FAILED" >>Link_report_"$BOARD"_"$IMAGE_NAME".txt echo -e "JOBS FAILED" >>Link_report_"$BOARD"_"$IMAGE_NAME".txt
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment