From c339a842d88a27193f6ea44bdbc6df270763ae94 Mon Sep 17 00:00:00 2001 From: Austin Vazquez Date: Wed, 26 Jun 2024 16:36:17 -0700 Subject: [PATCH] ci: update base os image during update dependencies workflow This change adds update base os image to the update dependencies workflow. Signed-off-by: Austin Vazquez --- .github/workflows/update-dependencies.yaml | 13 +++-- bin/update-os-image.sh | 58 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 5 deletions(-) create mode 100755 bin/update-os-image.sh diff --git a/.github/workflows/update-dependencies.yaml b/.github/workflows/update-dependencies.yaml index ab666d4..67cd62b 100644 --- a/.github/workflows/update-dependencies.yaml +++ b/.github/workflows/update-dependencies.yaml @@ -25,11 +25,14 @@ jobs: role-session-name: dependency-upload-session aws-region: ${{ secrets.REGION }} - # This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same. - - name: update dependencies url - run: | - ./bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} - ./bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} + - name: Update Lima dependencies archive for Finch on macOS + run: bash bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} + + - name: Update base OS for Finch on macOS + run: bash bin/update-os-image.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} + + - name: Update rootfs for Finch on Windows + run: bash bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} - name: create PR uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 diff --git a/bin/update-os-image.sh b/bin/update-os-image.sh new file mode 100755 index 0000000..949ed17 --- /dev/null +++ b/bin/update-os-image.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# A script to update the base os image used for Finch on macOS. +# +# Usage: bash update-os-image.sh -d + +set -euxo pipefail + +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd -- "${CURRENT_DIR}/.." && pwd)" + +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/bin/utility.sh" + +DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com" +AARCH64_FILENAME_PATTERN="Fedora-Cloud-Base-.*\.aarch64-[0-9]+\.qcow2$" +AMD64_FILENAME_PATTERN="Fedora-Cloud-Base-.*\.x86_64-[0-9]+\.qcow2$" + +while getopts d: flag +do + case "${flag}" in + d) dependency_bucket=${OPTARG};; + *) echo "Error: unknown flag" && exit 1;; + esac +done + +[[ -z "$dependency_bucket" ]] && { echo "Error: dependency bucket not set"; exit 1; } + +aarch64_deps=$(find_latest_object_match_from_s3 "${AARCH64_FILENAME_PATTERN}" "${dependency_bucket}") +[[ -z "$aarch64_deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; } + +# Need to pull the shasum of the artifact to store for later verification. +aarch64_deps_shasum_url="${DEPENDENCY_CLOUDFRONT_URL}/${aarch64_deps}.sha512sum" +aarch64_deps_shasum=$(curl -L --fail "${aarch64_deps_shasum_url}") + +amd64_deps=$(find_latest_object_match_from_s3 "${AMD64_FILENAME_PATTERN}" "${dependency_bucket}") +[[ -z "$amd64_deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } + +amd64_deps_shasum_url="${DEPENDENCY_CLOUDFRONT_URL}/${amd64_deps}.sha512sum" +amd64_deps_shasum=$(curl -L --fail "${amd64_deps_shasum_url}") + +# Update base os file with latest artifacts and digests +OS_FILE="${PROJECT_ROOT}/deps/full-os.conf" +truncate -s 0 "${OS_FILE}" +{ + echo "ARTIFACT_BASE_URL=${DEPENDENCY_CLOUDFRONT_URL}" + echo "" + echo "# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/aarch64/images/" + echo "AARCH64_ARTIFACT=${aarch64_deps}" + echo "AARCH64_512_DIGEST=${aarch64_deps_shasum}" + echo "" + echo "# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/" + echo "X86_64_ARTIFACT=${amd64_deps}" + echo "X86_64_512_DIGEST=${amd64_deps_shasum}" +} >> "${OS_FILE}"