Merge branch 'main' into gjcolombo/instance-provisioning

.github/buildomat/build-and-test.sh

@@ -69,7 +69,7 @@ ptime -m timeout 1h cargo test --doc --locked --verbose --no-fail-fast
 # We expect the seed CRDB to be placed here, so we explicitly remove it so the
 # rmdir check below doesn't get triggered. Nextest doesn't have support for
 # teardown scripts so this is the best we've got.
-rm -rf "$TEST_TMPDIR/crdb-base"
+rm -rf "$TEST_TMPDIR/crdb-base"*
 
 #
 # Make sure that we have left nothing around in $TEST_TMPDIR.  The easiest way

.github/buildomat/jobs/deploy.sh

@@ -2,7 +2,7 @@
 #:
 #: name = "helios / deploy"
 #: variety = "basic"
-#: target = "lab-2.0-opte-0.23"
+#: target = "lab-2.0-opte-0.25"
 #: output_rules = [
 #:  "%/var/svc/log/oxide-sled-agent:default.log*",
 #:  "%/pool/ext/*/crypt/zone/oxz_*/root/var/svc/log/oxide-*.log*",

.github/buildomat/jobs/tuf-repo.sh

@@ -25,6 +25,21 @@
 #: job = "helios / build trampoline OS image"
 #:
 #: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.parta"
+#: from_output = "/work/repo-rot-all.zip.parta"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.partb"
+#: from_output = "/work/repo-rot-all.zip.partb"
+#:
+#: [[publish]]
+#: series = "rot-all"
+#: name = "repo.zip.sha256.txt"
+#: from_output = "/work/repo-rot-all.zip.sha256.txt"
+#:
+#: [[publish]]
 #: series = "rot-prod-rel"
 #: name = "repo.zip.parta"
 #: from_output = "/work/repo-rot-prod-rel.zip.parta"
@@ -168,6 +183,38 @@ caboose_util_rot() {
 }
 
 SERIES_LIST=()
+
+# Create an initial `manifest-rot-all.toml` containing the SP images for all
+# boards. While we still need to build multiple TUF repos,
+# `add_hubris_artifacts` below will append RoT images to this manifest (in
+# addition to the single-RoT manifest it creates).
+prep_rot_all_series() {
+    series="rot-all"
+
+    SERIES_LIST+=("$series")
+
+    manifest=/work/manifest-$series.toml
+    cp /work/manifest.toml "$manifest"
+
+    for board_rev in "${ALL_BOARDS[@]}"; do
+        board=${board_rev%-?}
+        tufaceous_board=${board//sidecar/switch}
+        sp_image="/work/hubris/${board_rev}.zip"
+        sp_caboose_version=$(/work/caboose-util read-version "$sp_image")
+        sp_caboose_board=$(/work/caboose-util read-board "$sp_image")
+
+        cat >>"$manifest" <<EOF
+[[artifact.${tufaceous_board}_sp]]
+name = "$sp_caboose_board"
+version = "$sp_caboose_version"
+[artifact.${tufaceous_board}_sp.source]
+kind = "file"
+path = "$sp_image"
+EOF
+    done
+}
+prep_rot_all_series
+
 add_hubris_artifacts() {
     series="$1"
     rot_dir="$2"
@@ -177,6 +224,7 @@ add_hubris_artifacts() {
     SERIES_LIST+=("$series")
 
     manifest=/work/manifest-$series.toml
+    manifest_rot_all=/work/manifest-rot-all.toml
     cp /work/manifest.toml "$manifest"
 
     for board in gimlet psc sidecar; do
@@ -198,6 +246,20 @@ path = "$rot_image_a"
 [artifact.${tufaceous_board}_rot.source.archive_b]
 kind = "file"
 path = "$rot_image_b"
+EOF
+
+        cat >>"$manifest_rot_all" <<EOF
+[[artifact.${tufaceous_board}_rot]]
+name = "$rot_caboose_board-${rot_dir//\//-}"
+version = "$rot_caboose_version"
+[artifact.${tufaceous_board}_rot.source]
+kind = "composite-rot"
+[artifact.${tufaceous_board}_rot.source.archive_a]
+kind = "file"
+path = "$rot_image_a"
+[artifact.${tufaceous_board}_rot.source.archive_b]
+kind = "file"
+path = "$rot_image_b"
 EOF
     done
 
@@ -220,7 +282,7 @@ EOF
 }
 # usage:              SERIES           ROT_DIR      ROT_VERSION              BOARDS...
 add_hubris_artifacts  rot-staging-dev  staging/dev  cert-staging-dev-v1.0.2  "${ALL_BOARDS[@]}"
-add_hubris_artifacts  rot-prod-rel     prod/rel     cert-prod-rel-v1.0.0     "${ALL_BOARDS[@]}"
+add_hubris_artifacts  rot-prod-rel     prod/rel     cert-prod-rel-v1.0.2     "${ALL_BOARDS[@]}"
 
 for series in "${SERIES_LIST[@]}"; do
     /work/tufaceous assemble --no-generate-key /work/manifest-"$series".toml /work/repo-"$series".zip