From 65289927c4eb372b03c2a818c71bb112d7346f30 Mon Sep 17 00:00:00 2001 From: tro Date: Tue, 8 Oct 2024 14:27:12 +0200 Subject: [PATCH] add ff-merge instructions and scripts --- README.md | 1 + core/cfn/build_demos_prod.yml | 358 ---------------------- docs/new_release_checklist.md | 1 + ff-merge/{release.sh => meta-aws-ffmerge} | 3 + ff-merge/meta-aws-ffmerge-all | 7 + 5 files changed, 12 insertions(+), 358 deletions(-) delete mode 100644 core/cfn/build_demos_prod.yml rename ff-merge/{release.sh => meta-aws-ffmerge} (80%) mode change 100644 => 100755 create mode 100755 ff-merge/meta-aws-ffmerge-all diff --git a/README.md b/README.md index 6189528..3a332bb 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ This project has three goals: ```text auto-upgrader/ <= tool that is used in meta-aws to generate pull requests if an recipe upgrade is available docs/ <= writeups of different topics + ff-merge/ <= script to perform -next to release branch ff merge release-tests/ <= script to build and ptests all Yocto meta-aws releases ``` diff --git a/core/cfn/build_demos_prod.yml b/core/cfn/build_demos_prod.yml deleted file mode 100644 index ee24e25..0000000 --- a/core/cfn/build_demos_prod.yml +++ /dev/null @@ -1,358 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - The name of the network CFN stack used for this project. - Type: String - ContainerRegistryUri: - Description: >- - The URI where the build machine image lives in REPOSITORY:TAG format. - Type: String - YoctoProjectRelease: - Description: >- - The Yocto release, i.e. zeus, dunfell, etc. - Type: String - DemoVendor: - Description: >- - The vendor target for the image. See the list of - available demo boards on https://github.com/aws-samples/meta-aws-demos - Type: String - DemoBoard: - Description: >- - The board or emulator target for the image. See the list of - available demo boards on https://github.com/aws-samples/meta-aws-demos - Type: String - DemoName: - Description: >- - The name of the demonstration, i.e. aws_iot_greengrass. - Type: String - DemoComputeType: - Description: >- - The compute type. i.e. BUILD_GENERAL1_LARGE (15Gb RAM, 8vCPU) or BUILD_GENERAL1_2XLARGE (145 Gb RAM, 72 vCPU) - Type: String - GitHubOrg: - Description: >- - The GitHub organization or user to set the codebuild project for. - Type: String - Default: "aws" -Resources: - BuildBucket: - Type: 'AWS::S3::Bucket' - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - Properties: - BucketEncryption: - ServerSideEncryptionConfiguration: - - ServerSideEncryptionByDefault: - SSEAlgorithm: AES256 - - BuildSStateCacheFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - sstate-cache - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - BuildSStateCacheMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildSStateCacheMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - download - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - - BuildDownloadMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Location: !Ref BuildBucket - Packaging: NONE - NamespaceType: BUILD_ID - Type: S3 - BadgeEnabled: true - Description: The build process for a full Yocto image. - TimeoutInMinutes: 480 - Environment: - Type: LINUX_CONTAINER - ComputeType: !Ref DemoComputeType - Image: !Ref ContainerRegistryUri - PrivilegedMode: true - ImagePullCredentialsType: CODEBUILD - EnvironmentVariables: - - Name: DISTRIBUTION_S3 - Type: PLAINTEXT - Value: !Ref BuildBucket - - Name: YP_RELEASE - Type: PLAINTEXT - Value: !Ref YoctoProjectRelease - FileSystemLocations: - - Identifier: sstate - Location: !Join - - '' - - - !Ref BuildSStateCacheFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /sstate-cache - Type: EFS - - Identifier: downloads - Location: !Join - - '' - - - !Ref BuildDownloadFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /downloads - Type: EFS - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: !Join - - '' - - - !Ref DemoVendor - - / - - !Ref DemoBoard - - / - - !Ref DemoName - - / - - !Ref YoctoProjectRelease - - / - - buildspec.yml - Location: !Join - - '' - - - "https://github.com/" - - !Ref GitHubOrg - - "/meta-aws-demos" - Type: GITHUB - SourceIdentifier: meta_aws_demos - SourceVersion: refs/heads/master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:GetDownloadUrlForLayer' - - 'ecr:BatchGetImage' - - 'ecr:BatchCheckLayerAvailability' - Effect: Allow - Resource: '*' - BuildBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref BuildBucket - PolicyDocument: - Statement: - - Action: - - 's3:ListBucket' - - 's3:GetObject' - - 's3:PutObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - /* - Principal: - AWS: !GetAtt CodeBuildRole.Arn diff --git a/docs/new_release_checklist.md b/docs/new_release_checklist.md index d1c1a2c..63bb7a7 100644 --- a/docs/new_release_checklist.md +++ b/docs/new_release_checklist.md @@ -1,3 +1,4 @@ # Things to do when a new yocto release comes up - Create a new branch and -next branch based on master-next. - Add in GitHub backport action add new branch-next to backport to. +- Add release to ff-merge script if you have any. diff --git a/ff-merge/release.sh b/ff-merge/meta-aws-ffmerge old mode 100644 new mode 100755 similarity index 80% rename from ff-merge/release.sh rename to ff-merge/meta-aws-ffmerge index b11fe5c..257b56f --- a/ff-merge/release.sh +++ b/ff-merge/meta-aws-ffmerge @@ -1,8 +1,11 @@ #!/usr/bin/env bash +echo "Press any key to continue - no parameter given this will git fast forward master-next to master" +read set -euxo pipefail BRANCH="${BRANCH:-master}" ORG="${ORG:-aws4embeddedlinux}" + # For Linux and MacOS compat, avoid the -t option with mktemp! WORKDIR=$(mktemp -d "${TMPDIR:-/tmp}/release.XXXXXXXXX") diff --git a/ff-merge/meta-aws-ffmerge-all b/ff-merge/meta-aws-ffmerge-all new file mode 100755 index 0000000..71dbd68 --- /dev/null +++ b/ff-merge/meta-aws-ffmerge-all @@ -0,0 +1,7 @@ +#!/bin/bash + +BRANCH_LIST="dunfell gatesgarth hardknott honister kirkstone master zeus langdale mickledore nanbield scarthgap styhead" + +for b in $BRANCH_LIST; do + BRANCH=$b ~/bin/meta-aws-ffmerge +done