Ritesh Raj Sarraf authored 1 year ago and Walter Lozano committed 2 months ago

mkdir does not like the inclusion of ssh hostname in directory name
structure, resulting in below error. To overcome it, do not pass host
names in directory path.

fail
```
rrs@priyasi:~/.../builds-orchestrator (wip/ritesh/drop-mkdir.apertis/v2025dev2)$ ssh -i /var/tmp/archive-aurora.key -p 7711 archive@images.apertis.org mkdir -p archive@images.apertis.org:/srv/images/public/daily/tmp
mkdir: cannot create directory ‘archive@images.apertis.org:’: Permission denied
```

pass

```
rrs@priyasi:~/.../builds-orchestrator (wip/ritesh/drop-mkdir.apertis/v2025dev2)$ ssh -i /var/tmp/archive-aurora.key -p 7711 archive@images.apertis.org mkdir -p /srv/images/public/daily/tmp
20:31  ॐ ♅ ♄ ⛢      


```

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Ritesh Raj Sarraf authored 1 year ago and Walter Lozano committed 2 months ago

The SSH server on the Aurora system, operating on port 22, is consistently under probing attempts by attackers.
Enhancing security on the server can be achieved by transitioning to port 7711.
The pipeline is now configured to use the new SSH port of the Aurora server.

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Ritesh Raj Sarraf authored 1 year ago and Walter Lozano committed 2 months ago

Failures of target images and/or tiny images shall constitute to
incomplete build results. So, mark such pipelines are failed

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Ritesh Raj Sarraf authored 1 year ago and Walter Lozano committed 2 months ago

This metadata will help us ascertain the trigger origin for a build.
Like, whether the build was initiated from builds-orchestrator or not,
which is useful to decide which builds should be retained in our
weekly/monthly schedule and which one can be cleaned up.

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

The SSH server on the Aurora system, operating on port 22, is consistently under probing attempts by attackers.
Enhancing security on the server can be achieved by transitioning to port 7711.
The pipeline is now configured to use the new SSH port of the Aurora server.

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Ryan Gonzalez authored 1 year ago and Walter Lozano committed 1 year ago

When editing to remove the testing code, I seem to have accidentally
failed to put `$UPLOAD_HOST` in the destination path, so scp was just
trying to do a local copy.

https://phabricator.apertis.org/T10148



Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>

Ryan Gonzalez authored 1 year ago and Walter Lozano committed 1 year ago

https://phabricator.apertis.org/T10148



Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Signed-off-by: Ritesh Raj Sarraf <rrs@debian.org>

Include Apertis toolchain in the list of builds. In this way we build daily
images and toolchains as it would be expected using the same identifier to
correlate them.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <rrs@debian.org>

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <rrs@debian.org>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Now that v2022 has moved to Bullseye running on the ancient 3.14 kernel
used by the internal image is much more challenging.

The modern Bullseye userspace may fail due to missing syscalls, lack of
features or bugs in seven-years-old kernels.

The internal images are now no longer representative of the usage of
Apertis in that contenxt and alternative strategies that do not involve
the custom images would be much more effective in actually producing
value, so let's drop them from v2022.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

After the GitLab "Unauthenticated CI lint API may lead to information
disclosure and SSRF" fix shipped with version 13.8.4 the `ci/lint`
endpoints requires authentication but:

1. `$CI_JOB_TOKEN` is not enough
2. `$TEST_GITLAB_AUTH_TOKEN` is not enough either, some extra
   permissions are required

Given that the YAML will get executed in the same pipeline, let's
just drop the lint CI job rather than granting more permissions
than necessary.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

When releasing having different build ids for images/internal images/lxc
and so on make me waste time collecting stuff from different places, as
they often annoyingly differ by a minute or so.

It is also problematic on the LAVA reports app for the same reason.

To address that, this repository contains an orchestrator pipeline
that computes a build id and then triggers a few child pipelines that
use it.

The idea is to set a centralized schedule on this pipeline to replace
the schedules set on each project.

In the future this pipeline may be also a good place to stick a manual
job to turn a build into a release or release candidate, automating a
step which now involves manually ssh'ing to aura and calling a script.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>