Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

make robosignatory changes for branching

Browse source 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
This commit is contained in:
Samyak Jain 2023-08-07 16:13:56 +05:30 committed by humaton
parent 2586c03c3f
commit 218c89db5c
3 changed files with 202 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/bodhi2/backend/files/new-updates-sync
View file

@ -38,6 +38,9 @@ RELEASES = {'f39': {'topic': 'fedora',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']},
{'ref': 'fedora/39/%(arch)s/updates/sericea',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']},
{'ref': 'fedora/39/%(arch)s/updates/onyx',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']}],
'to': [{'arches': ['x86_64', 'aarch64', 'source'],
@ -54,6 +57,9 @@ RELEASES = {'f39': {'topic': 'fedora',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']},
{'ref': 'fedora/39/%(arch)s/testing/sericea',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']},
{'ref': 'fedora/39/%(arch)s/testing/onyx',
'dest': OSTREEDEST,
'arches': ['x86_64', 'ppc64le', 'aarch64']}],
'to': [{'arches': ['x86_64', 'aarch64', 'source'],

2
roles/koji_hub/templates/koji-gc.conf.j2
View file

@ -48,6 +48,7 @@ key_aliases =
5323552a fedora-37
18b8e74c fedora-38
eb10b464 fedora-39
a15B79cc fedora-40
DBBDCF7C fedora-iot-2019
217521F6 fedora-epel
0608B895 fedora-epel-6
@ -81,6 +82,7 @@ unprotected_keys =
fedora-37
fedora-38
fedora-39
fedora-40
fedora-iot-2019
fedora-extras
redhat-beta

224
roles/robosignatory/templates/robosignatory.toml.j2
View file

@ -137,12 +137,22 @@ handlers = ["console"]
from = "f39-infra-candidate"
to = "f39-infra-stg"
key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}"
keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-39-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f40-infra-candidate"
to = "f40-infra-stg"
key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
# Gated coreos-pool tag
[[consumer_config.koji_instances.primary.tags]]
@ -175,8 +185,50 @@ handlers = ["console"]
file_signing_key = "fedora-39-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f40-coreos-signing-pending"
to = "coreos-pool"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
# Gated rawhide
[[consumer_config.koji_instances.primary.tags]]
from = "f40-signing-pending"
to = "f40-updates-testing-pending"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
[consumer_config.koji_instances.primary.tags.sidetags]
pattern = 'f40-build-side-<seq_id>'
from = '<sidetag>-signing-pending'
to = '<sidetag>-testing-pending'
trusted_taggers = ['bodhi']
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f40-pending"
to = "f40"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
# Branched
[[consumer_config.koji_instances.primary.tags]]
from = "f39-signing-pending"
to = "f39-updates-testing-pending"
@ -207,7 +259,7 @@ handlers = ["console"]
file_signing_key = "fedora-39-ima"
{% endif %}
# Branched
# stable releases
[[consumer_config.koji_instances.primary.tags]]
from = "f38-signing-pending"
@ -253,8 +305,6 @@ handlers = ["console"]
keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}"
type = "modular"
# stable releases
[[consumer_config.koji_instances.primary.tags]]
from = "f37-signing-pending"
to = "f37-updates-testing-pending"
@ -400,7 +450,17 @@ handlers = ["console"]
file_signing_key = "fedora-39-ima"
# openh264 signing
[[consumer_config.koji_instances.primary.tags]]
from = "f40-openh264"
to = "f40-openh264"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-40-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f39-openh264"
to = "f39-openh264"
@ -438,14 +498,6 @@ handlers = ["console"]
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}"
file_signing_key = "fedora-38-ima"
# f40 resigning
[[consumer_config.koji_instances.primary.tags]]
from = "f39"
to = "f39"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
file_signing_key = "fedora-40-ima"
# f39-python signing
[[consumer_config.koji_instances.primary.tags]]
@ -476,23 +528,23 @@ handlers = ["console"]
[consumer_config.ostree_refs]
[consumer_config.ostree_refs."fedora/rawhide/x86_64/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/aarch64/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/armhfp/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/devel/x86_64/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/devel/aarch64/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/devel/armhfp/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/stable/x86_64/iot"]
directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
@ -560,15 +612,43 @@ handlers = ["console"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/updates/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/testing/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/updates/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/testing/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/updates/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/testing/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/aarch64/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/ppc64le/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/x86_64/silverblue"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/37/x86_64/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
@ -626,15 +706,43 @@ handlers = ["console"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/updates/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/testing/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/updates/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/testing/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/updates/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/testing/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/aarch64/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/ppc64le/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/x86_64/kinoite"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/38/x86_64/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
@ -664,25 +772,81 @@ handlers = ["console"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/updates/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/testing/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/updates/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/testing/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/updates/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/testing/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/aarch64/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/ppc64le/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/x86_64/sericea"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/updates/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/x86_64/testing/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/updates/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/aarch64/testing/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/updates/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/39/ppc64le/testing/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/aarch64/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/ppc64le/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.ostree_refs."fedora/rawhide/x86_64/onyx"]
directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
[consumer_config.coreos]
bucket = "fcos-builds"