From 8fa8129e80fefa71784566acc848b3ffcbcdea4c Mon Sep 17 00:00:00 2001 From: Samyak Jain Date: Tue, 13 Feb 2024 03:00:21 +0530 Subject: [PATCH] make robosignatory changes for branching Signed-off-by: Samyak Jain --- .../templates/robosignatory.toml.j2 | 222 +++++++++++++++--- 1 file changed, 193 insertions(+), 29 deletions(-) diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2 index d91a173eb0..6f533ef197 100644 --- a/roles/robosignatory/templates/robosignatory.toml.j2 +++ b/roles/robosignatory/templates/robosignatory.toml.j2 @@ -143,6 +143,16 @@ handlers = ["console"] file_signing_key = "fedora-40-ima" {% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f41-infra-candidate" + to = "f41-infra-stg" + key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + # Gated coreos-pool tag [[consumer_config.koji_instances.primary.tags]] @@ -175,8 +185,50 @@ handlers = ["console"] file_signing_key = "fedora-40-ima" {% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f41-coreos-signing-pending" + to = "coreos-pool" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('e99d6ad1', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + # Gated rawhide + [[consumer_config.koji_instances.primary.tags]] + from = "f41-signing-pending" + to = "f41-updates-testing-pending" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('e99d6ad1', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + + [consumer_config.koji_instances.primary.tags.sidetags] + pattern = 'f41-build-side-' + from = '-signing-pending' + to = '-testing-pending' + trusted_taggers = ['bodhi'] + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + + [[consumer_config.koji_instances.primary.tags]] + from = "f41-pending" + to = "f41" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('e99d6ad1', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + + # Branched + [[consumer_config.koji_instances.primary.tags]] from = "f40-signing-pending" to = "f40-updates-testing-pending" @@ -207,7 +259,7 @@ handlers = ["console"] file_signing_key = "fedora-40-ima" {% endif %} - # Branched + # stable releases [[consumer_config.koji_instances.primary.tags]] from = "f39-signing-pending" @@ -239,8 +291,6 @@ handlers = ["console"] file_signing_key = "fedora-39-ima" {% endif %} - # stable releases - [[consumer_config.koji_instances.primary.tags]] from = "f38-signing-pending" to = "f38-updates-testing-pending" @@ -379,6 +429,16 @@ handlers = ["console"] # openh264 signing + [[consumer_config.koji_instances.primary.tags]] + from = "f41-openh264" + to = "f41-openh264" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('e99d6ad1', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-41-ima" + {% endif %} + [[consumer_config.koji_instances.primary.tags]] from = "f40-openh264" to = "f40-openh264" @@ -433,14 +493,6 @@ handlers = ["console"] keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" file_signing_key = "fedora-39-ima" - # resigning f40 builds with f41 key before branching. Remove after branching. - [[consumer_config.koji_instances.primary.tags]] - from = "f40" - to = "f40" - key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('e99d6ad1', 'd300e724') }}" - file_signing_key = "fedora-41-ima" - # F40 Mass Rebuild [[consumer_config.koji_instances.primary.tags]] from = "f40-rebuild" @@ -455,24 +507,24 @@ handlers = ["console"] [consumer_config.ostree_refs] [consumer_config.ostree_refs."fedora/rawhide/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/aarch64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/devel/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/devel/aarch64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/stable/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/stable/aarch64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/37/x86_64/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -558,15 +610,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/37/x86_64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -652,15 +732,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/38/x86_64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -718,15 +826,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/39/x86_64/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -756,15 +892,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/x86_64/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/aarch64/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/40/ppc64le/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" [consumer_config.coreos] bucket = "fcos-builds"