2e70c9fdb6
Some checks failed
LNM Migration CI / build-runner (push) Has been cancelled
Ledger OpenAPI CI / deprecation-check (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Ledger Packs CI / build-pack (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Ledger OpenAPI CI / validate-oas (push) Has been cancelled
Ledger OpenAPI CI / check-wellknown (push) Has been cancelled
Ledger Packs CI / verify-pack (push) Has been cancelled
LNM Migration CI / validate-metrics (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
93 lines
3.0 KiB
Bash
93 lines
3.0 KiB
Bash
#!/usr/bin/env bash
|
|
# Package LNM migration runner for release/offline kit
|
|
# Usage: ./package-runner.sh
|
|
# Dev mode: COSIGN_ALLOW_DEV_KEY=1 COSIGN_PASSWORD=stellaops-dev ./package-runner.sh
|
|
|
|
set -euo pipefail
|
|
|
|
ROOT=$(cd "$(dirname "$0")/../../.." && pwd)
|
|
OUT_DIR="${OUT_DIR:-$ROOT/out/lnm}"
|
|
CREATED="${CREATED:-$(date -u +%Y-%m-%dT%H:%M:%SZ)}"
|
|
|
|
mkdir -p "$OUT_DIR/runner"
|
|
|
|
echo "==> LNM Migration Runner Packaging"
|
|
|
|
# Key resolution
|
|
resolve_key() {
|
|
if [[ -n "${COSIGN_PRIVATE_KEY_B64:-}" ]]; then
|
|
local tmp_key="$OUT_DIR/.cosign.key"
|
|
echo "$COSIGN_PRIVATE_KEY_B64" | base64 -d > "$tmp_key"
|
|
chmod 600 "$tmp_key"
|
|
echo "$tmp_key"
|
|
elif [[ -f "$ROOT/tools/cosign/cosign.key" ]]; then
|
|
echo "$ROOT/tools/cosign/cosign.key"
|
|
elif [[ "${COSIGN_ALLOW_DEV_KEY:-0}" == "1" && -f "$ROOT/tools/cosign/cosign.dev.key" ]]; then
|
|
echo "[info] Using development key" >&2
|
|
echo "$ROOT/tools/cosign/cosign.dev.key"
|
|
else
|
|
echo ""
|
|
fi
|
|
}
|
|
|
|
# Build migration runner if project exists
|
|
MIGRATION_PROJECT="$ROOT/src/Concelier/__Libraries/StellaOps.Concelier.Migrations/StellaOps.Concelier.Migrations.csproj"
|
|
if [[ -f "$MIGRATION_PROJECT" ]]; then
|
|
echo "==> Building migration runner..."
|
|
dotnet publish "$MIGRATION_PROJECT" -c Release -o "$OUT_DIR/runner" --no-restore 2>/dev/null || \
|
|
echo "[info] Build skipped (may need restore or project doesn't exist yet)"
|
|
else
|
|
echo "[info] Migration project not found; creating placeholder"
|
|
cat > "$OUT_DIR/runner/README.txt" <<EOF
|
|
LNM Migration Runner Placeholder
|
|
Build from: src/Concelier/__Libraries/StellaOps.Concelier.Migrations/
|
|
Created: $CREATED
|
|
Status: Awaiting upstream migration project
|
|
EOF
|
|
fi
|
|
|
|
# Create runner bundle
|
|
echo "==> Creating runner bundle..."
|
|
RUNNER_TAR="$OUT_DIR/lnm-migration-runner.tar.gz"
|
|
tar -czf "$RUNNER_TAR" -C "$OUT_DIR/runner" .
|
|
|
|
# Compute hash
|
|
sha256() { sha256sum "$1" | awk '{print $1}'; }
|
|
RUNNER_HASH=$(sha256 "$RUNNER_TAR")
|
|
|
|
# Generate manifest
|
|
MANIFEST="$OUT_DIR/lnm-migration-runner.manifest.json"
|
|
cat > "$MANIFEST" <<EOF
|
|
{
|
|
"schemaVersion": "1.0.0",
|
|
"created": "$CREATED",
|
|
"runner": {
|
|
"path": "lnm-migration-runner.tar.gz",
|
|
"sha256": "$RUNNER_HASH"
|
|
},
|
|
"migrations": {
|
|
"22-001": {"status": "infrastructure-ready", "description": "Advisory observations/linksets staging"},
|
|
"22-002": {"status": "infrastructure-ready", "description": "VEX observation/linkset backfill"},
|
|
"22-003": {"status": "infrastructure-ready", "description": "Metrics monitoring"}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Sign if key available
|
|
KEY_FILE=$(resolve_key)
|
|
if [[ -n "$KEY_FILE" ]] && command -v cosign &>/dev/null; then
|
|
echo "==> Signing bundle..."
|
|
COSIGN_PASSWORD="${COSIGN_PASSWORD:-}" cosign sign-blob \
|
|
--key "$KEY_FILE" \
|
|
--bundle "$OUT_DIR/lnm-migration-runner.dsse.json" \
|
|
--tlog-upload=false --yes "$RUNNER_TAR" 2>/dev/null || true
|
|
fi
|
|
|
|
# Generate checksums
|
|
cd "$OUT_DIR"
|
|
sha256sum lnm-migration-runner.tar.gz lnm-migration-runner.manifest.json > SHA256SUMS
|
|
|
|
echo "==> LNM runner packaging complete"
|
|
echo " Bundle: $RUNNER_TAR"
|
|
echo " Manifest: $MANIFEST"
|