Update packaging configs to use cosign to sign and upload signed artifact to artifact registry
Bug: b/230772081
Change-Id: I3df63ecdab95bb08ac8c5da1755e7fb7436b5dc1
Reviewed-on: https://flutter-review.googlesource.com/c/infra/+/33740
Reviewed-by: Casey Hillers <chillers@google.com>
Reviewed-by: Godofredo Contreras <godofredoc@google.com>
Commit-Queue: Drew Roen <drewroen@google.com>
diff --git a/config/generated/flutter/luci/cr-buildbucket.cfg b/config/generated/flutter/luci/cr-buildbucket.cfg
index 0a2a3a1..1a29af4 100644
--- a/config/generated/flutter/luci/cr-buildbucket.cfg
+++ b/config/generated/flutter/luci/cr-buildbucket.cfg
@@ -803,11 +803,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -53456,11 +53462,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -53498,11 +53510,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -53590,11 +53608,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -53632,11 +53656,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -87004,11 +87034,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
@@ -87045,11 +87081,17 @@
' "server": "https://chromium-swarm.appspot.com"'
' },'
' "clobber": false,'
+ ' "dependencies": ['
+ ' {'
+ ' "dependency": "cosign"'
+ ' }'
+ ' ],'
' "gold_tryjob": false,'
' "goma_jobs": "200",'
' "mastername": "client.flutter",'
' "recipe": "packaging/packaging",'
- ' "upload_packages": true'
+ ' "upload_packages": true,'
+ ' "upload_with_cosign": true'
'}'
priority: 25
execution_timeout_secs: 3600
diff --git a/config/packaging_config.star b/config/packaging_config.star
index 69fba9f..fc6ba50 100644
--- a/config/packaging_config.star
+++ b/config/packaging_config.star
@@ -151,36 +151,29 @@
# never use.
if branch in ("beta", "stable"):
# Defines framework prod builders
- if branch == "stable": # TODO(drewroen): Remove the branch check for linux flutter packaging when cosign is determined to work correctly
- common.linux_prod_builder(
- name = builder_name("Linux Flutter %s Packaging|%s", branch),
- recipe = "packaging/packaging",
- console_view_name = console_view_name,
- triggered_by = [trigger_name],
- triggering_policy = triggering_policy,
- priority = 25,
- **platform_args["linux"]
- )
- else:
- common.linux_prod_builder(
- name = builder_name("Linux Flutter %s Packaging|%s", branch),
- recipe = "packaging/packaging",
- console_view_name = console_view_name,
- triggered_by = [trigger_name],
- triggering_policy = triggering_policy,
- properties = {
- "dependencies": [{"dependency": "cosign"}],
- "upload_with_cosign": True,
- },
- priority = 25,
- **platform_args["linux"]
- )
+ common.linux_prod_builder(
+ name = builder_name("Linux Flutter %s Packaging|%s", branch),
+ recipe = "packaging/packaging",
+ console_view_name = console_view_name,
+ triggered_by = [trigger_name],
+ triggering_policy = triggering_policy,
+ properties = {
+ "dependencies": [{"dependency": "cosign"}],
+ "upload_with_cosign": True,
+ },
+ priority = 25,
+ **platform_args["linux"]
+ )
common.mac_prod_builder(
name = builder_name("Mac Flutter %s Packaging|%s", branch),
recipe = "packaging/packaging",
console_view_name = console_view_name,
triggered_by = [trigger_name],
triggering_policy = triggering_policy,
+ properties = {
+ "dependencies": [{"dependency": "cosign"}],
+ "upload_with_cosign": True,
+ },
priority = 25,
**platform_args["mac"]
)
@@ -190,6 +183,10 @@
console_view_name = console_view_name,
triggered_by = [trigger_name],
triggering_policy = triggering_policy,
+ properties = {
+ "dependencies": [{"dependency": "cosign"}],
+ "upload_with_cosign": True,
+ },
priority = 25,
**platform_args["mac_arm64"]
)
@@ -199,6 +196,10 @@
console_view_name = console_view_name,
triggered_by = [trigger_name],
triggering_policy = triggering_policy,
+ properties = {
+ "dependencies": [{"dependency": "cosign"}],
+ "upload_with_cosign": True,
+ },
priority = 25,
**platform_args["windows"]
)