commit 4ccd33039203034a7bfbabded61a013da54f700b
author Jesse Seales <jseales@google.com> Mon Nov 14 15:41:41 2022 +0000
committer CQ Bot Account <flutter-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Nov 14 15:41:41 2022 +0000
tree 63f2c9491e79d41cc050dd418bba359de771da03
parent 1067a4fae7e9f8f985c3fabd9d76422c4508b252

add BCID stages for provenance

github tracking issue: https://github.com/flutter/flutter/issues/115096

first recipe of two (next is adhoc_validation/api.py) which needs BCID stages added for provenance

Change-Id: Icf9404933dbe10f8a5f2b4f9e099a208939cfb9f
Reviewed-on: https://flutter-review.googlesource.com/c/recipes/+/36000
Reviewed-by: Casey Hillers <chillers@google.com>
Commit-Queue: Jesse Seales <jseales@google.com>

recipes/packaging/packaging.py

diff --git a/recipes/packaging/packaging.py b/recipes/packaging/packaging.py
index f60fd91..7577b24 100644
--- a/recipes/packaging/packaging.py
+++ b/recipes/packaging/packaging.py
@@ -3,11 +3,13 @@
 # found in the LICENSE file.
 
 from contextlib import contextmanager
+from RECIPE_MODULES.flutter.flutter_bcid.api import BcidStage
 import re
 
 DEPS = [
     'depot_tools/depot_tools',
     'depot_tools/git',
+    'flutter/flutter_bcid',
     'flutter/flutter_deps',
     'flutter/repo_util',
     'recipe_engine/buildbucket',
@@ -49,6 +51,7 @@
   api.step('download dependencies', [flutter_executable, 'update-packages'])
   api.file.rmtree('clean archive work directory', work_dir)
   api.file.ensure_directory('(re)create archive work directory', work_dir)
+  api.flutter_bcid.report_stage(BcidStage.COMPILE.value)
   with Install7za(api):
     with api.context(cwd=api.path['start_dir']):
       step_args = [
@@ -62,7 +65,9 @@
       api.step('prepare, create and publish a flutter archive', step_args)
       if api.properties.get('upload_with_cosign') is True:
         flutter_package_absolute_path = GetFlutterPackageAbsolutePath(api, work_dir)
+        api.flutter_bcid.report_stage(BcidStage.UPLOAD.value)
         UploadAndSignFlutterPackage(api, flutter_package_absolute_path, git_hash, branch)
+        api.flutter_bcid.report_stage(BcidStage.UPLOAD_COMPLETE.value)
 
 
 def GetFlutterPackageAbsolutePath(api, work_dir):
@@ -109,11 +114,15 @@
   api.step('configure docker registry', gcloud_docker_config_args)
   api.step('upload through cosign', cosign_upload_args)
   api.step('sign flutter artifact', cosign_sign_args)
+  api.flutter_bcid.upload_provenance(flutter_path, artifact_registry_url)
 
 
 def RunSteps(api):
+  api.flutter_bcid.report_stage(BcidStage.START.value)
   git_ref = api.properties.get('git_ref') or api.buildbucket.gitiles_commit.ref
   assert git_ref
+
+  api.flutter_bcid.report_stage(BcidStage.FETCH.value)
   checkout_path = api.path['start_dir'].join('flutter')
   git_url = api.properties.get('git_url') or 'https://flutter.googlesource.com/mirrors/flutter'
   # Call this just to obtain release_git_hash so the script knows which commit