Skip to content

pkg-release: upload proposed debs and provenance_<suite>.json to S3 (Ubuntu path)#177

Merged
keerthi-go merged 1 commit into
mainfrom
feat/s3-upload-debs-provenance
Jun 24, 2026
Merged

pkg-release: upload proposed debs and provenance_<suite>.json to S3 (Ubuntu path)#177
keerthi-go merged 1 commit into
mainfrom
feat/s3-upload-debs-provenance

Conversation

@keerthi-go

@keerthi-go keerthi-go commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Summary

Add a new ubuntu-s3-proposed job to the Ubuntu release workflow that uploads built .deb files and a provenance_<suite>.json to S3 before the release approval gate. This allows external consumers to fetch and validate the debs using the run_id before approving the release.

Job graph

build-and-test ──┬──→ debian-release        (approval gate)  ─┐
                 ├──→ ubuntu-release        (approval gate)  ─┼──→ persistance
                 └──→ ubuntu-s3-proposed    (no gate)        ─┘

S3 layout

s3://qli-prd-lecore-gh-artifacts/qualcomm-linux/pkg/proposed/<run_id>/
  provenance_<suite>.json    ← e.g. provenance_resolute.json
  debs/
    *.deb

Notes

  • Runs on lecore-prd-u2404-arm64-xlrg-od-ephem (self-hosted, has AWS credentials)
  • Ubuntu path only; Debian path is unaffected
  • Provenance at this stage contains: package name, version, suite, repo, run_id, and status proposed

@keerthi-go keerthi-go force-pushed the feat/s3-upload-debs-provenance branch 4 times, most recently from d39200e to c6f2438 Compare June 24, 2026 22:34
@keerthi-go
pkg-release: add S3 upload for proposed debs and provenance
77c98a6 
Add two changes to the Ubuntu release workflow:

- ubuntu-s3-proposed: runs after build-and-test (before approval gate),
  uploads debs/ to S3 so external consumers can fetch and validate
  before approving the release.

- persistance: runner changed to lecore-prd-u2404-arm64-xlrg-od-ephem
  (self-hosted, has AWS credentials). Two new steps appended at the end
  upload provenance_<suite>.json to the same S3 path after release
  completes. No separate provenance job needed.

S3 layout:
  s3://qli-prd-lecore-gh-artifacts/qualcomm-linux/pkg/proposed/<run_id>/
    provenance_<suite>.json   <- uploaded by persistance post-release
    debs/                     <- uploaded by ubuntu-s3-proposed pre-approval
      *.deb

Job graph:
  build-and-test -> debian-release  (approval gate) -+-> persistance
  build-and-test -> ubuntu-release  (approval gate) -+
  build-and-test -> ubuntu-s3-proposed (no gate)    -+

Signed-off-by: Keerthi Gowda <kbalehal@qti.qualcomm.com>
@keerthi-go keerthi-go force-pushed the feat/s3-upload-debs-provenance branch from c6f2438 to 77c98a6 Compare June 24, 2026 22:55
@keerthi-go keerthi-go merged commit 920b5e7 into main Jun 24, 2026
10 checks passed
@keerthi-go keerthi-go deleted the feat/s3-upload-debs-provenance branch June 24, 2026 23:12
simonbeaudoin0935
simonbeaudoin0935 approved these changes Jun 24, 2026
View reviewed changes

@simonbeaudoin0935 simonbeaudoin0935 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm 🤙

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonbeaudoin0935 simonbeaudoin0935 simonbeaudoin0935 approved these changes
@bjordiscollaku bjordiscollaku bjordiscollaku approved these changes
@vishwasudupa vishwasudupa Awaiting requested review from vishwasudupa vishwasudupa is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@keerthi-go @simonbeaudoin0935 @bjordiscollaku