[isar-cip-core,2/3] scripts/deploy-cip-core.sh: Upload dpkg-status files to aws s3 bucket

Commit Message

Sai.Sathujoda@toshiba-tsip.com Dec. 21, 2023, 12:04 p.m. UTC

From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>

For all the deployed targets in CI, the dpkg-status file shall be uploaded
to a respective directory [1] in aws s3 bucket.

[1] s3://download.cip-project.org/cip-core/cve-checks/dpkg-status

Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
---
 scripts/deploy-cip-core.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Patch

diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index 5855acb..d018341 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -53,3 +53,15 @@  else
 		aws s3 cp --no-progress --acl public-read build/tmp/deploy/images/*/"$DTB" "${S3_TARGET}"
 	fi
 fi
+
+# Deploy the dpkg status file (/var/lib/dpkg/status) to AWS for the CIP CVE checker (debian-cve-checker)
+# to periodically extract and report pending CVEs.
+# * CI builds will override the previous dpkg status files
+# * AWS S3 bucket structure
+#   * download.cip-project.org/cip-core/cve-checks/
+#     * dpkg-status: folder to store the dpkg status files generated by the CI and released images
+#     * cve-reports: folder to store the cve-reports generated from the dpkg status files
+#       * they can be linked from the release website
+DPKG_STATUS="cip-core-image-*.dpkg_status"
+DPKG_STATUS_FILENAME=${CI_JOB_NAME#build:}.dpkg_status
+aws s3 cp --no-progress build/tmp/deploy/images/$TARGET/$DPKG_STATUS s3://download.cip-project.org/cip-core/cve-checks/dpkg-status/$DPKG_STATUS_FILENAME