Wire up promotion logic between new CI pipeline stages

.expeditor/end_to_end.pipeline.yml

@@ -193,7 +193,7 @@ steps:
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
             - HAB_BLDR_URL=https://bldr.acceptance.habitat.sh
-  
+
   - label: "[:linux: test_studio_with_ssl_cert_file_envvar_set]"
     command:
       - .expeditor/scripts/end_to_end/setup_environment.sh DEV
@@ -205,7 +205,7 @@ steps:
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
             - HAB_BLDR_URL=https://bldr.acceptance.habitat.sh
- 
+
   - label: "[:linux: :docker: test_studio_with_ssl_cert_file_envvar_set]"
     command:
       - .expeditor/scripts/end_to_end/setup_environment.sh DEV
@@ -219,7 +219,7 @@ steps:
         linux:
           single-use: true
           privileged: true
-  
+
   - label: "[:linux: test_studio_when_ssl_cert_file_is_invalid_cert]"
     command:
       - .expeditor/scripts/end_to_end/setup_environment.sh DEV
@@ -231,7 +231,7 @@ steps:
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
             - HAB_BLDR_URL=https://bldr.acceptance.habitat.sh
-  
+
   - label: "[:linux: test_studio_when_ssl_cert_file_is_nonexistant_file]"
     command:
       - .expeditor/scripts/end_to_end/setup_environment.sh DEV
@@ -243,7 +243,7 @@ steps:
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
             - HAB_BLDR_URL=https://bldr.acceptance.habitat.sh
-  
+
   - label: "[:linux: test_studio_when_ssl_cert_file_is_directory]"
     command:
       - .expeditor/scripts/end_to_end/setup_environment.sh DEV
@@ -255,4 +255,13 @@ steps:
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
             - HAB_BLDR_URL=https://bldr.acceptance.habitat.sh
-
+
+  - wait
+
+  - label: "[:hab: Promote to Acceptance]"
+    command:
+      - .expeditor/scripts/promote.sh dev acceptance
+    expeditor:
+      executor:
+        docker:
+          privileged: true

.expeditor/release_habitat.pipeline.yml

@@ -19,7 +19,6 @@ steps:
 # Release!
 #######################################################################
 
-  # TODO If you add quotes around the target currently breaks a bash case statement :/
   - label: "[:linux: build hab]"
     command:
       - .expeditor/scripts/release_habitat/build_component.sh hab
@@ -29,7 +28,7 @@ steps:
           privileged: true
           environment:
             - BUILD_PKG_TARGET=x86_64-linux
-  
+
   - label: "[:linux: :two: build hab]"
     command:
       - .expeditor/scripts/release_habitat/build_component.sh hab
@@ -66,49 +65,6 @@ steps:
       buildkite:
         timeout_in_minutes: 45
 
-
-  - wait
-
-  - label: "[:linux: upload hab binary]"
-    command:
-      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
-    expeditor:
-      executor:
-        docker:
-          privileged: true
-          environment:
-            - BUILD_PKG_TARGET=x86_64-linux
-
-  - label: "[:linux: :two: upload hab binary]"
-    command:
-      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
-    expeditor:
-      executor:
-        docker:
-          privileged: true
-          environment:
-            - BUILD_PKG_TARGET=x86_64-linux-kernel2
-
-  - label: "[:windows: upload hab binary]"
-    command:
-      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
-    expeditor:
-      executor:
-        docker:
-          privileged: true
-          environment:
-            - BUILD_PKG_TARGET=x86_64-windows
-
-  - label: "[:macos: upload hab binary]"
-    command:
-      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
-    expeditor:
-      executor:
-        docker:
-          privileged: true
-          environment:
-            - BUILD_PKG_TARGET=x86_64-darwin
-
   - wait
 
   - label: "[:linux: build hab-plan-build]"
@@ -384,11 +340,54 @@ steps:
 
   - wait
 
-  # This handles promotion of packages of all targets; *everything* in
-  # the channel goes into DEV
-  - label: "[:hab: Promote to DEV]"
+  # TODO (CM): It wouldn't take too much additional work to have
+  # `package_and_upload_binary.sh` operate on ALL targets at once.
+
+  - label: "[:linux: upload hab binary]"
+    command:
+      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
+    expeditor:
+      executor:
+        docker:
+          privileged: true
+          environment:
+            - BUILD_PKG_TARGET=x86_64-linux
+
+  - label: "[:linux: :two: upload hab binary]"
+    command:
+      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
+    expeditor:
+      executor:
+        docker:
+          privileged: true
+          environment:
+            - BUILD_PKG_TARGET=x86_64-linux-kernel2
+
+  - label: "[:windows: upload hab binary]"
+    command:
+      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
+    expeditor:
+      executor:
+        docker:
+          privileged: true
+          environment:
+            - BUILD_PKG_TARGET=x86_64-windows
+
+  - label: "[:macos: upload hab binary]"
+    command:
+      - .expeditor/scripts/release_habitat/package_and_upload_binary.sh
+    expeditor:
+      executor:
+        docker:
+          privileged: true
+          environment:
+            - BUILD_PKG_TARGET=x86_64-darwin
+
+  - wait
+
+  - label: "[:hab: Generate Manifest and promote to dev channel]"
     command:
-      - .expeditor/scripts/release_habitat/promote_packages.sh habitat-release-$BUILDKITE_BUILD_ID DEV
+      - .expeditor/scripts/release_habitat/promote_artifacts_to_dev.sh habitat-release-$BUILDKITE_BUILD_ID
     expeditor:
       executor:
         docker:

.expeditor/scripts/promote.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Retrieves the current package manifest for a particular environment
+# and promotes the packages into a designated Builder channel. Also
+# promotes all artifacts in S3 to the designated destination
+# environment.
+#
+# We promote to Builder *before* promoting in S3 because it's
+# safer. If the final S3 promotion were to fail, we'd still have good
+# and self-consistent packages in Builder for all to use. If we did S3
+# first, but the following Builder promotion failed for some reason,
+# people getting packages from our "curlbash" installer would get a
+# new `hab`, but wouldn't be able to get the rest of the packages
+# (easily, anyway), because they wouldn't have yet made it to the
+# stable channel.
+
+set -euo pipefail
+
+# `source_environment` is the Expeditor environment from which to pull
+# a manifest.json file from in order to drive the promotions.
+#
+# e.g., "dev", "acceptance", etc.
+source_environment=${1:?You must provide an Expeditor environment}
+
+# `destination_channel` should be the channel we are promoting Habitat
+# packages into.
+#
+# e.g. `acceptance`, `current`, etc
+destination_channel=${2:?You must specify a destination channel value}
+
+export HAB_AUTH_TOKEN="${ACCEPTANCE_HAB_AUTH_TOKEN}"
+export HAB_BLDR_URL="${ACCEPTANCE_HAB_BLDR_URL}"
+
+########################################################################
+
+source .expeditor/scripts/shared.sh
+
+# This allows people to e.g. trigger end-to-end pipeline runs manually
+# when iterating on tests, but without having to fear that they'll
+# inadvertently promote a set of artifacts accidentally.
+#
+# Only Chef Expeditor should be triggering "real" runs of pipelines
+# that use this script.
+valid_build_creator="Chef Expeditor"
+
+if [[ "${BUILDKITE_BUILD_CREATOR}" == "${valid_build_creator}" ]]; then
+    # We're in a real pipeline run; let's promote!
+
+    # Take advantage of the fact that we're just promoting and we can run
+    # 100% on linux
+    declare -g hab_binary
+    curlbash_hab "x86_64-linux"
+
+    # Needed for validation of the downloaded manifest
+    import_gpg_keys
+
+    echo "--- Retrieving manifest.json for ${source_environment} environment"
+    get_manifest_for_environment "${source_environment}"
+
+    # Extract the targets from the manifest
+    echo "--- Promoting Habitat packages into the ${destination_channel} channel on ${HAB_BLDR_URL}"
+    promote_packages_to_builder_channel manifest.json "${destination_channel}"
+
+    version="$(jq -r '.version' < manifest.json)"
+    echo "--- Promoting binary packages and manifest to the ${destination_channel} channel in S3"
+    promote_version_in_s3 "${version}" "${destination_channel}"
+
+else
+    echo "--- NOT PROMOTING: Build triggered by ${BUILDKITE_BUILD_CREATOR} and *not* ${valid_build_creator}"
+fi

.expeditor/scripts/release_habitat/build_component.ps1

@@ -7,7 +7,7 @@ param (
     [string]$Component
 )
 
-$ErrorActionPreference="stop" 
+$ErrorActionPreference="stop"
 
 # Import shared functions
 . $PSScriptRoot\shared.ps1
@@ -16,8 +16,6 @@ if($Component.Equals("")) {
     Write-Error "--- :error: Component to build not specified, please use the -Component flag"
 }
 
-Install-BuildkiteAgent
-
 $Env:HAB_BLDR_URL=$Env:ACCEPTANCE_HAB_BLDR_URL
 $Env:HAB_PACKAGE_TARGET=$Env:BUILD_PKG_TARGET
 
@@ -27,7 +25,6 @@ choco install jq -y | Out-Null
 # For viewability
 $Channel = "habitat-release-$Env:BUILDKITE_BUILD_ID"
 Write-Host "--- Channel: $Channel - bldr url: $Env:HAB_BLDR_URL"
-$Env:HAB_BLDR_CHANNEL="$Channel"
 
 $baseHabExe=Install-LatestHabitat
 
@@ -44,14 +41,18 @@ $Env:HAB_STUDIO_SECRET_DO_FAKE_RELEASE=$Env:DO_FAKE_RELEASE
 
 # Run a build!
 Write-Host "--- Running hab pkg build for $Component"
+
+# Note: HAB_BLDR_CHANNEL *must* be set for the following `hab pkg
+# build` command! There isn't currently a CLI option to set that, and
+# we must ensure that we're pulling dependencies from our build
+# channel when applicable.
+$Env:HAB_BLDR_CHANNEL="$Channel"
 Invoke-Expression "$baseHabExe pkg build components\$Component --keys core"
 . results\last_build.ps1
 
-Write-Host "--- Running hab pkg upload for $Component to channel $Env:HAB_BLDR_CHANNEL"
-Invoke-Expression "$baseHabExe pkg upload results\$pkg_artifact --channel=$Env:HAB_BLDR_CHANNEL"
-Write-Host "--- Running hab pkg promote for $pkg_ident to channel $Env:HAB_BLDR_CHANNEL"
-Invoke-Expression "$baseHabExe pkg promote $pkg_ident $Env:HAB_BLDR_CHANNEL $Env:BUILD_PKG_TARGET"
-Invoke-Expression "buildkite-agent meta-data set $pkg_ident-x86_64-windows true"
+Write-Host "--- Running hab pkg upload for $Component to channel $Channel"
+Invoke-Expression "$baseHabExe pkg upload results\$pkg_artifact --channel=$Channel"
+Set-TargetMetadata $pkg_ident
 
 Invoke-Expression "buildkite-agent annotate --append --context 'release-manifest' '<br>* ${pkg_ident} (x86_64-windows)'"
 

.expeditor/scripts/release_habitat/build_component.sh

@@ -41,8 +41,6 @@ ${hab_binary} pkg upload \
               --auth="${HAB_AUTH_TOKEN}" \
               "results/${pkg_artifact:?}"
 
-${hab_binary} pkg promote \
-              --auth="${HAB_AUTH_TOKEN}" \
-              "${pkg_ident:?}" "${channel}" "${BUILD_PKG_TARGET}"
-
 echo "<br>* ${pkg_ident:?} (${BUILD_PKG_TARGET:?})" | buildkite-agent annotate --append --context "release-manifest"
+
+set_target_metadata "${pkg_ident}" "${pkg_target}"

.expeditor/scripts/release_habitat/build_mac_hab_binary.sh

@@ -34,9 +34,6 @@ declare -g hab_binary
 curlbash_hab "$BUILD_PKG_TARGET"
 import_keys
 
-# Set SSL cert location
-export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem
-
 # We invoke hab-plan-build.sh directly via sudo, so we don't get the key management that studio provides.
 # Copy keys from the user account Habitat cache to the system Habitat cache so that they are present for root.
 sudo mkdir -p /hab/cache/keys
@@ -65,12 +62,6 @@ ${hab_binary} pkg upload \
               --auth="${HAB_AUTH_TOKEN}" \
               "results/${pkg_artifact:?}"
 
-${hab_binary} pkg promote \
-              --auth="${HAB_AUTH_TOKEN}" \
-              "${pkg_ident}" "${channel}" "${BUILD_PKG_TARGET}"
-
-echo "--- :buildkite: Storing artifact ${pkg_ident}"
-buildkite-agent artifact upload "results/${pkg_artifact}"
-buildkite-agent meta-data set MACOS_ARTIFACT "results/${pkg_artifact}"
-
 echo "<br>* ${pkg_ident} (${BUILD_PKG_TARGET})" | buildkite-agent annotate --append --context "release-manifest"
+
+set_target_metadata "${pkg_ident}" "${pkg_target}"