diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index 1ad78ee..0000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "yaml.customTags": [
- "!Base64 scalar",
- "!Cidr scalar",
- "!And sequence",
- "!Equals sequence",
- "!If sequence",
- "!Not sequence",
- "!Or sequence",
- "!Condition scalar",
- "!FindInMap sequence",
- "!GetAtt scalar",
- "!GetAtt sequence",
- "!GetAZs scalar",
- "!ImportValue scalar",
- "!Join sequence",
- "!Select sequence",
- "!Split sequence",
- "!Sub scalar",
- "!Transform mapping",
- "!Ref scalar"
- ]
-}
diff --git a/README.md b/README.md
index dd4b1e6..6189528 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,5 @@
## meta-aws-ci: continuous integration for the meta-aws project
-Subtopics:
-
-* Core CI
-* Reference implementation
-
## Goals
This project has three goals:
@@ -20,17 +15,9 @@ This project has three goals:
## How this repository is organized
```text
- core/ <= mechanisms for meta-aws CI
- cfn/ <= CI/CD pipeline - CFN - Standard (all recipe targets and QA checks)
- conf/ <= bitbake local.conf configuration snippets
- containers/ <= container definitions for distribution build environments
- ref/ <= reference implementation
- cfn/ <= Infrastructure using AWS CodeCommit
- conf/ <= bitbake local configuration
- layer/ <= Reference app layer, distribution definition
- ci/ <= AWS CodeBuild buildspec file per target, repo config
- verify/ <= mechanisms for meta-aws and meta-aws-demos pull requests
- workshop/ <= workshop source for working on Yocto on AWS
+ auto-upgrader/ <= tool that is used in meta-aws to generate pull requests if an recipe upgrade is available
+ docs/ <= writeups of different topics
+ release-tests/ <= script to build and ptests all Yocto meta-aws releases
```
## Repo Linting
diff --git a/auto-upgrader/README.md b/auto-upgrader/README.md
index 418be09..9faaa85 100644
--- a/auto-upgrader/README.md
+++ b/auto-upgrader/README.md
@@ -1,3 +1,5 @@
# Recipe Upgrade Helper
A tool for automating recipe upgrades for meta-aws.
+
+#TODO: there should be an info how to just checkout this folder as this is used in CI it should be just this folder.
diff --git a/core/README.md b/core/README.md
deleted file mode 100644
index 6b6de57..0000000
--- a/core/README.md
+++ /dev/null
@@ -1,140 +0,0 @@
-**under construction**
-
-The **core** part of this repository contains the standard set of AWS
-CloudFormation and other data for **meta-aws** Continuous Integration
-and Continuous Delivery practices. Customers can reuse these
-artifacts to build Linux distributions with Yocto Project.
-
-## How this is organized
-
- - **buildspec**: AWS CodeBuild files that are not meta-aws or
- meta-aws-demos specific. For example, the buildspec file for
- building containers used in AWS CodeBuild.
- - **cfn**: AWS CloudFormation files that hydrate AWS cloud objects
- in your AWS account to perform Yocto Project builds and
- housekeeping activities.
- - **containers**: Container definitions for specific build
- activities. For example, there is a container definitions for
- specific distributions like **Poky** (Yocto Project) and
- **Arago** (Texas Instruments).
-
-## Working environment
-
-For simplicity, we assume you are operating in an AWS CloudShell
-context. They will run on a Linux or Mac OS machine with AWS Command
-Line Interface installed. Run on a Windows machine at your own risk.
-
-1. Login to the AWS Console. Open the AWS CloudShell service and wait
- for the environment to run.
-2. In AWS CloudShell, run the following command to clone this repository.
-
- ```bash
- git clone https://github.com/aws4embeddedlinux/meta-aws-ci
- cd ~/meta-aws-ci/core/scripts/
- export ACCOUNT_ID=123456789123
- export PREFIX=mod2-$ACCOUNT_ID
- ```
-3. When building containers, you will need a secret setup in AWS Secret
-Manager. Run this script and enter your Dockerhub username
-and password. It will create a Secrets Manager entry and return an
-ARN that you will use when doing setup for the container projects.
-
- ```bash
- ./setup_dockerhub_secret.sh $PREFIX
- ```
-
-4. Once this process is complete, store the secret ARN in an environment variable for later use.
-
- ```bash
- export SECRET_ARN=arn:aws:secretsmanager:eu-west-1:123456789123:secret:dockerhub_EXAMPLE
- ```
-
-## Baseline components
-
-Baseline components are required for all other automation areas.
-
-1. In AWS CloudShell, run the script to create the network layer. The
- network layer is a Virtual Private Cloud (VPN) for AWS CodeBuild.
-
- ```bash
- ./setup_ci_network.sh $PREFIX
- ```
-
-## Container components
-
-1. Install the container build layer to your target. The script
- naming convention is
- `setup_ci_container_[.].sh`.
-
- In the Poky case, you install the container build using the script
- with the name `poky` in it.
-
- ```bash
- ./setup_ci_container_poky.sh $PREFIX $SECRET_ARN
- ```
-
- In the TI (Arago) case, you will need to be more specific.
-
- ```bash
- ./setup_ci_container_ti.dunfell.sh $PREFIX $SECRET_ARN
- ```
-
- If you have forked the meta-aws-ci repository and need to use the
- repo from your own context, set the `GITHUB_REPO` variable. For
- example:
-
-
- ```bash
- GITHUB_ORG=rpcme ./setup_ci_container_ti.dunfell.sh $PREFIX $SECRET_ARN
- ```
-2. Once this process is complete, invoke the build process. The process takes about 15 minutes to complete. You can monitor it using the CLI or by logging into the AWS CodeBuild console. Make sure you select the right region.
-
- ```bash
- aws codebuild start-build --project-name $PREFIX-el-ci-container-poky
- ```
-
-3. Finally, find out the image URI and store it in an environment variable for later use.
-
- ```bash
- aws ecr describe-repositories --query repositories[].repositoryUri --output text
- export CONTAINER_URI=123456789123.dkr.ecr.eu-west-1.amazonaws.com/yoctoproject/EXAMPLE/buildmachine-poky
- ```
-
-## Embedded Linux build components
-
-1. In AWS CloudShell, run the script to create the Linux build layer. This script installs an AWS CodeBuild project to construct the core-image-minimal image for the QEMU x86-64 MACHINE target that includes the AWS IoT Device Client. The AWS CodeBuild project file for this project is in the
- [meta-aws-demos](https://github.com/aws-samples/meta-aws-demos) It also creates a new S3 bucket to store images it creates.
-
- ```bash
- export VENDOR=rpi_foundation
- export BOARD=rpi4-64
- export DEMO=aws-iot-greengrass-v2
- export YOCTO_RELEASE=dunfell
- export COMPUTE_TYPE=BUILD_GENERAL1_LARGE
- ./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE
- ```
-
- If you are setting up this for a repo not in aws-samples, then you
- can override the organization where your meta-aws-demos repo is running.
-
- ```bash
- GITHUB_ORG=rpcme ./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE
- ```
-
-2. Once the process complete, find out the name of the newly created S3 bucket and store in an environment variable for later use
-
- ```bash
- aws s3 ls | grep $PREFIX-el-build- | awk '{print $3}'
- export S3_BUCKET=EXAMPLE-el-build-rpi4-64-aws-iot-gre-buildbucket-EXAMPLE
- ```
-
-3. Invoke the build process. You can monitor it using the CLI or by logging into the AWS CodeBuild console. Make sure you select the right region.
-
- ```bash
- aws codebuild start-build --project-name $PREFIX-el-build-$BOARD-$DEMO-$YOCTO_RELEASE
- ```
-
-4. Once the build process is complete you can review the contents of the S3 bucket
- ```bash
- aws s3 ls $S3_BUCKET --recursive
- ```
diff --git a/core/buildspec/ci_image.yml b/core/buildspec/ci_image.yml
deleted file mode 100644
index 54aa565..0000000
--- a/core/buildspec/ci_image.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-version: 0.2
-phases:
- pre_build:
- commands:
- - echo Logging in to Amazon ECR...
- - aws ecr get-login-password --region $AWS_DEFAULT_REGION |
- docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- - docker login --username $dockerhub_username --password $dockerhub_password
- build:
- commands:
- - echo Build started on `date`
- - echo Building the Docker image...
- - cd core/containers/ci_image
- - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
- post_build:
- commands:
- - echo Build completed on `date`
- - echo Pushing the Docker image...
- - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
diff --git a/core/buildspec/ci_image_ti.dunfell.yml b/core/buildspec/ci_image_ti.dunfell.yml
deleted file mode 100644
index 67514ea..0000000
--- a/core/buildspec/ci_image_ti.dunfell.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-version: 0.2
-phases:
- pre_build:
- commands:
- - echo Logging in to Amazon ECR...
- - aws ecr get-login-password --region $AWS_DEFAULT_REGION |
- docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- - docker login --username $dockerhub_username --password $dockerhub_password
- build:
- commands:
- - echo Build started on `date`
- - echo Building the Docker image...
- - cd core/containers/ci_image_ti.dunfell
- - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
- post_build:
- commands:
- - echo Build completed on `date`
- - echo Pushing the Docker image...
- - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
diff --git a/core/cfn/ci_checklayer.yml b/core/cfn/ci_checklayer.yml
deleted file mode 100644
index 8cf933c..0000000
--- a/core/cfn/ci_checklayer.yml
+++ /dev/null
@@ -1,187 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- performs the layercheck.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
- ContainerRegistryUri:
- Description: >-
- The URI where the build machine image lives in REPOSITORY:TAG format.
- Type: String
- YoctoProjectRelease:
- Description: >-
- The Yocto release, i.e. zeus, dunfell, etc.
- Type: String
- GitHubOrg:
- Description: >-
- The GitHub organization or user to set the codebuild project for.
- Type: String
- Default: "aws"
-
-Resources:
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Type: NO_ARTIFACTS
- BadgeEnabled: true
- Description: Layercheck- check layer validity
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_LARGE
- Image: !Ref ContainerRegistryUri
- PrivilegedMode: true
- ImagePullCredentialsType: CODEBUILD
- EnvironmentVariables:
- - Name: YP_RELEASE
- Type: PLAINTEXT
- Value: !Ref YoctoProjectRelease
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Triggers:
- Webhook: true
- FilterGroups:
- - - Type: EVENT
- Pattern: PULL_REQUEST_UPDATED, PULL_REQUEST_CREATED, PULL_REQUEST_REOPENED
- - Type: BASE_REF
- Pattern: !Join
- - ''
- - - '^refs/heads/'
- - !Ref YoctoProjectRelease
- ExcludeMatchedPattern: false
- Source:
- BuildSpec: qa/buildspec.checklayer.yml
- Location: !Join
- - ''
- - - 'https://github.com/'
- - !Ref GitHubOrg
- - '/meta-aws'
- Type: GITHUB
- SourceIdentifier: meta_aws_layercheck
- SourceVersion: !Join
- - ''
- - - refs/heads/
- - !Ref YoctoProjectRelease
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - ':*'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:GetDownloadUrlForLayer'
- - 'ecr:BatchGetImage'
- - 'ecr:BatchCheckLayerAvailability'
- Effect: Allow
- Resource: '*'
diff --git a/core/cfn/ci_container_poky.yml b/core/cfn/ci_container_poky.yml
deleted file mode 100644
index e8b0875..0000000
--- a/core/cfn/ci_container_poky.yml
+++ /dev/null
@@ -1,245 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
-
- DockerhubSecretArn:
- Description: >-
- The secret you manually created to access DockerHub
- Type: String
-
- Prefix:
- Description: >-
- A unique prefix for objects that might clash on multiple instances
- Type: String
- GitHubOrg:
- Description: >-
- The GitHub organization or user to set the codebuild project for.
- Type: String
- Default: "aws"
-
-Resources:
-
- CodeBuildImageRepository:
- Type: AWS::ECR::Repository
- Properties:
- RepositoryName: !Sub 'yoctoproject/${Prefix}/buildmachine-poky'
- RepositoryPolicyText: >-
- {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Sid": "CodeBuildAccess",
- "Effect": "Allow",
- "Principal": {
- "Service": "codebuild.amazonaws.com"
- },
- "Action": [
- "ecr:BatchCheckLayerAvailability",
- "ecr:BatchGetImage",
- "ecr:GetDownloadUrlForLayer"
- ]
- }
- ]
- }
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Type: NO_ARTIFACTS
- BadgeEnabled: true
- Description: >-
- The build process for creating an image and propagating to
- ECR for automated build processes.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_SMALL
- Image: aws/codebuild/standard:4.0
- PrivilegedMode: true
- EnvironmentVariables:
- - Name: IMAGE_REPO_NAME
- Value: !Sub 'yoctoproject/${Prefix}/buildmachine-poky'
- Type: PLAINTEXT
- - Name: AWS_DEFAULT_REGION
- Value: !Ref 'AWS::Region'
- Type: PLAINTEXT
- - Name: AWS_ACCOUNT_ID
- Value: !Ref 'AWS::AccountId'
- Type: PLAINTEXT
- - Name: IMAGE_TAG
- Value: latest
- Type: PLAINTEXT
- - Name: dockerhub_username
- Value: !Sub "dockerhub_${Prefix}:username"
- Type: SECRETS_MANAGER
- - Name: dockerhub_password
- Value: !Sub "dockerhub_${Prefix}:password"
- Type: SECRETS_MANAGER
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: core/buildspec/ci_image.yml
- Location: !Join
- - ''
- - - "https://github.com/"
- - !Ref GitHubOrg
- - "/meta-aws-ci"
- Type: GITHUB
- SourceIdentifier: meta_aws_ci
- SourceVersion: master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:BatchCheckLayerAvailability'
- - 'ecr:CompleteLayerUpload'
- - 'ecr:GetAuthorizationToken'
- - 'ecr:InitiateLayerUpload'
- - 'ecr:PutImage'
- - 'ecr:UploadLayerPart'
- Effect: Allow
- Resource: '*'
- - PolicyName: SecretManagerAccessDH
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Ref DockerhubSecretArn
- - PolicyName: SecretManagerAccessCodebuild
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:secretsmanager:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':secret:/CodeBuild/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
diff --git a/core/cfn/ci_container_ti.dunfell.yml b/core/cfn/ci_container_ti.dunfell.yml
deleted file mode 100644
index fa7c013..0000000
--- a/core/cfn/ci_container_ti.dunfell.yml
+++ /dev/null
@@ -1,245 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
-
- DockerhubSecretArn:
- Description: >-
- The secret you manually created to access DockerHub
- Type: String
-
- Prefix:
- Description: >-
- A unique prefix for objects that might clash on multiple instances
- Type: String
- GitHubOrg:
- Description: >-
- The GitHub organization or user to set the codebuild project for.
- Type: String
- Default: "aws"
-
-Resources:
-
- CodeBuildImageRepository:
- Type: AWS::ECR::Repository
- Properties:
- RepositoryName: !Sub 'yoctoproject/${Prefix}/buildmachine-ti-dunfell'
- RepositoryPolicyText: >-
- {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Sid": "CodeBuildAccess",
- "Effect": "Allow",
- "Principal": {
- "Service": "codebuild.amazonaws.com"
- },
- "Action": [
- "ecr:BatchCheckLayerAvailability",
- "ecr:BatchGetImage",
- "ecr:GetDownloadUrlForLayer"
- ]
- }
- ]
- }
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Type: NO_ARTIFACTS
- BadgeEnabled: true
- Description: >-
- The build process for creating an image and propagating to
- ECR for automated build processes.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_SMALL
- Image: aws/codebuild/standard:4.0
- PrivilegedMode: true
- EnvironmentVariables:
- - Name: IMAGE_REPO_NAME
- Value: !Sub 'yoctoproject/${Prefix}/buildmachine-ti-dunfell'
- Type: PLAINTEXT
- - Name: AWS_DEFAULT_REGION
- Value: !Ref 'AWS::Region'
- Type: PLAINTEXT
- - Name: AWS_ACCOUNT_ID
- Value: !Ref 'AWS::AccountId'
- Type: PLAINTEXT
- - Name: IMAGE_TAG
- Value: latest
- Type: PLAINTEXT
- - Name: dockerhub_username
- Value: !Sub "dockerhub_${Prefix}:username"
- Type: SECRETS_MANAGER
- - Name: dockerhub_password
- Value: !Sub "dockerhub_${Prefix}:password"
- Type: SECRETS_MANAGER
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: core/buildspec/ci_image_ti.dunfell.yml
- Location: !Join
- - ''
- - - "https://github.com/"
- - !Ref GitHubOrg
- - "/meta-aws-ci"
- Type: GITHUB
- SourceIdentifier: meta_aws_ci
- SourceVersion: master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:BatchCheckLayerAvailability'
- - 'ecr:CompleteLayerUpload'
- - 'ecr:GetAuthorizationToken'
- - 'ecr:InitiateLayerUpload'
- - 'ecr:PutImage'
- - 'ecr:UploadLayerPart'
- Effect: Allow
- Resource: '*'
- - PolicyName: SecretManagerAccessDH
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Ref DockerhubSecretArn
- - PolicyName: SecretManagerAccessCodebuild
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:secretsmanager:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':secret:/CodeBuild/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
diff --git a/core/cfn/ci_network.yml b/core/cfn/ci_network.yml
deleted file mode 100644
index 820d229..0000000
--- a/core/cfn/ci_network.yml
+++ /dev/null
@@ -1,260 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild ready VPC with
- the CodeBuild project and ECS store for building storing the
- resulting image. This is taken verbatim from the CodeBuild
- documentation.
-
-Parameters:
- VpcCIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for this VPC
- Type: String
- Default: 10.192.0.0/16
-
- PublicSubnet1CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- public subnet in the first Availability Zone
- Type: String
- Default: 10.192.10.0/24
-
- PublicSubnet2CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- public subnet in the second Availability Zone
- Type: String
- Default: 10.192.11.0/24
-
- PrivateSubnet1CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- private subnet in the first Availability Zone
- Type: String
- Default: 10.192.20.0/24
-
- PrivateSubnet2CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- private subnet in the second Availability Zone
- Type: String
- Default: 10.192.21.0/24
-
-Resources:
- VPC:
- Type: AWS::EC2::VPC
- Properties:
- CidrBlock: !Ref VpcCIDR
- EnableDnsSupport: true
- EnableDnsHostnames: true
- Tags:
- - Key: Name
- Value: !Ref AWS::StackName
-
- InternetGateway:
- Type: AWS::EC2::InternetGateway
- Properties:
- Tags:
- - Key: Name
- Value: !Ref AWS::StackName
-
- InternetGatewayAttachment:
- Type: AWS::EC2::VPCGatewayAttachment
- Properties:
- InternetGatewayId: !Ref InternetGateway
- VpcId: !Ref VPC
-
- PublicSubnet1:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 0, !GetAZs '' ]
- CidrBlock: !Ref PublicSubnet1CIDR
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Subnet (AZ1)
-
- PublicSubnet2:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 1, !GetAZs '' ]
- CidrBlock: !Ref PublicSubnet2CIDR
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Subnet (AZ2)
-
- PrivateSubnet1:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 0, !GetAZs '' ]
- CidrBlock: !Ref PrivateSubnet1CIDR
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Subnet (AZ1)
-
- PrivateSubnet2:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 1, !GetAZs '' ]
- CidrBlock: !Ref PrivateSubnet2CIDR
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Subnet (AZ2)
-
- NatGateway1EIP:
- Type: AWS::EC2::EIP
- DependsOn: InternetGatewayAttachment
- Properties:
- Domain: vpc
-
- NatGateway2EIP:
- Type: AWS::EC2::EIP
- DependsOn: InternetGatewayAttachment
- Properties:
- Domain: vpc
-
- NatGateway1:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId: !GetAtt NatGateway1EIP.AllocationId
- SubnetId: !Ref PublicSubnet1
-
- NatGateway2:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId: !GetAtt NatGateway2EIP.AllocationId
- SubnetId: !Ref PublicSubnet2
-
- PublicRouteTable:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Routes
-
- DefaultPublicRoute:
- Type: AWS::EC2::Route
- DependsOn: InternetGatewayAttachment
- Properties:
- RouteTableId: !Ref PublicRouteTable
- DestinationCidrBlock: 0.0.0.0/0
- GatewayId: !Ref InternetGateway
-
- PublicSubnet1RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PublicRouteTable
- SubnetId: !Ref PublicSubnet1
-
- PublicSubnet2RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PublicRouteTable
- SubnetId: !Ref PublicSubnet2
-
- PrivateRouteTable1:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Routes (AZ1)
-
- DefaultPrivateRoute1:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId: !Ref PrivateRouteTable1
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId: !Ref NatGateway1
-
- PrivateSubnet1RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PrivateRouteTable1
- SubnetId: !Ref PrivateSubnet1
-
- PrivateRouteTable2:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Routes (AZ2)
-
- DefaultPrivateRoute2:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId: !Ref PrivateRouteTable2
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId: !Ref NatGateway2
-
- PrivateSubnet2RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PrivateRouteTable2
- SubnetId: !Ref PrivateSubnet2
-
- NoIngressSecurityGroup:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupName: "no-ingress-sg"
- GroupDescription: "Security group with no ingress rule"
- VpcId: !Ref VPC
-
-
-Outputs:
- VPC:
- Description: >-
- A reference to the created VPC
- Value: !Ref VPC
- Export:
- Name: !Sub "${AWS::StackName}-VPC"
-
- PublicSubnet1:
- Description: >-
- A reference to the public subnet in the 1st Availability Zone
- Value: !Ref PublicSubnet1
- Export:
- Name: !Sub "${AWS::StackName}-PublicSubnet1"
-
- PublicSubnet2:
- Description: >-
- A reference to the public subnet in the 2nd Availability Zone
- Value: !Ref PublicSubnet2
- Export:
- Name: !Sub "${AWS::StackName}-PublicSubnet2"
-
- PrivateSubnet1:
- Description: >-
- A reference to the private subnet in the 1st Availability Zone
- Value: !Ref PrivateSubnet1
- Export:
- Name: !Sub "${AWS::StackName}-PrivateSubnet1"
-
- PrivateSubnet2:
- Description: >-
- A reference to the private subnet in the 2nd Availability Zone
- Value: !Ref PrivateSubnet2
- Export:
- Name: !Sub "${AWS::StackName}-PrivateSubnet2"
-
- NoIngressSecurityGroup:
- Description: >-
- Security group with no ingress rule
- Value: !Ref NoIngressSecurityGroup
- Export:
- Name: !Sub "${AWS::StackName}-NoIngressSecurityGroup"
-
- DefaultSecurityGroup:
- Description: >-
- Security group with no ingress rule
- Value: !GetAtt VPC.DefaultSecurityGroup
- Export:
- Name: !Sub "${AWS::StackName}-DefaultSecurityGroup"
diff --git a/core/containers/ci_image/Dockerfile b/core/containers/ci_image/Dockerfile
deleted file mode 100644
index e130a36..0000000
--- a/core/containers/ci_image/Dockerfile
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-# http://aws.amazon.com/asl/
-#
-# or in the "license" file accompanying this file.
-# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
-# See the License for the specific language governing permissions and limitations under the License.
-
-FROM ubuntu:18.04 AS core
-
-ENV DEBIAN_FRONTEND="noninteractive"
-
-# Install git, SSH, and other utilities
-RUN set -ex \
- && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \
- && apt-get update \
- && apt install -y apt-transport-https gnupg ca-certificates \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \
- && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \
- && apt-get install software-properties-common -y --no-install-recommends \
- && apt-add-repository -y ppa:git-core/ppa \
- && apt-get update \
- && apt-get install git=1:2.* -y --no-install-recommends \
- && git version \
- && apt-get install -y --no-install-recommends openssh-client \
- && mkdir ~/.ssh \
- && touch ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \
- && chmod 600 ~/.ssh/known_hosts \
- && apt-get install -y --no-install-recommends \
- apt-utils asciidoc autoconf automake build-essential bzip2 \
- bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \
- e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \
- groff gzip imagemagick iptables jq less libapr1 libaprutil1 \
- libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \
- libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \
- libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \
- libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \
- libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \
- libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \
- libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \
- libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \
- libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \
- libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \
- netbase openssl patch pkg-config procps python-bzrlib \
- python-configobj python-openssl rsync sgml-base sgml-data subversion \
- tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \
- libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 zstd \
- liblz4-1 liblz4-tool \
- && apt-get install -y --no-install-recommends \
- gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \
- socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \
- iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \
- && rm -rf /var/lib/apt/lists/*
-
-RUN useradd codebuild-user
-
-#=======================End of layer: core =================
-
-FROM core AS tools
-
-# AWS Tools
-# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html
-RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \
- && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \
- && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \
- && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \
- && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl
-
-# Configure SSM
-RUN set -ex \
- && mkdir /tmp/ssm \
- && cd /tmp/ssm \
- && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \
- && dpkg -i amazon-ssm-agent.deb
-
-# Install env tools for runtimes
-
-#python
-RUN curl https://pyenv.run | bash
-ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH"
-
-#=======================End of layer: tools =================
-FROM tools AS runtimes
-
-#**************** PYTHON *****************************************************
-ENV PYTHON_38_VERSION="3.8.3" \
- PYTHON_37_VERSION="3.7.7"
-
-ENV PYTHON_PIP_VERSION=19.3.1
-
-COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_37_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-
-COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_38_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-#**************** END PYTHON *****************************************************
-
-#=======================End of layer: runtimes =================
-
-#**************** DOCKER *********************************************
-ENV DOCKER_BUCKET="download.docker.com" \
- DOCKER_CHANNEL="stable" \
- DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \
- DOCKER_COMPOSE_VERSION="1.26.0" \
- SRC_DIR="/usr/src"
-
-ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e"
-ENV DOCKER_VERSION="19.03.11"
-
-# Install Docker
-RUN set -ex \
- && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
- && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
- && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \
- && rm docker.tgz \
- && docker -v \
- # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
- && addgroup dockremap \
- && useradd -g dockremap dockremap \
- && echo 'dockremap:165536:65536' >> /etc/subuid \
- && echo 'dockremap:165536:65536' >> /etc/subgid \
- && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \
- && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \
- && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \
- # Ensure docker-compose works
- && docker-compose version
-
-VOLUME /var/lib/docker
-#*********************** END DOCKER ****************************
-
-#=======================End of layer: corretto =================
-
-RUN pyenv global $PYTHON_38_VERSION
-
-# Configure SSH
-COPY ssh_config /root/.ssh/config
-COPY runtimes.yml /codebuild/image/config/runtimes.yml
-COPY dockerd-entrypoint.sh /usr/local/bin/
-COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc
-COPY legal/bill_of_material.txt /usr/share/doc
-COPY amazon-ssm-agent.json /etc/amazon/ssm/
-
-RUN which dash &> /dev/null && (\
- echo "dash dash/sh boolean false" | debconf-set-selections && \
- DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \
- echo "Skipping dash reconfigure (not applicable)"
-
-RUN locale-gen en_US.UTF-8
-RUN dpkg-reconfigure locales
-RUN update-locale LANG=en_US.UTF-8
-ENV LANG=en_US.UTF-8
-
-# When we run in a CodeBuild context, we can integrate with CodeCommit
-# only when run-as is root. Also, when run-as is aws-yocto-builder,
-# HOME is still root. So, just give permission to aws-yocto-builder to
-# root's home directory, which is a big bag of crazy.
-# NOTE: the whole reason why we need to do this is bitbake requires
-# we run from a non-root context, which is completely sane.
-RUN mkdir /home/aws-yocto-builder && \
- groupadd -g 70 aws-yocto-builder && \
- useradd -N -m -u 70 -g 70 aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /root
-
-# These are EFS mount points and must be permissioned so we can invoke the
-# build and place outputs from a non-root context.
-RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads
-RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache
-RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output
-
-USER aws-yocto-builder
-
-ENTRYPOINT ["dockerd-entrypoint.sh"]
diff --git a/core/containers/ci_image/amazon-ssm-agent.json b/core/containers/ci_image/amazon-ssm-agent.json
deleted file mode 100644
index acb8c83..0000000
--- a/core/containers/ci_image/amazon-ssm-agent.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
- "Profile":{
- "ShareCreds" : true,
- "ShareProfile" : ""
- },
- "Mds": {
- "CommandWorkersLimit" : 5,
- "StopTimeoutMillis" : 20000,
- "Endpoint": "",
- "CommandRetryLimit": 15
- },
- "Ssm": {
- "Endpoint": "",
- "HealthFrequencyMinutes": 5,
- "CustomInventoryDefaultLocation" : "",
- "AssociationLogsRetentionDurationHours" : 24,
- "RunCommandLogsRetentionDurationHours" : 336,
- "SessionLogsRetentionDurationHours" : 336
- },
- "Mgs": {
- "Region": "",
- "Endpoint": "",
- "StopTimeoutMillis" : 20000,
- "SessionWorkersLimit" : 1000
- },
- "Agent": {
- "Region": "",
- "OrchestrationRootDir": "",
- "ContainerMode": true
- },
- "Os": {
- "Lang": "en-US",
- "Name": "",
- "Version": "1"
- },
- "S3": {
- "Endpoint": "",
- "Region": "",
- "LogBucket":"",
- "LogKey":""
- },
- "Kms": {
- "Endpoint": ""
- }
-}
diff --git a/core/containers/ci_image/dockerd-entrypoint.sh b/core/containers/ci_image/dockerd-entrypoint.sh
deleted file mode 100644
index 1591be4..0000000
--- a/core/containers/ci_image/dockerd-entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-set -e
-
-/usr/local/bin/dockerd \
- --host=unix:///var/run/docker.sock \
- --host=tcp://127.0.0.1:2375 \
- --storage-driver=overlay2 &>/var/log/docker.log &
-
-
-tries=0
-d_timeout=60
-until docker info >/dev/null 2>&1
-do
- if [ "$tries" -gt "$d_timeout" ]; then
- cat /var/log/docker.log
- echo 'Timed out trying to connect to internal docker host.' >&2
- exit 1
- fi
- tries=$(( $tries + 1 ))
- sleep 1
-done
-
-eval "$@"
diff --git a/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt b/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt
deleted file mode 100644
index 6d6039d..0000000
--- a/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Third Party Licenses
-====================
-
-Stunnel:
-We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz
diff --git a/core/containers/ci_image/legal/bill_of_material.txt b/core/containers/ci_image/legal/bill_of_material.txt
deleted file mode 100644
index 840548a..0000000
--- a/core/containers/ci_image/legal/bill_of_material.txt
+++ /dev/null
@@ -1,281 +0,0 @@
-The Amazon CodeBuild Product includes the following third-party software/licensing:
-
-----------------
-apt-transport-https : /usr/share/doc/apt-transport-https/copyright
-----------------
-apt-utils : /usr/share/doc/apt-utils/copyright
-----------------
-asciidoc : /usr/share/doc/asciidoc/copyright
-----------------
-autoconf : /usr/share/doc/autoconf/copyright
-----------------
-automake : /usr/share/doc/automake/copyright
-----------------
-build-essential : /usr/share/doc/build-essential/copyright
-----------------
-bzip2 : /usr/share/doc/bzip2/copyright
-----------------
-bzr : /usr/share/doc/bzr/copyright
-----------------
-ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright
-----------------
-curl : /usr/share/doc/curl/copyright
-----------------
-cvs : /usr/share/doc/cvs/copyright
-----------------
-cvsps : /usr/share/doc/cvsps/copyright
-----------------
-dirmngr : /usr/share/doc/dirmngr/copyright
-----------------
-docbook-xml : /usr/share/doc/docbook-xml/copyright
-----------------
-docbook-xsl : /usr/share/doc/docbook-xsl/copyright
-----------------
-dpkg-dev : /usr/share/doc/dpkg-dev/copyright
-----------------
-e2fsprogs : /usr/share/doc/e2fsprogs/copyright
-----------------
-expect : /usr/share/doc/expect/copyright
-----------------
-fakeroot : /usr/share/doc/fakeroot/copyright
-----------------
-file : /usr/share/doc/file/copyright
-----------------
-g++ : /usr/share/doc/g++/copyright
-----------------
-gcc : /usr/share/doc/gcc/copyright
-----------------
-gettext : /usr/share/doc/gettext/copyright
-----------------
-gettext-base : /usr/share/doc/gettext-base/copyright
-----------------
-git : /usr/share/doc/git/copyright
-----------------
-groff : /usr/share/doc/groff/copyright
-----------------
-gzip : /usr/share/doc/gzip/copyright
-----------------
-imagemagick : /usr/share/doc/imagemagick/copyright
-----------------
-iptables : /usr/share/doc/iptables/copyright
-----------------
-jq : /usr/share/doc/jq/copyright
-----------------
-less : /usr/share/doc/less/copyright
-----------------
-lib32gcc1 : /usr/share/doc/lib32gcc1/copyright
-----------------
-lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright
-----------------
-lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright
-----------------
-lib32z1 : /usr/share/doc/lib32z1/copyright
-----------------
-libapr1 : /usr/share/doc/libapr1/copyright
-----------------
-libaprutil1 : /usr/share/doc/libaprutil1/copyright
-----------------
-libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright
-----------------
-libasound2 : /usr/share/doc/libasound2/copyright
-----------------
-libbz2-dev : /usr/share/doc/libbz2-dev/copyright
-----------------
-libc6-dev : /usr/share/doc/libc6-dev/copyright
-----------------
-libc6-i386 : /usr/share/doc/libc6-i386/copyright
-----------------
-libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright
-----------------
-libdb-dev : /usr/share/doc/libdb-dev/copyright
-----------------
-libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright
-----------------
-libdbi-perl : /usr/share/doc/libdbi-perl/copyright
-----------------
-libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright
-----------------
-libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright
-----------------
-libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright
-----------------
-libedit-dev : /usr/share/doc/libedit-dev/copyright
-----------------
-liberror-perl : /usr/share/doc/liberror-perl/copyright
-----------------
-libevent-dev : /usr/share/doc/libevent-dev/copyright
-----------------
-libffi-dev : /usr/share/doc/libffi-dev/copyright
-----------------
-libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright
-----------------
-libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright
-----------------
-libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright
-----------------
-libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright
-----------------
-libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright
-----------------
-libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright
-----------------
-libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright
-----------------
-libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright
-----------------
-liblzma-dev : /usr/share/doc/liblzma-dev/copyright
-----------------
-libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright
-----------------
-libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright
-----------------
-libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright
-----------------
-libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright
-----------------
-libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright
-----------------
-libonig-dev : /usr/share/doc/libonig-dev/copyright
-----------------
-libpq-dev : /usr/share/doc/libpq-dev/copyright
-----------------
-libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright
-----------------
-libreadline-dev : /usr/share/doc/libreadline-dev/copyright
-----------------
-libserf-1-1 : /usr/share/doc/libserf-1-1/copyright
-----------------
-libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright
-----------------
-libssl-dev : /usr/share/doc/libssl-dev/copyright
-----------------
-libsvn-perl : /usr/share/doc/libsvn-perl/copyright
-----------------
-libsvn1 : /usr/share/doc/libsvn1/copyright
-----------------
-libtcl8.6 : /usr/share/doc/libtcl8.6/copyright
-----------------
-libtidy-dev : /usr/share/doc/libtidy-dev/copyright
-----------------
-libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright
-----------------
-libtool : /usr/share/doc/libtool/copyright
-----------------
-libwebp-dev : /usr/share/doc/libwebp-dev/copyright
-----------------
-libxml2-dev : /usr/share/doc/libxml2-dev/copyright
-----------------
-libxml2-utils : /usr/share/doc/libxml2-utils/copyright
-----------------
-libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright
-----------------
-libyaml-dev : /usr/share/doc/libyaml-dev/copyright
-----------------
-libyaml-perl : /usr/share/doc/libyaml-perl/copyright
-----------------
-libzip-dev : /usr/share/doc/libzip-dev/copyright
-----------------
-libzip4 : /usr/share/doc/libzip4/copyright
-----------------
-llvm : /usr/share/doc/llvm/copyright
-----------------
-locales : /usr/share/doc/locales/copyright
-----------------
-make : /usr/share/doc/make/copyright
-----------------
-mercurial : /usr/share/doc/mercurial/copyright
-----------------
-mlocate : /usr/share/doc/mlocate/copyright
-----------------
-mono-devel : /usr/share/doc/mono-devel/copyright
-----------------
-netbase : /usr/share/doc/netbase/copyright
-----------------
-openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright
-----------------
-openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright
-----------------
-openssh-client : /usr/share/doc/openssh-client/copyright
-----------------
-openssl : /usr/share/doc/openssl/copyright
-----------------
-patch : /usr/share/doc/patch/copyright
-----------------
-pkg-config : /usr/share/doc/pkg-config/copyright
-----------------
-procps : /usr/share/doc/procps/copyright
-----------------
-python-bzrlib : /usr/share/doc/python-bzrlib/copyright
-----------------
-python-configobj : /usr/share/doc/python-configobj/copyright
-----------------
-python-openssl : /usr/share/doc/python-openssl/copyright
-----------------
-python-setuptools : /usr/share/doc/python-setuptools/copyright
-----------------
-rsync : /usr/share/doc/rsync/copyright
-----------------
-sbt : /usr/share/doc/sbt/copyright
-----------------
-sgml-base : /usr/share/doc/sgml-base/copyright
-----------------
-sgml-data : /usr/share/doc/sgml-data/copyright
-----------------
-software-properties-common : /usr/share/doc/software-properties-common/copyright
-----------------
-subversion : /usr/share/doc/subversion/copyright
-----------------
-tar : /usr/share/doc/tar/copyright
-----------------
-tcl : /usr/share/doc/tcl/copyright
-----------------
-tcl8.6 : /usr/share/doc/tcl8.6/copyright
-----------------
-tk : /usr/share/doc/tk/copyright
-----------------
-tk-dev : /usr/share/doc/tk-dev/copyright
-----------------
-unzip : /usr/share/doc/unzip/copyright
-----------------
-vim : /usr/share/doc/vim/copyright
-----------------
-wget : /usr/share/doc/wget/copyright
-----------------
-xfsprogs : /usr/share/doc/xfsprogs/copyright
-----------------
-xml-core : /usr/share/doc/xml-core/copyright
-----------------
-xmlto : /usr/share/doc/xmlto/copyright
-----------------
-xsltproc : /usr/share/doc/xsltproc/copyright
-----------------
-xvfb : /usr/share/doc/xvfb/copyright
-----------------
-xz-utils : /usr/share/doc/xz-utils/copyright
-----------------
-zip : /usr/share/doc/zip/copyright
-----------------
-zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright
-----------------
-ruby :https://www.ruby-lang.org/en/about/license.txt
-----------------
-python :https://docs.python.org/3/license.html
-----------------
-php :https://www.php.net/license/index.php
-----------------
-nodejs :https://github.com/nodejs/node/blob/master/LICENSE
-----------------
-golang :https://golang.org/LICENSE
-----------------
-dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT
-----------------
-Firefox :https://www.mozilla.org/en-US/MPL/
-----------------
-Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html
-----------------
-stunnel : https://www.stunnel.org/gpl.html
-----------------
-gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE
-----------------
-docker : https://www.docker.com/legal/components-licenses
-----------------
diff --git a/core/containers/ci_image/runtimes.yml b/core/containers/ci_image/runtimes.yml
deleted file mode 100644
index 7a68a21..0000000
--- a/core/containers/ci_image/runtimes.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-version: 0.1
-
-runtimes:
- android:
- versions:
- 28:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 28 ..."
- 29:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 29 ..."
-
- java:
- versions:
- corretto11:
- commands:
- - echo "Installing Java version 11 ..."
-
- - export JAVA_HOME="$JAVA_11_HOME"
-
- - export JRE_HOME="$JRE_11_HOME"
-
- - export JDK_HOME="$JDK_11_HOME"
-
- - |-
- for tool_path in "$JAVA_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- corretto8:
- commands:
- - echo "Installing Java version 8 ..."
-
- - export JAVA_HOME="$JAVA_8_HOME"
-
- - export JRE_HOME="$JRE_8_HOME"
-
- - export JDK_HOME="$JDK_8_HOME"
-
- - |-
- for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- golang:
- versions:
- 1.12:
- commands:
- - echo "Installing Go version 1.12 ..."
- - goenv global $GOLANG_12_VERSION
- 1.13:
- commands:
- - echo "Installing Go version 1.13 ..."
- - goenv global $GOLANG_13_VERSION
- 1.14:
- commands:
- - echo "Installing Go version 1.14 ..."
- - goenv global $GOLANG_14_VERSION
- python:
- versions:
- 3.8:
- commands:
- - echo "Installing Python version 3.8 ..."
- - pyenv global $PYTHON_38_VERSION
- 3.7:
- commands:
- - echo "Installing Python version 3.7 ..."
- - pyenv global $PYTHON_37_VERSION
- php:
- versions:
- 7.4:
- commands:
- - echo "Installing PHP version 7.4 ..."
- - phpenv global $PHP_74_VERSION
- 7.3:
- commands:
- - echo "Installing PHP version 7.3 ..."
- - phpenv global $PHP_73_VERSION
- ruby:
- versions:
- 2.6:
- commands:
- - echo "Installing Ruby version 2.6 ..."
- - rbenv global $RUBY_26_VERSION
- 2.7:
- commands:
- - echo "Installing Ruby version 2.7 ..."
- - rbenv global $RUBY_27_VERSION
- nodejs:
- versions:
- 10:
- commands:
- - echo "Installing Node.js version 10 ..."
- - n $NODE_10_VERSION
- 12:
- commands:
- - echo "Installing Node.js version 12 ..."
- - n $NODE_12_VERSION
- docker:
- versions:
- 18:
- commands:
- - echo "Using Docker 19"
- 19:
- commands:
- - echo "Using Docker 19"
- dotnet:
- versions:
- 3.1:
- commands:
- - echo "Installing .NET version 3.1 ..."
diff --git a/core/containers/ci_image/ssh_config b/core/containers/ci_image/ssh_config
deleted file mode 100644
index 710e275..0000000
--- a/core/containers/ci_image/ssh_config
+++ /dev/null
@@ -1,3 +0,0 @@
-Host *
- ConnectTimeout 10
- ConnectionAttempts 10
diff --git a/core/containers/ci_image/tools/android-accept-licenses.sh b/core/containers/ci_image/tools/android-accept-licenses.sh
deleted file mode 100644
index ebac067..0000000
--- a/core/containers/ci_image/tools/android-accept-licenses.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 1800
-set cmd [lindex $argv 0]
-set licenses [lindex $argv 1]
-
-spawn {*}$cmd
-expect {
- "Do you accept the license '*'*" {
- exp_send "y\r"
- exp_continue
- }
- "Accept? (y/N): " {
- exp_send "y\r"
- exp_continue
- }
- "Review licenses that have not been accepted (y/N)? " {
- exp_send "y\r"
- exp_continue
- }
- eof
-}
-
-lassign [wait] pid spawnid os_error waitvalue
-
-if {$os_error == 0} {
- exit $waitvalue
-} else {
- exit 1
-}
diff --git a/core/containers/ci_image/tools/runtime_configs/php/7.3.19 b/core/containers/ci_image/tools/runtime_configs/php/7.3.19
deleted file mode 100644
index 25fed15..0000000
--- a/core/containers/ci_image/tools/runtime_configs/php/7.3.19
+++ /dev/null
@@ -1,19 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-libedit"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19
-#Don't change beyond this line
-
-configure_option "--without-pear"
-configure_option "--with-gd"
-configure_option "--with-png-dir" "/usr"
-configure_option "--with-jpeg-dir" "/usr"
-configure_option "--enable-zip"
-
-install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
diff --git a/core/containers/ci_image/tools/runtime_configs/php/7.4.7 b/core/containers/ci_image/tools/runtime_configs/php/7.4.7
deleted file mode 100644
index 04d6a1a..0000000
--- a/core/containers/ci_image/tools/runtime_configs/php/7.4.7
+++ /dev/null
@@ -1,17 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-configure_option "--with-libedit"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7
-#Don't change beyond this line
-
-configure_option "--enable-gd"
-configure_option "--with-jpeg"
-configure_option "--with-zip"
-
-install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
diff --git a/core/containers/ci_image/tools/runtime_configs/python/3.7.7 b/core/containers/ci_image/tools/runtime_configs/python/3.7.7
deleted file mode 100644
index 165cb78..0000000
--- a/core/containers/ci_image/tools/runtime_configs/python/3.7.7
+++ /dev/null
@@ -1,17 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" standard verify_py37 copy_python_gdb ensurepip
-else
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" standard verify_py37 copy_python_gdb ensurepip
-fi
diff --git a/core/containers/ci_image/tools/runtime_configs/python/3.8.3 b/core/containers/ci_image/tools/runtime_configs/python/3.8.3
deleted file mode 100644
index 2ca94b2..0000000
--- a/core/containers/ci_image/tools/runtime_configs/python/3.8.3
+++ /dev/null
@@ -1,17 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" standard verify_py38 copy_python_gdb ensurepip
-else
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" standard verify_py38 copy_python_gdb ensurepip
-fi
diff --git a/core/containers/ci_image_ti.dunfell/Dockerfile b/core/containers/ci_image_ti.dunfell/Dockerfile
deleted file mode 100644
index 3b15cca..0000000
--- a/core/containers/ci_image_ti.dunfell/Dockerfile
+++ /dev/null
@@ -1,208 +0,0 @@
-# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-# http://aws.amazon.com/asl/
-#
-# or in the "license" file accompanying this file.
-# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
-# See the License for the specific language governing permissions and limitations under the License.
-
-FROM ubuntu:18.04 AS core
-
-ENV DEBIAN_FRONTEND="noninteractive"
-
-# Install git, SSH, and other utilities
-RUN set -ex \
- && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \
- && apt-get update \
- && apt install -y apt-transport-https gnupg ca-certificates \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \
- && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \
- && apt-get install software-properties-common -y --no-install-recommends \
- && apt-add-repository -y ppa:git-core/ppa \
- && apt-get update \
- && apt-get install git=1:2.* -y --no-install-recommends \
- && git version \
- && apt-get install -y --no-install-recommends openssh-client \
- && mkdir ~/.ssh \
- && touch ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \
- && chmod 600 ~/.ssh/known_hosts \
- && apt-get install -y --no-install-recommends \
- apt-utils asciidoc autoconf automake build-essential bzip2 \
- bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \
- e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \
- groff gzip imagemagick iptables jq less libapr1 libaprutil1 \
- libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \
- libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \
- libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \
- libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \
- libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \
- libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \
- libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \
- libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \
- libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \
- libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \
- netbase openssl patch pkg-config procps python-bzrlib \
- python-configobj python-openssl rsync sgml-base sgml-data subversion \
- tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \
- libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 zstd \
- && apt-get install -y --no-install-recommends \
- gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \
- socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \
- iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \
- && rm -rf /var/lib/apt/lists/*
-
-RUN useradd codebuild-user
-
-#=======================End of layer: core =================
-
-FROM core AS tools
-
-# AWS Tools
-# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html
-RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \
- && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \
- && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \
- && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \
- && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl
-
-# Configure SSM
-RUN set -ex \
- && mkdir /tmp/ssm \
- && cd /tmp/ssm \
- && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \
- && dpkg -i amazon-ssm-agent.deb
-
-# Install env tools for runtimes
-
-#python
-RUN curl https://pyenv.run | bash
-ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH"
-
-#=======================End of layer: tools =================
-FROM tools AS runtimes
-
-#**************** PYTHON *****************************************************
-ENV PYTHON_38_VERSION="3.8.3" \
- PYTHON_37_VERSION="3.7.7"
-
-ENV PYTHON_PIP_VERSION=19.3.1
-
-COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_37_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-
-COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_38_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-#**************** END PYTHON *****************************************************
-
-#=======================End of layer: runtimes =================
-
-#**************** DOCKER *********************************************
-ENV DOCKER_BUCKET="download.docker.com" \
- DOCKER_CHANNEL="stable" \
- DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \
- DOCKER_COMPOSE_VERSION="1.26.0" \
- SRC_DIR="/usr/src"
-
-ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e"
-ENV DOCKER_VERSION="19.03.11"
-
-# Install Docker
-RUN set -ex \
- && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
- && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
- && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \
- && rm docker.tgz \
- && docker -v \
- # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
- && addgroup dockremap \
- && useradd -g dockremap dockremap \
- && echo 'dockremap:165536:65536' >> /etc/subuid \
- && echo 'dockremap:165536:65536' >> /etc/subgid \
- && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \
- && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \
- && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \
- # Ensure docker-compose works
- && docker-compose version
-
-VOLUME /var/lib/docker
-#*********************** END DOCKER ****************************
-
-#=======================End of layer: corretto =================
-
-RUN pyenv global $PYTHON_38_VERSION
-
-# Configure SSH
-COPY ssh_config /root/.ssh/config
-COPY runtimes.yml /codebuild/image/config/runtimes.yml
-COPY dockerd-entrypoint.sh /usr/local/bin/
-COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc
-COPY legal/bill_of_material.txt /usr/share/doc
-COPY amazon-ssm-agent.json /etc/amazon/ssm/
-
-RUN which dash &> /dev/null && (\
- echo "dash dash/sh boolean false" | debconf-set-selections && \
- DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \
- echo "Skipping dash reconfigure (not applicable)"
-
-RUN locale-gen en_US.UTF-8
-RUN dpkg-reconfigure locales
-RUN update-locale LANG=en_US.UTF-8
-ENV LANG=en_US.UTF-8
-
-# Download and install ARM toolchains. The TI and Arago build process
-# uses external toolchain.
-# See: http://arago-project.org/wiki/index.php/Setting_Up_Build_Environment
-#
-# TI/Arago Dunfell release uses 9.2-2019.12
-
-RUN wget --no-check-certificate https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz
-RUN wget --no-check-certificate https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz
-RUN tar -Jxvf gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz -C $HOME
-RUN tar -Jxvf gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz -C $HOME
-RUN rm gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz
-RUN rm gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz
-
-RUN dpkg --add-architecture i386
-RUN apt-get update
-RUN apt-get install -y git build-essential diffstat texinfo gawk chrpath
-RUN apt-get install -y libstdc++6:i386 libncurses5:i386 libz1:i386 libc6:i386 libc6-dev-i386 g++-multilib
-RUN dpkg-reconfigure dash -fnoninteractive
-
-# When we run in a CodeBuild context, we can integrate with CodeCommit
-# only when run-as is root. Also, when run-as is aws-yocto-builder,
-# HOME is still root. So, just give permission to aws-yocto-builder to
-# root's home directory, which is a big bag of crazy.
-# NOTE: the whole reason why we need to do this is bitbake requires
-# we run from a non-root context, which is completely sane.
-RUN mkdir /home/aws-yocto-builder && \
- groupadd -g 70 aws-yocto-builder && \
- useradd -N -m -u 70 -g 70 aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /root
-
-# These are EFS mount points and must be permissioned so we can invoke the
-# build and place outputs from a non-root context.
-RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads
-RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache
-RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output
-
-USER aws-yocto-builder
-
-ENTRYPOINT ["dockerd-entrypoint.sh"]
diff --git a/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json b/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json
deleted file mode 100644
index acb8c83..0000000
--- a/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
- "Profile":{
- "ShareCreds" : true,
- "ShareProfile" : ""
- },
- "Mds": {
- "CommandWorkersLimit" : 5,
- "StopTimeoutMillis" : 20000,
- "Endpoint": "",
- "CommandRetryLimit": 15
- },
- "Ssm": {
- "Endpoint": "",
- "HealthFrequencyMinutes": 5,
- "CustomInventoryDefaultLocation" : "",
- "AssociationLogsRetentionDurationHours" : 24,
- "RunCommandLogsRetentionDurationHours" : 336,
- "SessionLogsRetentionDurationHours" : 336
- },
- "Mgs": {
- "Region": "",
- "Endpoint": "",
- "StopTimeoutMillis" : 20000,
- "SessionWorkersLimit" : 1000
- },
- "Agent": {
- "Region": "",
- "OrchestrationRootDir": "",
- "ContainerMode": true
- },
- "Os": {
- "Lang": "en-US",
- "Name": "",
- "Version": "1"
- },
- "S3": {
- "Endpoint": "",
- "Region": "",
- "LogBucket":"",
- "LogKey":""
- },
- "Kms": {
- "Endpoint": ""
- }
-}
diff --git a/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh b/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh
deleted file mode 100644
index 1591be4..0000000
--- a/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-set -e
-
-/usr/local/bin/dockerd \
- --host=unix:///var/run/docker.sock \
- --host=tcp://127.0.0.1:2375 \
- --storage-driver=overlay2 &>/var/log/docker.log &
-
-
-tries=0
-d_timeout=60
-until docker info >/dev/null 2>&1
-do
- if [ "$tries" -gt "$d_timeout" ]; then
- cat /var/log/docker.log
- echo 'Timed out trying to connect to internal docker host.' >&2
- exit 1
- fi
- tries=$(( $tries + 1 ))
- sleep 1
-done
-
-eval "$@"
diff --git a/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt b/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt
deleted file mode 100644
index 6d6039d..0000000
--- a/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Third Party Licenses
-====================
-
-Stunnel:
-We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz
diff --git a/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt b/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt
deleted file mode 100644
index 840548a..0000000
--- a/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt
+++ /dev/null
@@ -1,281 +0,0 @@
-The Amazon CodeBuild Product includes the following third-party software/licensing:
-
-----------------
-apt-transport-https : /usr/share/doc/apt-transport-https/copyright
-----------------
-apt-utils : /usr/share/doc/apt-utils/copyright
-----------------
-asciidoc : /usr/share/doc/asciidoc/copyright
-----------------
-autoconf : /usr/share/doc/autoconf/copyright
-----------------
-automake : /usr/share/doc/automake/copyright
-----------------
-build-essential : /usr/share/doc/build-essential/copyright
-----------------
-bzip2 : /usr/share/doc/bzip2/copyright
-----------------
-bzr : /usr/share/doc/bzr/copyright
-----------------
-ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright
-----------------
-curl : /usr/share/doc/curl/copyright
-----------------
-cvs : /usr/share/doc/cvs/copyright
-----------------
-cvsps : /usr/share/doc/cvsps/copyright
-----------------
-dirmngr : /usr/share/doc/dirmngr/copyright
-----------------
-docbook-xml : /usr/share/doc/docbook-xml/copyright
-----------------
-docbook-xsl : /usr/share/doc/docbook-xsl/copyright
-----------------
-dpkg-dev : /usr/share/doc/dpkg-dev/copyright
-----------------
-e2fsprogs : /usr/share/doc/e2fsprogs/copyright
-----------------
-expect : /usr/share/doc/expect/copyright
-----------------
-fakeroot : /usr/share/doc/fakeroot/copyright
-----------------
-file : /usr/share/doc/file/copyright
-----------------
-g++ : /usr/share/doc/g++/copyright
-----------------
-gcc : /usr/share/doc/gcc/copyright
-----------------
-gettext : /usr/share/doc/gettext/copyright
-----------------
-gettext-base : /usr/share/doc/gettext-base/copyright
-----------------
-git : /usr/share/doc/git/copyright
-----------------
-groff : /usr/share/doc/groff/copyright
-----------------
-gzip : /usr/share/doc/gzip/copyright
-----------------
-imagemagick : /usr/share/doc/imagemagick/copyright
-----------------
-iptables : /usr/share/doc/iptables/copyright
-----------------
-jq : /usr/share/doc/jq/copyright
-----------------
-less : /usr/share/doc/less/copyright
-----------------
-lib32gcc1 : /usr/share/doc/lib32gcc1/copyright
-----------------
-lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright
-----------------
-lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright
-----------------
-lib32z1 : /usr/share/doc/lib32z1/copyright
-----------------
-libapr1 : /usr/share/doc/libapr1/copyright
-----------------
-libaprutil1 : /usr/share/doc/libaprutil1/copyright
-----------------
-libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright
-----------------
-libasound2 : /usr/share/doc/libasound2/copyright
-----------------
-libbz2-dev : /usr/share/doc/libbz2-dev/copyright
-----------------
-libc6-dev : /usr/share/doc/libc6-dev/copyright
-----------------
-libc6-i386 : /usr/share/doc/libc6-i386/copyright
-----------------
-libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright
-----------------
-libdb-dev : /usr/share/doc/libdb-dev/copyright
-----------------
-libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright
-----------------
-libdbi-perl : /usr/share/doc/libdbi-perl/copyright
-----------------
-libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright
-----------------
-libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright
-----------------
-libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright
-----------------
-libedit-dev : /usr/share/doc/libedit-dev/copyright
-----------------
-liberror-perl : /usr/share/doc/liberror-perl/copyright
-----------------
-libevent-dev : /usr/share/doc/libevent-dev/copyright
-----------------
-libffi-dev : /usr/share/doc/libffi-dev/copyright
-----------------
-libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright
-----------------
-libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright
-----------------
-libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright
-----------------
-libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright
-----------------
-libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright
-----------------
-libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright
-----------------
-libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright
-----------------
-libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright
-----------------
-liblzma-dev : /usr/share/doc/liblzma-dev/copyright
-----------------
-libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright
-----------------
-libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright
-----------------
-libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright
-----------------
-libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright
-----------------
-libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright
-----------------
-libonig-dev : /usr/share/doc/libonig-dev/copyright
-----------------
-libpq-dev : /usr/share/doc/libpq-dev/copyright
-----------------
-libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright
-----------------
-libreadline-dev : /usr/share/doc/libreadline-dev/copyright
-----------------
-libserf-1-1 : /usr/share/doc/libserf-1-1/copyright
-----------------
-libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright
-----------------
-libssl-dev : /usr/share/doc/libssl-dev/copyright
-----------------
-libsvn-perl : /usr/share/doc/libsvn-perl/copyright
-----------------
-libsvn1 : /usr/share/doc/libsvn1/copyright
-----------------
-libtcl8.6 : /usr/share/doc/libtcl8.6/copyright
-----------------
-libtidy-dev : /usr/share/doc/libtidy-dev/copyright
-----------------
-libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright
-----------------
-libtool : /usr/share/doc/libtool/copyright
-----------------
-libwebp-dev : /usr/share/doc/libwebp-dev/copyright
-----------------
-libxml2-dev : /usr/share/doc/libxml2-dev/copyright
-----------------
-libxml2-utils : /usr/share/doc/libxml2-utils/copyright
-----------------
-libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright
-----------------
-libyaml-dev : /usr/share/doc/libyaml-dev/copyright
-----------------
-libyaml-perl : /usr/share/doc/libyaml-perl/copyright
-----------------
-libzip-dev : /usr/share/doc/libzip-dev/copyright
-----------------
-libzip4 : /usr/share/doc/libzip4/copyright
-----------------
-llvm : /usr/share/doc/llvm/copyright
-----------------
-locales : /usr/share/doc/locales/copyright
-----------------
-make : /usr/share/doc/make/copyright
-----------------
-mercurial : /usr/share/doc/mercurial/copyright
-----------------
-mlocate : /usr/share/doc/mlocate/copyright
-----------------
-mono-devel : /usr/share/doc/mono-devel/copyright
-----------------
-netbase : /usr/share/doc/netbase/copyright
-----------------
-openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright
-----------------
-openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright
-----------------
-openssh-client : /usr/share/doc/openssh-client/copyright
-----------------
-openssl : /usr/share/doc/openssl/copyright
-----------------
-patch : /usr/share/doc/patch/copyright
-----------------
-pkg-config : /usr/share/doc/pkg-config/copyright
-----------------
-procps : /usr/share/doc/procps/copyright
-----------------
-python-bzrlib : /usr/share/doc/python-bzrlib/copyright
-----------------
-python-configobj : /usr/share/doc/python-configobj/copyright
-----------------
-python-openssl : /usr/share/doc/python-openssl/copyright
-----------------
-python-setuptools : /usr/share/doc/python-setuptools/copyright
-----------------
-rsync : /usr/share/doc/rsync/copyright
-----------------
-sbt : /usr/share/doc/sbt/copyright
-----------------
-sgml-base : /usr/share/doc/sgml-base/copyright
-----------------
-sgml-data : /usr/share/doc/sgml-data/copyright
-----------------
-software-properties-common : /usr/share/doc/software-properties-common/copyright
-----------------
-subversion : /usr/share/doc/subversion/copyright
-----------------
-tar : /usr/share/doc/tar/copyright
-----------------
-tcl : /usr/share/doc/tcl/copyright
-----------------
-tcl8.6 : /usr/share/doc/tcl8.6/copyright
-----------------
-tk : /usr/share/doc/tk/copyright
-----------------
-tk-dev : /usr/share/doc/tk-dev/copyright
-----------------
-unzip : /usr/share/doc/unzip/copyright
-----------------
-vim : /usr/share/doc/vim/copyright
-----------------
-wget : /usr/share/doc/wget/copyright
-----------------
-xfsprogs : /usr/share/doc/xfsprogs/copyright
-----------------
-xml-core : /usr/share/doc/xml-core/copyright
-----------------
-xmlto : /usr/share/doc/xmlto/copyright
-----------------
-xsltproc : /usr/share/doc/xsltproc/copyright
-----------------
-xvfb : /usr/share/doc/xvfb/copyright
-----------------
-xz-utils : /usr/share/doc/xz-utils/copyright
-----------------
-zip : /usr/share/doc/zip/copyright
-----------------
-zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright
-----------------
-ruby :https://www.ruby-lang.org/en/about/license.txt
-----------------
-python :https://docs.python.org/3/license.html
-----------------
-php :https://www.php.net/license/index.php
-----------------
-nodejs :https://github.com/nodejs/node/blob/master/LICENSE
-----------------
-golang :https://golang.org/LICENSE
-----------------
-dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT
-----------------
-Firefox :https://www.mozilla.org/en-US/MPL/
-----------------
-Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html
-----------------
-stunnel : https://www.stunnel.org/gpl.html
-----------------
-gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE
-----------------
-docker : https://www.docker.com/legal/components-licenses
-----------------
diff --git a/core/containers/ci_image_ti.dunfell/runtimes.yml b/core/containers/ci_image_ti.dunfell/runtimes.yml
deleted file mode 100644
index 7a68a21..0000000
--- a/core/containers/ci_image_ti.dunfell/runtimes.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-version: 0.1
-
-runtimes:
- android:
- versions:
- 28:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 28 ..."
- 29:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 29 ..."
-
- java:
- versions:
- corretto11:
- commands:
- - echo "Installing Java version 11 ..."
-
- - export JAVA_HOME="$JAVA_11_HOME"
-
- - export JRE_HOME="$JRE_11_HOME"
-
- - export JDK_HOME="$JDK_11_HOME"
-
- - |-
- for tool_path in "$JAVA_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- corretto8:
- commands:
- - echo "Installing Java version 8 ..."
-
- - export JAVA_HOME="$JAVA_8_HOME"
-
- - export JRE_HOME="$JRE_8_HOME"
-
- - export JDK_HOME="$JDK_8_HOME"
-
- - |-
- for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- golang:
- versions:
- 1.12:
- commands:
- - echo "Installing Go version 1.12 ..."
- - goenv global $GOLANG_12_VERSION
- 1.13:
- commands:
- - echo "Installing Go version 1.13 ..."
- - goenv global $GOLANG_13_VERSION
- 1.14:
- commands:
- - echo "Installing Go version 1.14 ..."
- - goenv global $GOLANG_14_VERSION
- python:
- versions:
- 3.8:
- commands:
- - echo "Installing Python version 3.8 ..."
- - pyenv global $PYTHON_38_VERSION
- 3.7:
- commands:
- - echo "Installing Python version 3.7 ..."
- - pyenv global $PYTHON_37_VERSION
- php:
- versions:
- 7.4:
- commands:
- - echo "Installing PHP version 7.4 ..."
- - phpenv global $PHP_74_VERSION
- 7.3:
- commands:
- - echo "Installing PHP version 7.3 ..."
- - phpenv global $PHP_73_VERSION
- ruby:
- versions:
- 2.6:
- commands:
- - echo "Installing Ruby version 2.6 ..."
- - rbenv global $RUBY_26_VERSION
- 2.7:
- commands:
- - echo "Installing Ruby version 2.7 ..."
- - rbenv global $RUBY_27_VERSION
- nodejs:
- versions:
- 10:
- commands:
- - echo "Installing Node.js version 10 ..."
- - n $NODE_10_VERSION
- 12:
- commands:
- - echo "Installing Node.js version 12 ..."
- - n $NODE_12_VERSION
- docker:
- versions:
- 18:
- commands:
- - echo "Using Docker 19"
- 19:
- commands:
- - echo "Using Docker 19"
- dotnet:
- versions:
- 3.1:
- commands:
- - echo "Installing .NET version 3.1 ..."
diff --git a/core/containers/ci_image_ti.dunfell/ssh_config b/core/containers/ci_image_ti.dunfell/ssh_config
deleted file mode 100644
index 710e275..0000000
--- a/core/containers/ci_image_ti.dunfell/ssh_config
+++ /dev/null
@@ -1,3 +0,0 @@
-Host *
- ConnectTimeout 10
- ConnectionAttempts 10
diff --git a/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh b/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh
deleted file mode 100644
index ebac067..0000000
--- a/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 1800
-set cmd [lindex $argv 0]
-set licenses [lindex $argv 1]
-
-spawn {*}$cmd
-expect {
- "Do you accept the license '*'*" {
- exp_send "y\r"
- exp_continue
- }
- "Accept? (y/N): " {
- exp_send "y\r"
- exp_continue
- }
- "Review licenses that have not been accepted (y/N)? " {
- exp_send "y\r"
- exp_continue
- }
- eof
-}
-
-lassign [wait] pid spawnid os_error waitvalue
-
-if {$os_error == 0} {
- exit $waitvalue
-} else {
- exit 1
-}
diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19
deleted file mode 100644
index 25fed15..0000000
--- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19
+++ /dev/null
@@ -1,19 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-libedit"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19
-#Don't change beyond this line
-
-configure_option "--without-pear"
-configure_option "--with-gd"
-configure_option "--with-png-dir" "/usr"
-configure_option "--with-jpeg-dir" "/usr"
-configure_option "--enable-zip"
-
-install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7
deleted file mode 100644
index 04d6a1a..0000000
--- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7
+++ /dev/null
@@ -1,17 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-configure_option "--with-libedit"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7
-#Don't change beyond this line
-
-configure_option "--enable-gd"
-configure_option "--with-jpeg"
-configure_option "--with-zip"
-
-install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7
deleted file mode 100644
index 165cb78..0000000
--- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7
+++ /dev/null
@@ -1,17 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" standard verify_py37 copy_python_gdb ensurepip
-else
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" standard verify_py37 copy_python_gdb ensurepip
-fi
diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3
deleted file mode 100644
index 2ca94b2..0000000
--- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3
+++ /dev/null
@@ -1,17 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" standard verify_py38 copy_python_gdb ensurepip
-else
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" standard verify_py38 copy_python_gdb ensurepip
-fi
diff --git a/core/scripts/setup_build_demos_prod.sh b/core/scripts/setup_build_demos_prod.sh
deleted file mode 100755
index 0387ec7..0000000
--- a/core/scripts/setup_build_demos_prod.sh
+++ /dev/null
@@ -1,58 +0,0 @@
-#! /bin/bash
-prefix=$1
-container_uri=$2
-vendor=$3
-board=$4
-demo=$5
-release=$6
-compute_type=$7
-set +x
-if test $# -ne 7; then
- echo $0 [prefix] [container_uri] [vendor] [board] [demo] [yocto_release] [compute_type]
- echo See online documentation for more details.
- exit 1
-fi
-
-echo invoking the template.
-GITHUB_ORG="${GITHUB_ORG:-aws-samples}"
-
-STACKNAME=${prefix}-el-build-${board}-${demo}-${release}
-NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network
-CONTAINER_ARN=ParameterKey=ContainerRegistryUri,ParameterValue=${container_uri}
-VENDOR=ParameterKey=DemoVendor,ParameterValue=${vendor}
-BOARD=ParameterKey=DemoBoard,ParameterValue=${board}
-DEMO=ParameterKey=DemoName,ParameterValue=${demo}
-RELEASE=ParameterKey=YoctoProjectRelease,ParameterValue=${release}
-COMPUTE_TYPE=ParameterKey=DemoComputeType,ParameterValue=${compute_type}
-GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG}
-
-PWD=$(pwd)
-stack_id=$(aws cloudformation create-stack --output text --query StackId \
- --stack-name ${STACKNAME} \
- --template-body file://$PWD/../cfn/build_demos_prod.yml \
- --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
- CAPABILITY_AUTO_EXPAND \
- --parameters ${NETWORK_STACK_NAME} ${CONTAINER_ARN} \
- ${VENDOR} ${BOARD} ${DEMO} ${RELEASE} ${COMPUTE_TYPE} \
- ${GITHUB_SOURCE_ORG}
- )
-
-echo stack_id is [${stack_id}]
-deployment_status=CREATE_IN_PROGRESS
-
-while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do
- echo deployment status: $deployment_status ... wait three seconds
- sleep 3
-
- deployment_status=$(aws cloudformation describe-stacks \
- --stack-name ${STACKNAME} \
- --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \
- --output text)
-done
-
-echo deployment status: $deployment_status
-
-if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then
- echo Cloudformation script did not complete successfully.
- exit 1
-fi
diff --git a/core/scripts/setup_ci_checklayer.sh b/core/scripts/setup_ci_checklayer.sh
deleted file mode 100755
index 7539e36..0000000
--- a/core/scripts/setup_ci_checklayer.sh
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /bin/bash
-prefix=$1
-container_registry_uri=$2
-yocto_release=$3
-git_hub_user_org=$4
-
-set +x
-
-function help() {
- printf "$0 [prefix] [container_registry_uri] [yocto_release] [git_hub_user_org]\n"
- printf "\n"
- printf "prefix the word used for the prefix naming convention.\n"
- printf "container_registry_uri The URI where the build machine image lives in REPOSITORY:TAG format.\n"
- printf "yocto_release The Yocto release, i.e. zeus, dunfell, etc.\n"
- printf "git_hub_user_org The GitHub organization or user to set the codebuild project for.\n"
- printf "\n"
- printf "See documentation for details.\n"
-}
-
-if test $# -ne 4; then
- printf "Error: not enough arguments.\n\n"
- help
- exit 1
-fi
-
-pushd $(dirname $0)
-PWD=$(pwd)
-
-GITHUB_ORG="${git_hub_user_org:-aws4embeddedlinux}"
-
-echo invoking the template.
-
-STACKNAME=${prefix}-el-checklayer-$(echo ${yocto_release} | sed -e 's/\./-/')
-
-PREFIX_PARAM=ParameterKey=Prefix,ParameterValue=${prefix}
-YOCTO_RELEASE=ParameterKey=YoctoProjectRelease,ParameterValue=${yocto_release}
-CONTAINER_REGISTRY_URI=ParameterKey=ContainerRegistryUri,ParameterValue=${container_registry_uri}
-NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network
-CFN_FILE=$PWD/../cfn/ci_checklayer.yml
-GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG}
-
-if test ! -f ${CFN_FILE}; then
- echo CFN file ${CFN_FILE} not found. ensure that the container cfn exists and
- echo there is not a typo in the distro name.
- exit 1
-fi
-
-stack_id=$(aws cloudformation create-stack --output text --query StackId \
- --stack-name ${STACKNAME} \
- --template-body file://${CFN_FILE} \
- --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
- --parameters ${NETWORK_STACK_NAME} ${CONTAINER_REGISTRY_URI} ${YOCTO_RELEASE} ${GITHUB_SOURCE_ORG}
- )
-
-if test $? -ne 0; then
- printf "Error: template invocation failed.\n"
- exit 1
-fi
-
-echo stack_id is [${stack_id}]
-deployment_status=CREATE_IN_PROGRESS
-
-while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do
- echo deployment status: $deployment_status ... wait three seconds
- sleep 3
-
- deployment_status=$(aws cloudformation describe-stacks \
- --stack-name ${STACKNAME} \
- --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \
- --output text)
-done
-
-echo deployment status: $deployment_status
-
-if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then
- echo Cloudformation script did not complete successfully.
- exit 1
-fi
diff --git a/core/scripts/setup_ci_container.sh b/core/scripts/setup_ci_container.sh
deleted file mode 100755
index ff0362e..0000000
--- a/core/scripts/setup_ci_container.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#! /bin/bash
-prefix=$1
-dockerhub_secret_arn=$2
-distro=$3
-
-set +x
-
-function help() {
- printf "$0 [prefix] [dh_arn] [distro]\n"
- printf "\n"
- printf "prefix the word used for the prefix naming convention.\n"
- printf "dh_arn the ARN for the dockerhub secret in AWS Secrets Manager.\n"
- printf "distro the target distribution name.\n"
- printf "\n"
- printf "See documentation for details.\n"
-}
-
-if test $# -ne 3; then
- printf "Error: not enough arguments.\n\n"
- help
- exit 1
-fi
-
-pushd $(dirname $0)
-PWD=$(pwd)
-
-GITHUB_ORG="${GITHUB_ORG:-aws}"
-
-echo invoking the template.
-
-STACKNAME=${prefix}-el-ci-container-$(echo ${distro} | sed -e 's/\./-/')
-
-PREFIX_PARAM=ParameterKey=Prefix,ParameterValue=${prefix}
-NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network
-DOCKERHUB_SECRET_ARN=ParameterKey=DockerhubSecretArn,ParameterValue=${dockerhub_secret_arn}
-CFN_FILE=$PWD/../cfn/ci_container_${distro}.yml
-GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG}
-
-if test ! -f $CFN_FILE; then
- echo CFN file ${CFN_FILE} not found. ensure that the container cfn exists and
- echo there is not a typo in the distro name.
- exit 1
-fi
-
-stack_id=$(aws cloudformation create-stack --output text --query StackId \
- --stack-name ${STACKNAME} \
- --template-body file://$PWD/../cfn/ci_container_${distro}.yml \
- --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
- --parameters ${NETWORK_STACK_NAME} ${DOCKERHUB_SECRET_ARN} ${PREFIX_PARAM} ${GITHUB_SOURCE_ORG}
- )
-
-if test $? -ne 0; then
- printf "Error: template invocation failed.\n"
- exit 1
-fi
-
-echo stack_id is [${stack_id}]
-deployment_status=CREATE_IN_PROGRESS
-
-while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do
- echo deployment status: $deployment_status ... wait three seconds
- sleep 3
-
- deployment_status=$(aws cloudformation describe-stacks \
- --stack-name ${STACKNAME} \
- --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \
- --output text)
-done
-
-echo deployment status: $deployment_status
-
-if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then
- echo Cloudformation script did not complete successfully.
- exit 1
-fi
diff --git a/core/scripts/setup_ci_container_poky.sh b/core/scripts/setup_ci_container_poky.sh
deleted file mode 100755
index 89a2a97..0000000
--- a/core/scripts/setup_ci_container_poky.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#! /bin/bash
-prefix=$1
-dockerhub_secret_arn=$2
-GITHUB_ORG="${GITHUB_ORG:-aws}"
-GITHUB_ORG=${GITHUB_ORG} $(dirname $0)/setup_ci_container.sh $1 $2 poky
diff --git a/core/scripts/setup_ci_container_ti.dunfell.sh b/core/scripts/setup_ci_container_ti.dunfell.sh
deleted file mode 100755
index b6264bc..0000000
--- a/core/scripts/setup_ci_container_ti.dunfell.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#! /bin/bash
-prefix=$1
-dockerhub_secret_arn=$2
-GITHUB_ORG="${GITHUB_ORG:-aws}"
-GITHUB_ORG=${GITHUB_ORG} $(dirname $0)/setup_ci_container.sh $1 $2 ti.dunfell
diff --git a/core/scripts/setup_ci_network.sh b/core/scripts/setup_ci_network.sh
deleted file mode 100755
index 8ddd104..0000000
--- a/core/scripts/setup_ci_network.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#! /bin/bash
-prefix=$1
-if test $# -ne 1; then
- echo you must pass in 1 argument: system prefix
- exit 1
-fi
-
-echo invoking the template.
-PWD=$(pwd)
-STACKNAME=${prefix}-el-ci-network
-stack_id=$(aws cloudformation create-stack --output text \
- --stack-name ${STACKNAME} \
- --template-body file://$PWD/../cfn/ci_network.yml \
- --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
- --query StackId)
-
-echo stack_id is [${stack_id}]
-deployment_status=CREATE_IN_PROGRESS
-
-while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do
- echo deployment status: $deployment_status ... wait three seconds
- sleep 3
-
- deployment_status=$(aws cloudformation describe-stacks \
- --stack-name ${STACKNAME} \
- --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \
- --output text)
-done
-
-echo deployment status: $deployment_status
-
-if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then
- echo Cloudformation script did not complete successfully.
- exit 1
-fi
diff --git a/core/scripts/setup_dockerhub_secret.sh b/core/scripts/setup_dockerhub_secret.sh
deleted file mode 100755
index 795f973..0000000
--- a/core/scripts/setup_dockerhub_secret.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#+ /bin/bash
-prefix=$1
-if test $# -ne 1; then
- echo you must pass in 1 argument: system prefix
- exit 1
-fi
-
-printf "What is your dockerhub username (it will be used as part of the name)? "
-read username
-printf "\n"
-
-prompt="What is your dockerhub password?"
-while IFS= read -p "$prompt" -r -s -n 1 char
-do
- if [[ $char == $'\0' ]]
- then
- break
- fi
- prompt='*'
- password+="$char"
-done
-echo
-
-printf "This is your ARN:\n"
-secret_string={\"username\":\"${username}\",\"password\":\"${password}\"}
-secret_arn=$(aws secretsmanager create-secret \
- --name dockerhub_${prefix} \
- --description "DockerHub login" \
- --secret-string "${secret_string}" \
- --output text --query ARN)
-unset prefix
-unset userid
-unset password
-
-echo ${secret_arn}
diff --git a/dependabot.yml b/dependabot.yml
deleted file mode 100644
index 833b522..0000000
--- a/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
- - package-ecosystem: "npm"
- directory: "/cdk/"
- schedule:
- interval: "daily"
diff --git a/docs/new_release_checklist.md b/docs/new_release_checklist.md
new file mode 100644
index 0000000..d1c1a2c
--- /dev/null
+++ b/docs/new_release_checklist.md
@@ -0,0 +1,3 @@
+# Things to do when a new yocto release comes up
+- Create a new branch and -next branch based on master-next.
+- Add in GitHub backport action add new branch-next to backport to.
diff --git a/docs/next_to_release_branch.md b/docs/next_to_release_branch.md
new file mode 100644
index 0000000..0e2b005
--- /dev/null
+++ b/docs/next_to_release_branch.md
@@ -0,0 +1,64 @@
+# Backporting changes from master to releases
+Clone and setup your fork:
+
+git clone https://github.com/[username]/meta-aws.git
+cd meta-aws
+git remote add upstream https://github.com/aws4embeddedlinux/meta-aws.git
+git config remote.upstream.pushurl "you really didn't want to do that"
+git fetch upstream
+git checkout upstream/dunfell-next -b dunfell_master_backport_$(date "+%Y-%m-%d")
+Find a commit to cherry pick in master:
+
+git cherry-pick -x
+Or a range:
+
+git cherry-pick -x 3290ff3^..c22e729
+Fix errors and git add / rm
+(vscode git code view helps)
+
+Build recipes and beware of patch changes.
+
+You can use this to find all recipes in a layer to build them:
+
+```
+
+find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'
+e.g.:
+
+bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k
+for all supported architectures (qemux64, qemuarm, qemuarm64)
+
+e.g.:
+
+MACHINE=qemuarm64 bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k
+or to build all recipes for all MACHINES:
+
+ for arch in qemuarm qemuarm64 qemux86 qemux86-64 ; do MACHINE=$arch bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k ; done
+then continue cherry picking:
+
+git cherry-pick --continue
+push to your fork and create a pull request
+
+git push
+```
+
+# Testing
+All recipes from meta-aws should build for supported architectures (arm arm64 x86-64) and all ptests should pass for all releases.
+We use a script to do this.
+
+# Releasing
+There is also a GitHub action available!
+Releasing from A-next into A requires using Fast Forward Merges. The process is as follows:
+
+Clone the repository locally.
+Checkout the target branch.
+Merge the source branch using git merge --ff-only.
+If this fails, some investigation is required.
+This script to do this process can be found in ff-merge folder.
+
+Why not rebase/PR?
+Using PRs to merge a staging branch into a release branch is limited to a number of methods that each have their own issues.
+
+Merge - This will accumulate merge commits in the release branch that are not in the staging branch. If a contribution is based on the release branch, but passes through staging branch, inevitably we will encounter merge conflicts which can be completely avoided by other methods.
+Rebase - Rebasing rewrites the Committer Date which causes the SHA of each commit to change. This desyncs the staging branch to show being N commits behind and N commits ahead of master. These N commits will show up in future pull requests, including contributions if they are based on the release branch. To fix this requires deleting and recreating the staging branch on each release.
+Squash - Squash merge destroys commit information. This can elide who actually did commits and creates even more desync issues with the staging branch than rebasing.
diff --git a/docs/ptest.md b/docs/ptest.md
new file mode 100644
index 0000000..fd2a26e
--- /dev/null
+++ b/docs/ptest.md
@@ -0,0 +1,51 @@
+# PTest Setup
+## Recipe Setup
+The public docs can be found on the yocto wiki and note there is this about testimages (an image include ptest and oeqa tests)
+
+## Inherit ptest
+Create an executable shell script called `run-ptest`. This will need to produce a specific output of described in the wiki.
+For CTest, I found it easiest to process the JUnit XML with a simple python script.
+Setup Image
+In your local conf add the following:
+
+```
+MACHINE = "qemux86-64"
+
+DISTRO_FEATURES:append = " ptest"
+EXTRA_IMAGE_FEATURES += "ptest-pkgs"
+IMAGE_INSTALL:append = " ptest-runner [PACKAGE NAME] ssh"
+IMAGE_CLASSES += "testimage"
+# Required to disable KVM/hypervisor mode.
+QEMU_USE_KVM = ""
+# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages.
+TEST_SUITES = " ping ssh ptest"
+# Increased memory is typically required.
+QB_MEM = "-m 4096"
+# enable slirp networking
+QEMU_USE_SLIRP = "1"
+TEST_SERVER_IP = "127.0.0.1"
+minimal do this:
+
+# Required to disable KVM/hypervisor mode.
+QEMU_USE_KVM = ""
+
+# use slirp networking instead of TAP interface (require root rights)
+QEMU_USE_SLIRP = "1"
+TEST_SERVER_IP = "127.0.0.1"
+
+
+# aws-c-common-ptest = ptest package for aws-c-common
+IMAGE_INSTALL:append = " ptest-runner ssh aws-c-common-ptest"
+
+
+# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage
+IMAGE_CLASSES += "testimage"
+
+# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests:
+# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages.
+TEST_SUITES = " ping ssh ptest"
+```
+
+## Executing
+Option 1: Create the image, log into it and manually run `ptest-runner`.
+Option 2: Run the command with `bitbake core-image-minimal -c testimage`.
diff --git a/ff-merge/README.md b/ff-merge/README.md
new file mode 100644
index 0000000..d4b858a
--- /dev/null
+++ b/ff-merge/README.md
@@ -0,0 +1,13 @@
+## User Scripts
+
+These are intended to be run manually (for now).
+
+### Release
+
+This is for merging a staging branch into a release branch through a forced fast-forward merge.
+
+Usage:
+
+```shell
+BRANCH=[Target Release Branch] ORG=[GitHub Org] bash release.sh
+```
diff --git a/ff-merge/release.sh b/ff-merge/release.sh
new file mode 100644
index 0000000..b11fe5c
--- /dev/null
+++ b/ff-merge/release.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+BRANCH="${BRANCH:-master}"
+ORG="${ORG:-aws4embeddedlinux}"
+# For Linux and MacOS compat, avoid the -t option with mktemp!
+WORKDIR=$(mktemp -d "${TMPDIR:-/tmp}/release.XXXXXXXXX")
+
+function cleanup() {
+ rm -fr $WORKDIR
+}
+trap cleanup EXIT
+
+git clone https://github.com/${ORG}/meta-aws -b $BRANCH $WORKDIR
+
+git -C $WORKDIR merge --ff-only origin/${BRANCH}-next
+git -C $WORKDIR push -u origin $BRANCH
diff --git a/graphics/core_ci_network.jpeg b/graphics/core_ci_network.jpeg
deleted file mode 100644
index 6d99c1a..0000000
Binary files a/graphics/core_ci_network.jpeg and /dev/null differ
diff --git a/ref/README.md b/ref/README.md
deleted file mode 100644
index ae0a7a7..0000000
--- a/ref/README.md
+++ /dev/null
@@ -1,77 +0,0 @@
-## Reference Implementation
-
-
-
-# AWS services in use
-
-- CodeBuild
-- Elastic Container Registry
-- Elastic Container Service
-- S3
-- Elastic File System
-- Secrets Manager
-
-# External AWS services in use
-
-- **Github**. You will need a Github account to implement this process.
-- **Dockerhub**. You will need a Dockerhub account to implement this
- process.
-
-# Foundations
-
-This project uses Continuous Integration tools from Amazon Web
-Services. The tools operate containers in the context of a private
-subnet where VPC routing rules control traffic to the internet. The
-Cloudformation script for the nextwork is defined by the file
-`cloudformation/ci_network.yml`.
-
-**Warning** the script creates two Elastic IP instances which have
-fixed cost.
-
-1. Login to the AWS Console and navigate to your desired region.
-2. Create a new stack using the stack template
-`cloudformation/ci_network.yml`.
-3. Note the following stack creation values of these propoerties in
- the **Outputs** tab of the stack creation job since they will need
- to be used in any further build project instantiation.
- - PrivateSubnet1
- - PrivateSubnet2
- - VPC
-
-# Seeding the build machine
-
- High level process:
-
- 1. Create and store a Github Personal Access Token for automated
- Github access and note the ARN.
- 2. Create and store a Secrets Manager secret for your Dockerhub
- account and note the ARN.
- 3. Run the CodeBuild project to build and store the build machine
- image in an Elastic Containter Registry private repository.
-
-## Create the Github Personal Access Token
-
-Follow the process in the AWS CodeBuild documentation that explains
-the process very well. Note that, at the time of writing, you cannot
-add the personal access token through the AWS Console. You must have
-the AWS CLI installed.
-
-##
-
-# Continuous Integration
-
-Provides an AWS cloud native and serverless continuous integration
-framework that facilitates build-stage-test.
-
-# Pull request verification checks
-
-Provides an AWS cloud native integration hook with the meta-aws Github
-repo, providing bitbake layer integrity and verification checks. This
-might be extended to incremental build-stage-test in the future.
-
-# Device Tester integration
-
-Device Tester provides automated testing and certification through
-managed integration testing. meta-aws-ci provides the mechanisms to
-coordinate edge devices under test with the harness running in the AWS
-cloud.
diff --git a/ref/cfn/build_image_prod.yml b/ref/cfn/build_image_prod.yml
deleted file mode 100644
index 22b1cda..0000000
--- a/ref/cfn/build_image_prod.yml
+++ /dev/null
@@ -1,344 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
- ContainerRegistryUri:
- Description: >-
- The URI where the build machine image lives in REPOSITORY:TAG format.
- Type: String
-
-Resources:
- BuildBucket:
- Type: 'AWS::S3::Bucket'
- DeletionPolicy: Retain
- UpdateReplacePolicy: Retain
-
- BuildSStateCacheFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - sstate-cache
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
- BuildSStateCacheMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildSStateCacheMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - download
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
-
- BuildDownloadMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Location: !Ref BuildBucket
- Packaging: NONE
- NamespaceType: BUILD_ID
- Type: S3
- BadgeEnabled: true
- Description: The build process for a full Yocto image.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_2XLARGE
- Image: !Ref ContainerRegistryUri
- PrivilegedMode: true
- ImagePullCredentialsType: CODEBUILD
- EnvironmentVariables:
- - Name: DISTRIBUTION_S3
- Type: PLAINTEXT
- Value: !Ref BuildBucket
- FileSystemLocations:
- - Identifier: sstate
- Location: !Join
- - ''
- - - !Ref BuildSStateCacheFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /sstate-cache
- Type: EFS
- - Identifier: downloads
- Location: !Join
- - ''
- - - !Ref BuildDownloadFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /downloads
- Type: EFS
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: ci-cd/buildspec/cb-ci_image_prod.yml
- Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- Type: CODECOMMIT
- SourceIdentifier: meta_you
- SecondarySources:
- - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/you-connect
- Type: CODECOMMIT
- SourceIdentifier: you_connect
- SourceVersion: refs/heads/master
- SecondarySourceVersions:
- - SourceIdentifier: you_connect
- SourceVersion: refs/heads/master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
- - PolicyName: CodeCommitAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'codecommit:GitPull'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':meta-you'
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':you-connect'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:GetDownloadUrlForLayer'
- - 'ecr:BatchGetImage'
- - 'ecr:BatchCheckLayerAvailability'
- Effect: Allow
- Resource: '*'
- BuildBucketPolicy:
- Type: AWS::S3::BucketPolicy
- Properties:
- Bucket: !Ref BuildBucket
- PolicyDocument:
- Statement:
- - Action:
- - 's3:ListBucket'
- - 's3:GetObject'
- - 's3:PutObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - /*
- Principal:
- AWS: !GetAtt CodeBuildRole.Arn
diff --git a/ref/cfn/build_image_qa.yml b/ref/cfn/build_image_qa.yml
deleted file mode 100644
index 908d6d2..0000000
--- a/ref/cfn/build_image_qa.yml
+++ /dev/null
@@ -1,331 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
- ContainerRegistryUri:
- Description: >-
- The URI where the build machine image lives.
- Type: String
-
-Resources:
- BuildBucket:
- Type: 'AWS::S3::Bucket'
- DeletionPolicy: Retain
- UpdateReplacePolicy: Retain
-
- BuildSStateCacheFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - sstate-cache
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
- BuildSStateCacheMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildSStateCacheMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - download
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
-
- BuildDownloadMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Location: !Ref BuildBucket
- Packaging: NONE
- NamespaceType: BUILD_ID
- Type: S3
- BadgeEnabled: true
- Description: The build process for a Yocto QA image.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_2XLARGE
- Image: !Ref ContainerRegistryUri
- PrivilegedMode: true
- ImagePullCredentialsType: CODEBUILD
- EnvironmentVariables:
- - Name: DISTRIBUTION_S3
- Type: PLAINTEXT
- Value: !Ref BuildBucket
- FileSystemLocations:
- - Identifier: sstate
- Location: !Join
- - ''
- - - !Ref BuildSStateCacheFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /sstate-cache
- Type: EFS
- - Identifier: downloads
- Location: !Join
- - ''
- - - !Ref BuildDownloadFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /downloads
- Type: EFS
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: ci-cd/buildspec/cb-ci_image_qa.yml
- Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- Type: CODECOMMIT
- SourceIdentifier: meta_you
- SourceVersion: master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
- - PolicyName: CodeCommitAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'codecommit:GitPull'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':meta-you'
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':you-connect'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:GetDownloadUrlForLayer'
- - 'ecr:BatchGetImage'
- - 'ecr:BatchCheckLayerAvailability'
- Effect: Allow
- Resource: '*'
- BuildBucketPolicy:
- Type: AWS::S3::BucketPolicy
- Properties:
- Bucket: !Ref BuildBucket
- PolicyDocument:
- Statement:
- - Action:
- - 's3:ListBucket'
- - 's3:GetObject'
- - 's3:PutObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - /*
- Principal:
- AWS: !GetAtt CodeBuildRole.Arn
diff --git a/ref/cfn/build_image_sdk.yml b/ref/cfn/build_image_sdk.yml
deleted file mode 100644
index c047007..0000000
--- a/ref/cfn/build_image_sdk.yml
+++ /dev/null
@@ -1,331 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
- ContainerRegistryUri:
- Description: >-
- The URI where the build machine image lives.
- Type: String
-
-Resources:
- BuildBucket:
- Type: 'AWS::S3::Bucket'
- DeletionPolicy: Retain
- UpdateReplacePolicy: Retain
-
- BuildSStateCacheFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - sstate-cache
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
- BuildSStateCacheMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildSStateCacheMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildSStateCacheFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadFilesystem:
- Type: AWS::EFS::FileSystem
- Properties:
- BackupPolicy:
- Status: ENABLED
- Encrypted: False
- FileSystemTags:
- - Key: Name
- Value: !Join
- - ''
- - - !Ref AWS::StackName
- - "/"
- - download
- LifecyclePolicies:
- - TransitionToIA: AFTER_30_DAYS
- PerformanceMode: generalPurpose
- ThroughputMode: bursting
-
-
- BuildDownloadMountTarget1:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- BuildDownloadMountTarget2:
- Type: AWS::EFS::MountTarget
- Properties:
- FileSystemId: !Ref BuildDownloadFilesystem
- SubnetId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroups:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Location: !Ref BuildBucket
- Packaging: NONE
- NamespaceType: BUILD_ID
- Type: S3
- BadgeEnabled: true
- Description: The build process for the Yocto SDK installer.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_2XLARGE
- Image: !Ref ContainerRegistryUri
- PrivilegedMode: true
- ImagePullCredentialsType: CODEBUILD
- EnvironmentVariables:
- - Name: DISTRIBUTION_S3
- Type: PLAINTEXT
- Value: !Ref BuildBucket
- FileSystemLocations:
- - Identifier: sstate
- Location: !Join
- - ''
- - - !Ref BuildSStateCacheFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /sstate-cache
- Type: EFS
- - Identifier: downloads
- Location: !Join
- - ''
- - - !Ref BuildDownloadFilesystem
- - '.efs.'
- - !Ref AWS::Region
- - '.amazonaws.com:/'
- MountPoint: /downloads
- Type: EFS
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: ci-cd/buildspec/cb-ci_image_sdk.yml
- Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- Type: CODECOMMIT
- SourceIdentifier: meta_you
- SourceVersion: master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-DefaultSecurityGroup"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Ref AWS::StackName
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
- - PolicyName: CodeCommitAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'codecommit:GitPull'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':meta-you'
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':you-connect'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:GetDownloadUrlForLayer'
- - 'ecr:BatchGetImage'
- - 'ecr:BatchCheckLayerAvailability'
- Effect: Allow
- Resource: '*'
- BuildBucketPolicy:
- Type: AWS::S3::BucketPolicy
- Properties:
- Bucket: !Ref BuildBucket
- PolicyDocument:
- Statement:
- - Action:
- - 's3:ListBucket'
- - 's3:GetObject'
- - 's3:PutObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - !Join
- - ''
- - - 'arn:aws:s3:::'
- - !Ref BuildBucket
- - /*
- Principal:
- AWS: !GetAtt CodeBuildRole.Arn
diff --git a/ref/cfn/ci_build_containter.yml b/ref/cfn/ci_build_containter.yml
deleted file mode 100644
index c391858..0000000
--- a/ref/cfn/ci_build_containter.yml
+++ /dev/null
@@ -1,259 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild project that
- builds the docker container used for YP builds. It depends on the
- CI Network template.
-
-Parameters:
- NetworkStackName:
- Description: >-
- An environment name that is prefixed to resource names
- Type: String
-
- DockerhubSecretArn:
- Description: >-
- The secret you manually created to access DockerHub
- Type: String
-
-Resources:
-
- CodeBuildImageRepository:
- Type: AWS::ECR::Repository
- Properties:
- RepositoryName: yoctoproject/buildmachine
- RepositoryPolicyText: >-
- {
- "Version": "2008-10-17",
- "Statement": [
- {
- "Sid": "CodeBuildAccess",
- "Effect": "Allow",
- "Principal": {
- "Service": "codebuild.amazonaws.com"
- },
- "Action": [
- "ecr:BatchCheckLayerAvailability",
- "ecr:BatchGetImage",
- "ecr:GetDownloadUrlForLayer"
- ]
- }
- ]
- }
-
- CodeBuildProject:
- Type: AWS::CodeBuild::Project
- Properties:
- Artifacts:
- Type: NO_ARTIFACTS
- BadgeEnabled: true
- Description: >-
- The build process for creating an image and propagating to
- ECR for automated build processes.
- Environment:
- Type: LINUX_CONTAINER
- ComputeType: BUILD_GENERAL1_SMALL
- Image: aws/codebuild/standard:4.0
- PrivilegedMode: true
- EnvironmentVariables:
- - Name: IMAGE_REPO_NAME
- Value: yoctoproject/buildmachine
- Type: PLAINTEXT
- - Name: AWS_DEFAULT_REGION
- Value: !Ref 'AWS::Region'
- Type: PLAINTEXT
- - Name: AWS_ACCOUNT_ID
- Value: !Ref 'AWS::AccountId'
- Type: PLAINTEXT
- - Name: IMAGE_TAG
- Value: Latest
- Type: PLAINTEXT
- - Name: dockerhub_username
- Value: dh:username
- Type: SECRETS_MANAGER
- - Name: dockerhub_password
- Value: dh:password
- Type: SECRETS_MANAGER
- Name: !Ref AWS::StackName
- ServiceRole: !Ref CodeBuildRole
- Source:
- BuildSpec: ci-cd/buildspec/cb-ci_container.yml
- Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- Type: CODECOMMIT
- SourceIdentifier: meta_you
- SourceVersion: master
- VpcConfig:
- VpcId:
- Fn::ImportValue:
- !Sub "${NetworkStackName}-VPC"
- Subnets:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet1"
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-PrivateSubnet2"
- SecurityGroupIds:
- - Fn::ImportValue:
- !Sub "${NetworkStackName}-NoIngressSecurityGroup"
-
- CodeBuildRole:
- Type: AWS::IAM::Role
- Properties:
- AssumeRolePolicyDocument:
- Statement:
- - Action: ['sts:AssumeRole']
- Effect: Allow
- Principal:
- Service: [codebuild.amazonaws.com]
- Version: '2012-10-17'
- Path: /
- Policies:
- - PolicyName: CodeBuildAccessBase
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:*'
- - 'ec2:CreateNetworkInterface'
- - 'ec2:DescribeNetworkInterfaces'
- - 'ec2:DeleteNetworkInterface'
- - 'ec2:DescribeSubnets'
- - 'ec2:DescribeSecurityGroups'
- - 'ec2:DescribeDhcpOptions'
- - 'ec2:DescribeVpcs'
- - 'ec2:CreateNetworkInterfacePermission'
- Effect: Allow
- Resource: '*'
- - PolicyName: CodeBuildAccessNetwork
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ec2:CreateNetworkInterfacePermission'
- Condition:
- StringEquals:
- 'ec2:Subnet':
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1"
- - !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface:subnet/'
- - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2"
- 'ec2:AuthorizedService': 'codebuild.amazonaws.com'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:ec2:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':network-interface/*'
- - PolicyName: ECRAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'ecr:BatchCheckLayerAvailability'
- - 'ecr:CompleteLayerUpload'
- - 'ecr:GetAuthorizationToken'
- - 'ecr:InitiateLayerUpload'
- - 'ecr:PutImage'
- - 'ecr:UploadLayerPart'
- Effect: Allow
- Resource: '*'
- - PolicyName: SecretManagerAccessDH
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Ref DockerhubSecretArn
- - PolicyName: SecretManagerAccessCodebuild
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'secretsmanager:GetSecretValue'
- Effect: Allow
- Resource: !Join
- - ''
- - - 'arn:aws:secretsmanager:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':secret:/CodeBuild/*'
- - PolicyName: LogsAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'logs:CreateLogGroup'
- - 'logs:CreateLogStream'
- - 'logs:PutLogEvents'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - !Join
- - ''
- - - 'arn:aws:logs:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':log-group:/aws/codebuild/'
- - !Join
- - ''
- - - !Ref AWS::StackName
- - "_YPBuildImage"
- - ':*'
- - PolicyName: S3Access
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 's3:PutObject'
- - 's3:GetObject'
- - 's3:GetObjectVersion'
- - 's3:GetBucketAcl'
- - 's3:GetBucketLocation'
- Effect: Allow
- Resource: "arn:aws:s3:::codepipeline-us-east-1-*"
- - PolicyName: CodeCommitAccess
- PolicyDocument:
- Version: '2012-10-17'
- Statement:
- - Action:
- - 'codecommit:GitPull'
- Effect: Allow
- Resource:
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':meta-you'
- - !Join
- - ''
- - - 'arn:aws:codecommit:'
- - !Ref 'AWS::Region'
- - ':'
- - !Ref 'AWS::AccountId'
- - ':you-connect'
diff --git a/ref/cfn/ci_network.yml b/ref/cfn/ci_network.yml
deleted file mode 100644
index 5e2fd91..0000000
--- a/ref/cfn/ci_network.yml
+++ /dev/null
@@ -1,259 +0,0 @@
-Description: >-
- This template deploys an AWS CodeBuild ready VPC with
- the CodeBuild project and ECS store for building storing the
- resulting image. This is taken verbatim from the CodeBuild
- documentation.
-
-Parameters:
- VpcCIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for this VPC
- Type: String
- Default: 10.192.0.0/16
-
- PublicSubnet1CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- public subnet in the first Availability Zone
- Type: String
- Default: 10.192.10.0/24
-
- PublicSubnet2CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- public subnet in the second Availability Zone
- Type: String
- Default: 10.192.11.0/24
-
- PrivateSubnet1CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- private subnet in the first Availability Zone
- Type: String
- Default: 10.192.20.0/24
-
- PrivateSubnet2CIDR:
- Description: >-
- Please enter the IP range (CIDR notation) for the
- private subnet in the second Availability Zone
- Type: String
- Default: 10.192.21.0/24
-
-Resources:
- VPC:
- Type: AWS::EC2::VPC
- Properties:
- CidrBlock: !Ref VpcCIDR
- EnableDnsSupport: true
- EnableDnsHostnames: true
- Tags:
- - Key: Name
- Value: !Ref AWS::StackName
-
- InternetGateway:
- Type: AWS::EC2::InternetGateway
- Properties:
- Tags:
- - Key: Name
- Value: !Ref AWS::StackName
-
- InternetGatewayAttachment:
- Type: AWS::EC2::VPCGatewayAttachment
- Properties:
- InternetGatewayId: !Ref InternetGateway
- VpcId: !Ref VPC
-
- PublicSubnet1:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 0, !GetAZs '' ]
- CidrBlock: !Ref PublicSubnet1CIDR
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Subnet (AZ1)
-
- PublicSubnet2:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 1, !GetAZs '' ]
- CidrBlock: !Ref PublicSubnet2CIDR
- MapPublicIpOnLaunch: true
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Subnet (AZ2)
-
- PrivateSubnet1:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 0, !GetAZs '' ]
- CidrBlock: !Ref PrivateSubnet1CIDR
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Subnet (AZ1)
-
- PrivateSubnet2:
- Type: AWS::EC2::Subnet
- Properties:
- VpcId: !Ref VPC
- AvailabilityZone: !Select [ 1, !GetAZs '' ]
- CidrBlock: !Ref PrivateSubnet2CIDR
- MapPublicIpOnLaunch: false
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Subnet (AZ2)
-
- NatGateway1EIP:
- Type: AWS::EC2::EIP
- DependsOn: InternetGatewayAttachment
- Properties:
- Domain: vpc
-
- NatGateway2EIP:
- Type: AWS::EC2::EIP
- DependsOn: InternetGatewayAttachment
- Properties:
- Domain: vpc
-
- NatGateway1:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId: !GetAtt NatGateway1EIP.AllocationId
- SubnetId: !Ref PublicSubnet1
-
- NatGateway2:
- Type: AWS::EC2::NatGateway
- Properties:
- AllocationId: !GetAtt NatGateway2EIP.AllocationId
- SubnetId: !Ref PublicSubnet2
-
- PublicRouteTable:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Public Routes
-
- DefaultPublicRoute:
- Type: AWS::EC2::Route
- DependsOn: InternetGatewayAttachment
- Properties:
- RouteTableId: !Ref PublicRouteTable
- DestinationCidrBlock: 0.0.0.0/0
- GatewayId: !Ref InternetGateway
-
- PublicSubnet1RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PublicRouteTable
- SubnetId: !Ref PublicSubnet1
-
- PublicSubnet2RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PublicRouteTable
- SubnetId: !Ref PublicSubnet2
-
- PrivateRouteTable1:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Routes (AZ1)
-
- DefaultPrivateRoute1:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId: !Ref PrivateRouteTable1
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId: !Ref NatGateway1
-
- PrivateSubnet1RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PrivateRouteTable1
- SubnetId: !Ref PrivateSubnet1
-
- PrivateRouteTable2:
- Type: AWS::EC2::RouteTable
- Properties:
- VpcId: !Ref VPC
- Tags:
- - Key: Name
- Value: !Sub ${AWS::StackName} Private Routes (AZ2)
-
- DefaultPrivateRoute2:
- Type: AWS::EC2::Route
- Properties:
- RouteTableId: !Ref PrivateRouteTable2
- DestinationCidrBlock: 0.0.0.0/0
- NatGatewayId: !Ref NatGateway2
-
- PrivateSubnet2RouteTableAssociation:
- Type: AWS::EC2::SubnetRouteTableAssociation
- Properties:
- RouteTableId: !Ref PrivateRouteTable2
- SubnetId: !Ref PrivateSubnet2
-
- NoIngressSecurityGroup:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupName: "no-ingress-sg"
- GroupDescription: "Security group with no ingress rule"
- VpcId: !Ref VPC
-
-Outputs:
- VPC:
- Description: >-
- A reference to the created VPC
- Value: !Ref VPC
- Export:
- Name: !Sub "${AWS::StackName}-VPC"
-
- PublicSubnet1:
- Description: >-
- A reference to the public subnet in the 1st Availability Zone
- Value: !Ref PublicSubnet1
- Export:
- Name: !Sub "${AWS::StackName}-PublicSubnet1"
-
- PublicSubnet2:
- Description: >-
- A reference to the public subnet in the 2nd Availability Zone
- Value: !Ref PublicSubnet2
- Export:
- Name: !Sub "${AWS::StackName}-PublicSubnet2"
-
- PrivateSubnet1:
- Description: >-
- A reference to the private subnet in the 1st Availability Zone
- Value: !Ref PrivateSubnet1
- Export:
- Name: !Sub "${AWS::StackName}-PrivateSubnet1"
-
- PrivateSubnet2:
- Description: >-
- A reference to the private subnet in the 2nd Availability Zone
- Value: !Ref PrivateSubnet2
- Export:
- Name: !Sub "${AWS::StackName}-PrivateSubnet2"
-
- DefaultSecurityGroup:
- Description: >-
- Security group with no ingress rule
- Value: !GetAtt VPC.DefaultSecurityGroup
- Export:
- Name: !Sub "${AWS::StackName}-DefaultSecurityGroup"
- NoIngressSecurityGroup:
- Description: >-
- Security group with no ingress rule
- Value: !Ref NoIngressSecurityGroup
- Export:
- Name: !Sub "${AWS::StackName}-NoIngressSecurityGroup"
-
diff --git a/ref/layer/ci/cb-ci_container.yml b/ref/layer/ci/cb-ci_container.yml
deleted file mode 100644
index c98277c..0000000
--- a/ref/layer/ci/cb-ci_container.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-version: 0.2
-phases:
- pre_build:
- commands:
- - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container
- - echo Logging in to Amazon ECR...
- - aws ecr get-login-password --region $AWS_DEFAULT_REGION |
- docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- - docker login --username $dockerhub_username --password $dockerhub_password
- build:
- commands:
- - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container
- - echo Build started on `date`
- - echo Building the Docker image...
- - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
- post_build:
- commands:
- - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container
- - echo Build completed on `date`
- - echo Pushing the Docker image...
- - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
-
diff --git a/ref/layer/ci/cb-ci_image_prod.yml b/ref/layer/ci/cb-ci_image_prod.yml
deleted file mode 100644
index 7c5ab05..0000000
--- a/ref/layer/ci/cb-ci_image_prod.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-version: 0.2
-run-as: aws-yocto-builder
-env:
- git-credential-helper: yes
-phases:
- pre_build:
- run-as: root
- commands:
- - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo
- - chmod +x $HOME/repo
- - mkdir $HOME/dist
- - cd $HOME/dist
- - $HOME/repo init -u
- https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- -m ci-cd/repo/repo-ci.xml
- - $HOME/repo sync
- - env
- - chown aws-yocto-builder:aws-yocto-builder /downloads
- - chown aws-yocto-builder:aws-yocto-builder /sstate-cache
- - chmod 777 /downloads
- - chmod 777 /sstate-cache
- - git config --global user.name "Cloudy Builder"
- - git config --global user.email "email@example.com"
- build:
- commands:
- - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH
- - export BUILDDIR=/build-output
- - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd
- - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy
- - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf
- - bitbake core-image-minimal
-artifacts:
- s3-prefix: images
- files: $BUILDDIR/deploy/images/qemux86-64/*
-
diff --git a/ref/layer/ci/cb-ci_image_qa.yml b/ref/layer/ci/cb-ci_image_qa.yml
deleted file mode 100644
index cae096f..0000000
--- a/ref/layer/ci/cb-ci_image_qa.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-version: 0.2
-run-as: aws-yocto-builder
-env:
- git-credential-helper: yes
-phases:
- install:
- run-as: root
- commands:
- - apt-get install --reinstall git
- - apt -y install iproute2
- pre_build:
- run-as: root
- commands:
- - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo
- - chmod +x $HOME/repo
- - mkdir $HOME/dist
- - cd $HOME/dist
- - $HOME/repo init -u
- https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- -m ci-cd/repo/repo-ci.xml
- - $HOME/repo sync
- - env
- - chown aws-yocto-builder:aws-yocto-builder /downloads
- - chown aws-yocto-builder:aws-yocto-builder /sstate-cache
- - chmod 777 /downloads
- - chmod 777 /sstate-cache
- build:
- commands:
- - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH
- - export BUILDDIR=/build-output
- - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd
- - echo IMAGE_CLASSES += \"testimage\" >> ${CODEBUILD_SRC_DIR}/ci-cd/conf/local.conf
- - echo INHERIT += \"testimage\" >> ${CODEBUILD_SRC_DIR}/ci-cd/conf/local.conf
- - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy
- - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf
- - bitbake core-image-minimal
-artifacts:
- s3-prefix: images
- files: $BUILDDIR/deploy/images/qemux86-64/*
diff --git a/ref/layer/ci/cb-ci_image_sdk.yml b/ref/layer/ci/cb-ci_image_sdk.yml
deleted file mode 100644
index f730520..0000000
--- a/ref/layer/ci/cb-ci_image_sdk.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-version: 0.2
-run-as: aws-yocto-builder
-env:
- git-credential-helper: yes
-phases:
- pre_build:
- run-as: root
- commands:
- - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo
- - chmod +x $HOME/repo
- - mkdir $HOME/dist
- - cd $HOME/dist
- - $HOME/repo init -u
- https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- -m ci-cd/repo/repo-ci.xml
- - $HOME/repo sync
- - env
- - chown aws-yocto-builder:aws-yocto-builder /downloads
- - chown aws-yocto-builder:aws-yocto-builder /sstate-cache
- - chown aws-yocto-builder:aws-yocto-builder /build-output
- - chmod 777 /downloads
- - chmod 777 /sstate-cache
- - chmod 777 /build-output
- - apt-get install --reinstall git
- build:
- commands:
- - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH
- - export BUILDDIR=/build-output
- - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd
- - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy
- - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf
- - bitbake core-image-minimal -c populate_sdk
-artifacts:
- s3-prefix: installers
- files: $BUILDDIR/deploy/sdk/*
diff --git a/ref/layer/ci/cb-ci_sdk.yml b/ref/layer/ci/cb-ci_sdk.yml
deleted file mode 100644
index ed8908b..0000000
--- a/ref/layer/ci/cb-ci_sdk.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-version: 0.2
-run-as: aws-yocto-builder
-env:
- git-credential-helper: yes
-phases:
- pre_build:
- run-as: root
- commands:
- - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo
- - chmod +x $HOME/repo
- - mkdir $HOME/dist
- - cd $HOME/dist
- - $HOME/repo init -u https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you
- - $HOME/repo sync
- - echo trying to create directory under downloads
- - mkdir -p /downloads/test
- - echo trying to create directory under sstate-cache
- - mkdir -p /sstate-cache/test
- - echo trying to create directory under build-output
- - mkdir -p /build-output/test
- - env
- - chown aws-yocto-builder:aws-yocto-builder /downloads
- - chown aws-yocto-builder:aws-yocto-builder /sstate-cache
- - chown aws-yocto-builder:aws-yocto-builder /build-output
- - chmod 777 /downloads
- - chmod 777 /sstate-cache
- - chmod 777 /build-output
- build:
- commands:
- - ${CODEBUILD_SRC_DIR}/scripts/bb-image-prod.sh
diff --git a/ref/layer/ci/ci_container/Dockerfile b/ref/layer/ci/ci_container/Dockerfile
deleted file mode 100644
index eef98e3..0000000
--- a/ref/layer/ci/ci_container/Dockerfile
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-# http://aws.amazon.com/asl/
-#
-# or in the "license" file accompanying this file.
-# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
-# See the License for the specific language governing permissions and limitations under the License.
-
-FROM ubuntu:18.04 AS core
-
-ENV DEBIAN_FRONTEND="noninteractive"
-
-# Install git, SSH, and other utilities
-RUN set -ex \
- && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \
- && apt-get update \
- && apt install -y apt-transport-https gnupg ca-certificates \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \
- && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \
- && apt-get install software-properties-common -y --no-install-recommends \
- && apt-add-repository -y ppa:git-core/ppa \
- && apt-get update \
- && apt-get install git=1:2.* -y --no-install-recommends \
- && git version \
- && apt-get install -y --no-install-recommends openssh-client \
- && mkdir ~/.ssh \
- && touch ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \
- && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \
- && chmod 600 ~/.ssh/known_hosts \
- && apt-get install -y --no-install-recommends \
- apt-utils asciidoc autoconf automake build-essential bzip2 \
- bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \
- e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \
- groff gzip imagemagick iptables jq less libapr1 libaprutil1 \
- libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \
- libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \
- libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \
- libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \
- libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \
- libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \
- libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \
- libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \
- libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \
- libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \
- netbase openssl patch pkg-config procps python-bzrlib \
- python-configobj python-openssl rsync sgml-base sgml-data subversion \
- tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \
- libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 \
- && apt-get install -y --no-install-recommends \
- gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \
- socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \
- iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \
- && rm -rf /var/lib/apt/lists/*
-
-RUN useradd codebuild-user
-
-#=======================End of layer: core =================
-
-FROM core AS tools
-
-# AWS Tools
-# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html
-RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \
- && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \
- && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \
- && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \
- && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl
-
-# Configure SSM
-RUN set -ex \
- && mkdir /tmp/ssm \
- && cd /tmp/ssm \
- && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \
- && dpkg -i amazon-ssm-agent.deb
-
-# Install env tools for runtimes
-
-#python
-RUN curl https://pyenv.run | bash
-ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH"
-
-#=======================End of layer: tools =================
-FROM tools AS runtimes
-
-#**************** PYTHON *****************************************************
-ENV PYTHON_38_VERSION="3.8.3" \
- PYTHON_37_VERSION="3.7.7"
-
-ENV PYTHON_PIP_VERSION=19.3.1
-
-COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_37_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-
-COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION
-RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/*
-RUN pyenv global $PYTHON_38_VERSION
-RUN set -ex \
- && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \
- && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \
- && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv
-
-#**************** END PYTHON *****************************************************
-
-#=======================End of layer: runtimes =================
-
-#**************** DOCKER *********************************************
-ENV DOCKER_BUCKET="download.docker.com" \
- DOCKER_CHANNEL="stable" \
- DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \
- DOCKER_COMPOSE_VERSION="1.26.0" \
- SRC_DIR="/usr/src"
-
-ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e"
-ENV DOCKER_VERSION="19.03.11"
-
-# Install Docker
-RUN set -ex \
- && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
- && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
- && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \
- && rm docker.tgz \
- && docker -v \
- # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
- && addgroup dockremap \
- && useradd -g dockremap dockremap \
- && echo 'dockremap:165536:65536' >> /etc/subuid \
- && echo 'dockremap:165536:65536' >> /etc/subgid \
- && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \
- && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \
- && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \
- # Ensure docker-compose works
- && docker-compose version
-
-VOLUME /var/lib/docker
-#*********************** END DOCKER ****************************
-
-#=======================End of layer: corretto =================
-
-RUN pyenv global $PYTHON_38_VERSION
-
-# Configure SSH
-COPY ssh_config /root/.ssh/config
-COPY runtimes.yml /codebuild/image/config/runtimes.yml
-COPY dockerd-entrypoint.sh /usr/local/bin/
-COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc
-COPY legal/bill_of_material.txt /usr/share/doc
-COPY amazon-ssm-agent.json /etc/amazon/ssm/
-
-RUN which dash &> /dev/null && (\
- echo "dash dash/sh boolean false" | debconf-set-selections && \
- DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \
- echo "Skipping dash reconfigure (not applicable)"
-
-RUN locale-gen en_US.UTF-8
-RUN dpkg-reconfigure locales
-RUN update-locale LANG=en_US.UTF-8
-ENV LANG=en_US.UTF-8
-
-# When we run in a CodeBuild context, we can integrate with CodeCommit
-# only when run-as is root. Also, when run-as is aws-yocto-builder,
-# HOME is still root. So, just give permission to aws-yocto-builder to
-# root's home directory, which is a big bag of crazy.
-# NOTE: the whole reason why we need to do this is bitbake requires
-# we run from a non-root context, which is completely sane.
-RUN mkdir /home/aws-yocto-builder && \
- groupadd -g 70 aws-yocto-builder && \
- useradd -N -m -u 70 -g 70 aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \
- chown -R aws-yocto-builder:aws-yocto-builder /root
-
-# These are EFS mount points and must be permissioned so we can invoke the
-# build and place outputs from a non-root context.
-RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads
-RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache
-RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output
-
-USER aws-yocto-builder
-
-ENTRYPOINT ["dockerd-entrypoint.sh"]
diff --git a/ref/layer/ci/ci_container/amazon-ssm-agent.json b/ref/layer/ci/ci_container/amazon-ssm-agent.json
deleted file mode 100644
index acb8c83..0000000
--- a/ref/layer/ci/ci_container/amazon-ssm-agent.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
- "Profile":{
- "ShareCreds" : true,
- "ShareProfile" : ""
- },
- "Mds": {
- "CommandWorkersLimit" : 5,
- "StopTimeoutMillis" : 20000,
- "Endpoint": "",
- "CommandRetryLimit": 15
- },
- "Ssm": {
- "Endpoint": "",
- "HealthFrequencyMinutes": 5,
- "CustomInventoryDefaultLocation" : "",
- "AssociationLogsRetentionDurationHours" : 24,
- "RunCommandLogsRetentionDurationHours" : 336,
- "SessionLogsRetentionDurationHours" : 336
- },
- "Mgs": {
- "Region": "",
- "Endpoint": "",
- "StopTimeoutMillis" : 20000,
- "SessionWorkersLimit" : 1000
- },
- "Agent": {
- "Region": "",
- "OrchestrationRootDir": "",
- "ContainerMode": true
- },
- "Os": {
- "Lang": "en-US",
- "Name": "",
- "Version": "1"
- },
- "S3": {
- "Endpoint": "",
- "Region": "",
- "LogBucket":"",
- "LogKey":""
- },
- "Kms": {
- "Endpoint": ""
- }
-}
diff --git a/ref/layer/ci/ci_container/dockerd-entrypoint.sh b/ref/layer/ci/ci_container/dockerd-entrypoint.sh
deleted file mode 100644
index 1591be4..0000000
--- a/ref/layer/ci/ci_container/dockerd-entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-set -e
-
-/usr/local/bin/dockerd \
- --host=unix:///var/run/docker.sock \
- --host=tcp://127.0.0.1:2375 \
- --storage-driver=overlay2 &>/var/log/docker.log &
-
-
-tries=0
-d_timeout=60
-until docker info >/dev/null 2>&1
-do
- if [ "$tries" -gt "$d_timeout" ]; then
- cat /var/log/docker.log
- echo 'Timed out trying to connect to internal docker host.' >&2
- exit 1
- fi
- tries=$(( $tries + 1 ))
- sleep 1
-done
-
-eval "$@"
diff --git a/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt b/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt
deleted file mode 100644
index 1435019..0000000
--- a/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Third Party Licenses
-====================
-
-Stunnel:
-We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz
-
diff --git a/ref/layer/ci/ci_container/legal/bill_of_material.txt b/ref/layer/ci/ci_container/legal/bill_of_material.txt
deleted file mode 100644
index b8363cf..0000000
--- a/ref/layer/ci/ci_container/legal/bill_of_material.txt
+++ /dev/null
@@ -1,282 +0,0 @@
-The Amazon CodeBuild Product includes the following third-party software/licensing:
-
-----------------
-apt-transport-https : /usr/share/doc/apt-transport-https/copyright
-----------------
-apt-utils : /usr/share/doc/apt-utils/copyright
-----------------
-asciidoc : /usr/share/doc/asciidoc/copyright
-----------------
-autoconf : /usr/share/doc/autoconf/copyright
-----------------
-automake : /usr/share/doc/automake/copyright
-----------------
-build-essential : /usr/share/doc/build-essential/copyright
-----------------
-bzip2 : /usr/share/doc/bzip2/copyright
-----------------
-bzr : /usr/share/doc/bzr/copyright
-----------------
-ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright
-----------------
-curl : /usr/share/doc/curl/copyright
-----------------
-cvs : /usr/share/doc/cvs/copyright
-----------------
-cvsps : /usr/share/doc/cvsps/copyright
-----------------
-dirmngr : /usr/share/doc/dirmngr/copyright
-----------------
-docbook-xml : /usr/share/doc/docbook-xml/copyright
-----------------
-docbook-xsl : /usr/share/doc/docbook-xsl/copyright
-----------------
-dpkg-dev : /usr/share/doc/dpkg-dev/copyright
-----------------
-e2fsprogs : /usr/share/doc/e2fsprogs/copyright
-----------------
-expect : /usr/share/doc/expect/copyright
-----------------
-fakeroot : /usr/share/doc/fakeroot/copyright
-----------------
-file : /usr/share/doc/file/copyright
-----------------
-g++ : /usr/share/doc/g++/copyright
-----------------
-gcc : /usr/share/doc/gcc/copyright
-----------------
-gettext : /usr/share/doc/gettext/copyright
-----------------
-gettext-base : /usr/share/doc/gettext-base/copyright
-----------------
-git : /usr/share/doc/git/copyright
-----------------
-groff : /usr/share/doc/groff/copyright
-----------------
-gzip : /usr/share/doc/gzip/copyright
-----------------
-imagemagick : /usr/share/doc/imagemagick/copyright
-----------------
-iptables : /usr/share/doc/iptables/copyright
-----------------
-jq : /usr/share/doc/jq/copyright
-----------------
-less : /usr/share/doc/less/copyright
-----------------
-lib32gcc1 : /usr/share/doc/lib32gcc1/copyright
-----------------
-lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright
-----------------
-lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright
-----------------
-lib32z1 : /usr/share/doc/lib32z1/copyright
-----------------
-libapr1 : /usr/share/doc/libapr1/copyright
-----------------
-libaprutil1 : /usr/share/doc/libaprutil1/copyright
-----------------
-libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright
-----------------
-libasound2 : /usr/share/doc/libasound2/copyright
-----------------
-libbz2-dev : /usr/share/doc/libbz2-dev/copyright
-----------------
-libc6-dev : /usr/share/doc/libc6-dev/copyright
-----------------
-libc6-i386 : /usr/share/doc/libc6-i386/copyright
-----------------
-libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright
-----------------
-libdb-dev : /usr/share/doc/libdb-dev/copyright
-----------------
-libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright
-----------------
-libdbi-perl : /usr/share/doc/libdbi-perl/copyright
-----------------
-libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright
-----------------
-libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright
-----------------
-libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright
-----------------
-libedit-dev : /usr/share/doc/libedit-dev/copyright
-----------------
-liberror-perl : /usr/share/doc/liberror-perl/copyright
-----------------
-libevent-dev : /usr/share/doc/libevent-dev/copyright
-----------------
-libffi-dev : /usr/share/doc/libffi-dev/copyright
-----------------
-libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright
-----------------
-libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright
-----------------
-libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright
-----------------
-libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright
-----------------
-libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright
-----------------
-libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright
-----------------
-libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright
-----------------
-libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright
-----------------
-liblzma-dev : /usr/share/doc/liblzma-dev/copyright
-----------------
-libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright
-----------------
-libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright
-----------------
-libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright
-----------------
-libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright
-----------------
-libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright
-----------------
-libonig-dev : /usr/share/doc/libonig-dev/copyright
-----------------
-libpq-dev : /usr/share/doc/libpq-dev/copyright
-----------------
-libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright
-----------------
-libreadline-dev : /usr/share/doc/libreadline-dev/copyright
-----------------
-libserf-1-1 : /usr/share/doc/libserf-1-1/copyright
-----------------
-libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright
-----------------
-libssl-dev : /usr/share/doc/libssl-dev/copyright
-----------------
-libsvn-perl : /usr/share/doc/libsvn-perl/copyright
-----------------
-libsvn1 : /usr/share/doc/libsvn1/copyright
-----------------
-libtcl8.6 : /usr/share/doc/libtcl8.6/copyright
-----------------
-libtidy-dev : /usr/share/doc/libtidy-dev/copyright
-----------------
-libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright
-----------------
-libtool : /usr/share/doc/libtool/copyright
-----------------
-libwebp-dev : /usr/share/doc/libwebp-dev/copyright
-----------------
-libxml2-dev : /usr/share/doc/libxml2-dev/copyright
-----------------
-libxml2-utils : /usr/share/doc/libxml2-utils/copyright
-----------------
-libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright
-----------------
-libyaml-dev : /usr/share/doc/libyaml-dev/copyright
-----------------
-libyaml-perl : /usr/share/doc/libyaml-perl/copyright
-----------------
-libzip-dev : /usr/share/doc/libzip-dev/copyright
-----------------
-libzip4 : /usr/share/doc/libzip4/copyright
-----------------
-llvm : /usr/share/doc/llvm/copyright
-----------------
-locales : /usr/share/doc/locales/copyright
-----------------
-make : /usr/share/doc/make/copyright
-----------------
-mercurial : /usr/share/doc/mercurial/copyright
-----------------
-mlocate : /usr/share/doc/mlocate/copyright
-----------------
-mono-devel : /usr/share/doc/mono-devel/copyright
-----------------
-netbase : /usr/share/doc/netbase/copyright
-----------------
-openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright
-----------------
-openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright
-----------------
-openssh-client : /usr/share/doc/openssh-client/copyright
-----------------
-openssl : /usr/share/doc/openssl/copyright
-----------------
-patch : /usr/share/doc/patch/copyright
-----------------
-pkg-config : /usr/share/doc/pkg-config/copyright
-----------------
-procps : /usr/share/doc/procps/copyright
-----------------
-python-bzrlib : /usr/share/doc/python-bzrlib/copyright
-----------------
-python-configobj : /usr/share/doc/python-configobj/copyright
-----------------
-python-openssl : /usr/share/doc/python-openssl/copyright
-----------------
-python-setuptools : /usr/share/doc/python-setuptools/copyright
-----------------
-rsync : /usr/share/doc/rsync/copyright
-----------------
-sbt : /usr/share/doc/sbt/copyright
-----------------
-sgml-base : /usr/share/doc/sgml-base/copyright
-----------------
-sgml-data : /usr/share/doc/sgml-data/copyright
-----------------
-software-properties-common : /usr/share/doc/software-properties-common/copyright
-----------------
-subversion : /usr/share/doc/subversion/copyright
-----------------
-tar : /usr/share/doc/tar/copyright
-----------------
-tcl : /usr/share/doc/tcl/copyright
-----------------
-tcl8.6 : /usr/share/doc/tcl8.6/copyright
-----------------
-tk : /usr/share/doc/tk/copyright
-----------------
-tk-dev : /usr/share/doc/tk-dev/copyright
-----------------
-unzip : /usr/share/doc/unzip/copyright
-----------------
-vim : /usr/share/doc/vim/copyright
-----------------
-wget : /usr/share/doc/wget/copyright
-----------------
-xfsprogs : /usr/share/doc/xfsprogs/copyright
-----------------
-xml-core : /usr/share/doc/xml-core/copyright
-----------------
-xmlto : /usr/share/doc/xmlto/copyright
-----------------
-xsltproc : /usr/share/doc/xsltproc/copyright
-----------------
-xvfb : /usr/share/doc/xvfb/copyright
-----------------
-xz-utils : /usr/share/doc/xz-utils/copyright
-----------------
-zip : /usr/share/doc/zip/copyright
-----------------
-zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright
-----------------
-ruby :https://www.ruby-lang.org/en/about/license.txt
-----------------
-python :https://docs.python.org/3/license.html
-----------------
-php :https://www.php.net/license/index.php
-----------------
-nodejs :https://github.com/nodejs/node/blob/master/LICENSE
-----------------
-golang :https://golang.org/LICENSE
-----------------
-dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT
-----------------
-Firefox :https://www.mozilla.org/en-US/MPL/
-----------------
-Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html
-----------------
-stunnel : https://www.stunnel.org/gpl.html
-----------------
-gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE
-----------------
-docker : https://www.docker.com/legal/components-licenses
-----------------
-
diff --git a/ref/layer/ci/ci_container/runtimes.yml b/ref/layer/ci/ci_container/runtimes.yml
deleted file mode 100644
index 7a68a21..0000000
--- a/ref/layer/ci/ci_container/runtimes.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-version: 0.1
-
-runtimes:
- android:
- versions:
- 28:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 28 ..."
- 29:
- requires:
- java: ["corretto8"]
- commands:
- - echo "Installing Android version 29 ..."
-
- java:
- versions:
- corretto11:
- commands:
- - echo "Installing Java version 11 ..."
-
- - export JAVA_HOME="$JAVA_11_HOME"
-
- - export JRE_HOME="$JRE_11_HOME"
-
- - export JDK_HOME="$JDK_11_HOME"
-
- - |-
- for tool_path in "$JAVA_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- corretto8:
- commands:
- - echo "Installing Java version 8 ..."
-
- - export JAVA_HOME="$JAVA_8_HOME"
-
- - export JRE_HOME="$JRE_8_HOME"
-
- - export JDK_HOME="$JDK_8_HOME"
-
- - |-
- for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*;
- do tool=`basename "$tool_path"`;
- if [ $tool != 'java-rmi.cgi' ];
- then
- update-alternatives --list "$tool" | grep -q "$tool_path" \
- && update-alternatives --set "$tool" "$tool_path";
- fi;
- done
- golang:
- versions:
- 1.12:
- commands:
- - echo "Installing Go version 1.12 ..."
- - goenv global $GOLANG_12_VERSION
- 1.13:
- commands:
- - echo "Installing Go version 1.13 ..."
- - goenv global $GOLANG_13_VERSION
- 1.14:
- commands:
- - echo "Installing Go version 1.14 ..."
- - goenv global $GOLANG_14_VERSION
- python:
- versions:
- 3.8:
- commands:
- - echo "Installing Python version 3.8 ..."
- - pyenv global $PYTHON_38_VERSION
- 3.7:
- commands:
- - echo "Installing Python version 3.7 ..."
- - pyenv global $PYTHON_37_VERSION
- php:
- versions:
- 7.4:
- commands:
- - echo "Installing PHP version 7.4 ..."
- - phpenv global $PHP_74_VERSION
- 7.3:
- commands:
- - echo "Installing PHP version 7.3 ..."
- - phpenv global $PHP_73_VERSION
- ruby:
- versions:
- 2.6:
- commands:
- - echo "Installing Ruby version 2.6 ..."
- - rbenv global $RUBY_26_VERSION
- 2.7:
- commands:
- - echo "Installing Ruby version 2.7 ..."
- - rbenv global $RUBY_27_VERSION
- nodejs:
- versions:
- 10:
- commands:
- - echo "Installing Node.js version 10 ..."
- - n $NODE_10_VERSION
- 12:
- commands:
- - echo "Installing Node.js version 12 ..."
- - n $NODE_12_VERSION
- docker:
- versions:
- 18:
- commands:
- - echo "Using Docker 19"
- 19:
- commands:
- - echo "Using Docker 19"
- dotnet:
- versions:
- 3.1:
- commands:
- - echo "Installing .NET version 3.1 ..."
diff --git a/ref/layer/ci/ci_container/ssh_config b/ref/layer/ci/ci_container/ssh_config
deleted file mode 100644
index 710e275..0000000
--- a/ref/layer/ci/ci_container/ssh_config
+++ /dev/null
@@ -1,3 +0,0 @@
-Host *
- ConnectTimeout 10
- ConnectionAttempts 10
diff --git a/ref/layer/ci/ci_container/tools/android-accept-licenses.sh b/ref/layer/ci/ci_container/tools/android-accept-licenses.sh
deleted file mode 100644
index ebac067..0000000
--- a/ref/layer/ci/ci_container/tools/android-accept-licenses.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 1800
-set cmd [lindex $argv 0]
-set licenses [lindex $argv 1]
-
-spawn {*}$cmd
-expect {
- "Do you accept the license '*'*" {
- exp_send "y\r"
- exp_continue
- }
- "Accept? (y/N): " {
- exp_send "y\r"
- exp_continue
- }
- "Review licenses that have not been accepted (y/N)? " {
- exp_send "y\r"
- exp_continue
- }
- eof
-}
-
-lassign [wait] pid spawnid os_error waitvalue
-
-if {$os_error == 0} {
- exit $waitvalue
-} else {
- exit 1
-}
diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19 b/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19
deleted file mode 100644
index 339dd8c..0000000
--- a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19
+++ /dev/null
@@ -1,20 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-libedit"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19
-#Don't change beyond this line
-
-configure_option "--without-pear"
-configure_option "--with-gd"
-configure_option "--with-png-dir" "/usr"
-configure_option "--with-jpeg-dir" "/usr"
-configure_option "--enable-zip"
-
-install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
-
diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7 b/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7
deleted file mode 100644
index 07cb0b0..0000000
--- a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7
+++ /dev/null
@@ -1,18 +0,0 @@
-configure_option "--with-curl"
-configure_option "--with-password-argon2"
-configure_option "--with-pdo-pgsql"
-configure_option "--with-libedit"
-
-PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4"
-
-#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7
-#Don't change beyond this line
-
-configure_option "--enable-gd"
-configure_option "--with-jpeg"
-configure_option "--with-zip"
-
-install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2"
-install_xdebug "2.9.6"
-enable_builtin_opcache
-
diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7 b/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7
deleted file mode 100644
index b475586..0000000
--- a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7
+++ /dev/null
@@ -1,19 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" ldflags_dirs standard verify_py37 copy_python_gdb ensurepip
-else
- install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" ldflags_dirs standard verify_py37 copy_python_gdb ensurepip
-fi
-
-
diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3 b/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3
deleted file mode 100644
index 239fdde..0000000
--- a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3
+++ /dev/null
@@ -1,19 +0,0 @@
-export PYTHON_CONFIGURE_OPTS="\
- --enable-shared
- --enable-loadable-sqlite-extensions"
-
-# Don't change below this line.
-# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3
-
-#require_gcc
-prefer_openssl11
-export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1
-install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl
-install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline
-if has_tar_xz_support; then
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" ldflags_dirs standard verify_py38 copy_python_gdb ensurepip
-else
- install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" ldflags_dirs standard verify_py38 copy_python_gdb ensurepip
-fi
-
-
diff --git a/ref/layer/ci/repo-ci.xml b/ref/layer/ci/repo-ci.xml
deleted file mode 100644
index ff85e5f..0000000
--- a/ref/layer/ci/repo-ci.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/ref/layer/conf/layer.conf b/ref/layer/conf/layer.conf
deleted file mode 100644
index 7c589f1..0000000
--- a/ref/layer/conf/layer.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# We have a conf and classes directory, add to BBPATH
-BBPATH .= ":${LAYERDIR}"
-
-# We have recipes-* directories, add to BBFILES
-BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
- ${LAYERDIR}/recipes-*/*/*.bbappend"
-
-BBFILE_COLLECTIONS += "meta-you"
-BBFILE_PATTERN_meta-you = "^${LAYERDIR}/"
-BBFILE_PRIORITY_meta-you = "6"
-
-LAYERDEPENDS_meta-aws = "core"
-LAYERSERIES_COMPAT_meta-aws = "gatesgarth"
diff --git a/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb b/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb
deleted file mode 100644
index 68c085b..0000000
--- a/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-SUMMARY = "You Connect Distribution Image"
-DESCRIPTION = "The distribution image definition for the You Connect demonstration product."
-LICENSE = "MIT"
-inherit core-image
-
-MACHINE ?= "genericx86-64"
-IMAGE_INSTALL_append=" wget \
- cloud-init \
- packagegroup-core-full-cmdline \
- grub \
- connman \
- kernel-module-xen-acpi-processor \
- you-connect"
-IMAGE_FEATURES += " ssh-server-openssh"
-export IMAGE_BASENAME = "you-connect"
-IMAGE_NAME = "${MACHINE_NAME}_${IMAGE_BASENAME}"
-# Ensure extra space for guest images
-IMAGE_ROOTFS_EXTRA_SPACE = "1000000"
-DISTRO_FEATURES_append = " systemd virtualization xen "
-VIRTUAL-RUNTIME_init_manager = "systemd"
-DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
-
-IMAGE_LINGUAS = "en-us"
-ROOTFS_PKGMANAGE_PKGS ?= '${@oe.utils.conditional("ONLINE_PACKAGE_MANAGEMENT", "none", "", "${ROOTFS_PKGMANAGE}", d)}'
-
-
diff --git a/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb b/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb
deleted file mode 100644
index eae7745..0000000
--- a/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "You Connect"
-DESCRIPTION = "Connecting you to AWS IoT with the AWS IoT Device SDK for C++"
-HOMEPAGE = "https://somewhere.com/out/there/you/connect"
-LICENSE = "Apache-2.0"
-PROVIDES += "you-connect"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-BRANCH ?= "master"
-SRC_URI = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/you-connect;branch=${BRANCH}"
-SRCREV = "16b73b81da29149581a433cf7b6e69fcdd11176a"
-
-S= "${WORKDIR}/git"
-PACKAGES = "${PN}"
-DEPENDS = "openssl aws-iot-device-sdk-cpp-v2 googletest"
-RDEPENDS_${PN} = "openssl aws-iot-device-sdk-cpp-v2"
-
-inherit cmake
-
-OECMAKE_BUILDPATH += "${WORKDIR}/build"
-OECMAKE_SOURCEPATH += "${S}"
-EXTRA_OECMAKE += "-DBUILD_SDK=OFF"
-EXTRA_OECMAKE += "-DBUILD_TEST_DEPS=OFF"
-EXTRA_OECMAKE += "-DBUILD_TESTING=OFF"
-EXTRA_OECMAKE += "-DCMAKE_BUILD_TYPE=Release"
-EXTRA_OECMAKE += "-DCMAKE_CXX_FLAGS_RELEASE=-s"
-
-INSANE_SKIP_${PN}_append = "already-stripped"
-
-inherit systemd
-SYSTEMD_AUTO_ENABLE = "enable"
-SYSTEMD_SERVICE_${PN} = "aws-iot-device-client.service"
-
-
diff --git a/release-tests/meta-aws-release-tests.sh b/release-tests/meta-aws-release-tests.sh
new file mode 100755
index 0000000..9af72c4
--- /dev/null
+++ b/release-tests/meta-aws-release-tests.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+
+RELEASES=${1:-"master scarthgap styhead kirkstone"}
+echo "RELEASES=$RELEASES"
+
+ARCHS=${2:-"qemuarm64 qemux86-64"}
+echo "ARCHS=$ARCHS"
+
+setup_config() {
+# keep indent!
+cat <>$BUILDDIR/conf/local.conf
+# Required to disable KVM/hypervisor mode.
+QEMU_USE_KVM = ""
+
+# use slirp networking instead of TAP interface (require root rights)
+QEMU_USE_SLIRP = "1"
+TEST_SERVER_IP = "127.0.0.1"
+
+# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests:
+# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages.
+TEST_SUITES = " ping ssh ptest"
+
+# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage
+IMAGE_CLASSES += "testimage"
+
+# PUT = package under test / this is set in auto.conf
+PUT ?= ""
+IMAGE_INSTALL:append = " ptest-runner ssh \${PUT}"
+
+# INHERIT += "cve-check"
+# include cve-extra-exclusions.inc
+
+# INHERIT += "create-spdx"
+# SPDX_PRETTY = "1"
+
+INHERIT += "rm_work"
+
+# BB_ENV_PASSTHROUGH_ADDITIONS="SSTATE_DIR $BB_ENV_PASSTHROUGH_ADDITIONS" SSTATE_DIR="/sstate" ./meta-aws-release-tests.sh
+SSTATE_DIR ?= "\${TOPDIR}/../../sstate-cache"
+DL_DIR ?= "\${TOPDIR}/../../downloads"
+EOF
+}
+
+set +exuo pipefail
+
+for RELEASE in $RELEASES ; do
+
+ # always delete old files, rebuilding from sstate will be fast enough
+ if [ -d yocto_$RELEASE ]
+ then
+ echo "deleting $PWD/yocto_$RELEASE"
+ tmp_del_dir=delme_$RANDOM
+ mkdir $tmp_del_dir
+ mv yocto_$RELEASE $tmp_del_dir
+ rm -rf $tmp_del_dir &
+ fi
+
+ mkdir yocto_$RELEASE
+
+ cd yocto_$RELEASE/
+writeups of different topics
+ git clone git://git.yoctoproject.org/poky -b $RELEASE
+ git clone https://github.com/aws4embeddedlinux/meta-aws.git -b $RELEASE-next
+ git clone https://github.com/openembedded/meta-openembedded.git -b $RELEASE
+
+ source poky/oe-init-build-env build
+
+ # add necessary layers
+ bitbake-layers add-layer ../meta-openembedded/meta-oe
+ bitbake-layers add-layer ../meta-openembedded/meta-python
+ bitbake-layers add-layer ../meta-openembedded/meta-networking
+ bitbake-layers add-layer ../meta-openembedded/meta-multimedia
+ bitbake-layers add-layer ../meta-aws
+
+ # setup build/local.conf
+ setup_config
+
+ # find all recipes in meta-aws
+ ALL_RECIPES=`find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'`
+
+ # find all recipes having a ptest in meta-aws
+ ptest_recipes=`find ../meta-aws -name *.bb -type f -print | xargs grep -l 'inherit.*ptest.*'| sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'`
+
+ # make array out of string
+ ptest_recipes_array=($(echo "$ptest_recipes" | tr ',' '\n'))
+
+ # add -ptest suffix
+ ptest_recipes_names_array_with_ptest=("${ptest_recipes_array[@]/%/-ptest}")
+
+ # make string again
+ PTEST_RECIPE_NAMES_WITH_PTEST_SUFFIX="${ptest_recipes_names_array_with_ptest[@]}"
+
+ for ARCH in $ARCHS ; do
+
+ # build everything in meta-aws layer and save errors
+ MACHINE=$ARCH bitbake $ALL_RECIPES -k | tee -a ../../$RELEASE-$ARCH-build.log
+
+ # do ptests for all recipes having a ptest in meta-aws
+
+ echo PUT = \"${PTEST_RECIPE_NAMES_WITH_PTEST_SUFFIX}\" > $BUILDDIR/conf/auto.conf
+
+ MACHINE=$ARCH bitbake core-image-minimal
+
+# cp $BUILDDIR/tmp/log/cve/cve-summary.json ../../$RELEASE-$ARCH-cve-summary.json
+
+ MACHINE=$ARCH bitbake core-image-minimal -c testimage
+
+ rm $BUILDDIR/conf/auto.conf
+
+ cp $BUILDDIR/tmp/log/oeqa/testresults.json ../../$RELEASE-$ARCH-testresults.json
+
+ # show results
+ resulttool report ../../$RELEASE-$ARCH-testresults.json
+
+ done
+ # cd ../build
+ cd ../
+
+ # cd ../yocto_$RELEASE/
+ cd ../
+done
+
+# search for build errors
+echo "manually check (if found) build errors: "
+grep -A3 " failed" *.log
+grep -A3 " ERROR:" *.log
diff --git a/workshop/00_home.md b/workshop/00_home.md
deleted file mode 100644
index 98bf039..0000000
--- a/workshop/00_home.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-title: "Welcome"
-weight: 10
----
-
-# meta-aws-workshop
-
-Test123 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean tincidunt eros non enim rhoncus dictum mollis at nulla. In quis nunc urna. Quisque id justo malesuada, fermentum libero quis, consectetur libero. Vivamus faucibus ex at turpis facilisis, et molestie felis vestibulum. Donec tellus velit, iaculis vitae ex vitae, cursus congue felis. Nullam interdum feugiat nisi eu mollis. Nullam nec arcu faucibus, tempor elit sit amet, tempor nibh. Mauris posuere risus vitae nibh placerat blandit. Quisque a dapibus arcu.
\ No newline at end of file
diff --git a/workshop/01_introduction.md b/workshop/01_introduction.md
deleted file mode 100644
index cd3fd65..0000000
--- a/workshop/01_introduction.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-title: "Introduction"
-weight: 10
----
-In this section, you will learn how CI/CD fits into the iot product life cycle and the roles participating at each phase during the iot product life cycle. The introduction roughly mirrors the first module in the original training. The introduction has three sections:
-- High level overview of the iot product life cycle visualized by a SIPOC diagram
-- High level overview of role-based deliverables across the life cycle visualized by a lightweight flowchart categorized by roles
-- A workshop roadmap that draws parallels between the iot product life cycle the each module in the workshop, visualized by an execution architecture.
\ No newline at end of file
diff --git a/workshop/02_setup.md b/workshop/02_setup.md
deleted file mode 100644
index aca0759..0000000
--- a/workshop/02_setup.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-title: "Setup"
-weight: 20
----
-In this section, learners will invoke mechanisms to setup artifacts for the modules although some artifacts may be setup by the workshop harness. The section will walk the learner through all the created artifacts and tools so a baseline understanding of the toolchain can be set prior to progressing to Module 1
-
-## Launch Workshop Resources with CloudFormation
-Before starting the Embedded Linux workshop, you need to create the required AWS resources. To do this, we provide an AWS CloudFormation template to create a stack that contains the resources. When you create the stack,
-AWS creates a number of resources in your account.
-
-
-
-Choose an AWS region from the below list where you want to launch your CloudFormation stack. It is recommended to choose the closest region. The required AWS resource for the workshop are provisioned with AWS CloudFormation. Simply click the AWS region where you want to launch your stack.
-
-By choosing one of the links below you will be automatically redirected to the CloudFormation section of the AWS Console where your stack will be launched.
-* [Launch CloudFormation stack in eu-central-1](https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Frankfurt)
-* [Launch CloudFormation stack in eu-west-1](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Ireland)
-* [Launch CloudFormation stack in us-east-1](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (N. Virginia)
-* [Launch CloudFormation stack in us-west-2](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Oregon)
-* [Launch CloudFormation stack in ap-southeast-1](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Singapore)
-* [Launch CloudFormation stack in ap-southeast-2](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Sydney)
-
-
diff --git a/workshop/03_01_hello_yocto.md b/workshop/03_01_hello_yocto.md
deleted file mode 100644
index 2f1b3b8..0000000
--- a/workshop/03_01_hello_yocto.md
+++ /dev/null
@@ -1,169 +0,0 @@
----
-title: "1 – Hello Yocto! - Build your own Linux image"
-weight: 10
----
-Developing a project that use embedded devices requires engineering effort for selecting the right Operating System, building Board Support Package extensions and actually developing the application. In this module we tackle the first one. Choosing the right OS is a critical step in the path to production as it is, after all, the beating heart of your device: it needs to be secure, resilient, updateable, maintainable and may need to be compatible with different hardware architectures.
-
-The Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems by providing flexible set of tools and a space where embedded developers can share technologies, software stack configurations, and best practices that can be used to create tailored Linux images based on your project needs. In this module, you’ll learn what the process is of creating an embedded OS image using the Yocto Project in the Cloud.
-
-### What you will learn in this module
-
-Learn how to setup a cloud development environment to make development easier and manually bake a ready-to-work image using a provided Yocto Recipe and Layers.
-
-### What you will need
-
-A Cloud9 Instance with 100GB available: the higher the number of vCPU available, the faster you'll be able to complete this module. (more info can be found here: https://www.yoctoproject.org/docs/latest/ref-manual/ref-manual.html#var-PARALLEL_MAKE )
-
-The bitbake process is CPU-intensive and scales automatically with the number of vCPUs available.
-
-
-
-We recommend at least a c5.9xlarge.
-
-### Step 1 - Prepare your development environment
-
-```bash
-sudo apt update
-sudo apt upgrade -y
-```
-
-Now install all the required packages:
-```bash
-sudo apt install gawk wget git-core \
- diffstat unzip texinfo gcc-multilib \
- chrpath socat cpio build-essential \
- python3 python3-pip python3-pexpect \
- xz-utils debianutils iputils-ping \
- python3-git python3-jinja2 libegl1-mesa \
- libsdl1.2-dev xterm pylint3 -y
-```
-
-Let's set up our work folder:
-```
-mkdir -p $HOME/environment/src/mydev-proto
-DEVHOME=$HOME/environment/src/mydev-proto
-```
-
-And clone Poky, Yocto's reference distribution that will help us build our own custom Linux Distribution.
-
-```
-git clone -b hardknott git://git.yoctoproject.org/poky $DEVHOME
-cd $DEVHOME
-```
-
-Let's finish up by __sourcing__ the init script, while specifying __build__ as the build folder.
-
-```
-source ./oe-init-build-env build
-```
-
-### Step 2 - Bake the minimum image
-
-While we go through the rest of the module, let's start baking the minimum core image, let's run this command.
-This might take some time (17m 53s on c5.9xlarge Cloud9 instance).
-
-```
-MACHINE=qemux86-64 \
- bitbake \
- core-image-minimal
-```
-
-{{% notice note %}}
- If you receive an error like this:
- 
- Increase your disk space following this guide: https://docs.aws.amazon.com/cloud9/latest/user-guide/move-environment.html
- After you've resized the Cloud9's EBS from the AWS console or via CLI, if you are using Ubuntu, the main commands are:
- `sudo growpart /dev/nvme0n1 1` and `sudo resize2fs /dev/nvme0n1p1`
-{{% /notice %}}
-While we wait, we can create a new shell and proceed to the next step
-
-### Step 3 - Integrate layers and your application layer
-
-Let's initialize the shell and download our layers:
-```
-DEVHOME=$HOME/environment/src/mydev-proto
-cd $DEVHOME
-git clone -b hardknott git://git.openembedded.org/meta-openembedded
-git clone -b hardknott https://git.yoctoproject.org/git/meta-virtualization
-git clone -b hardknott https://github.com/aws4embeddedlinux/meta-aws
-```
-
-Then modify the `$DEVHOME/build/conf/bblayers.conf` file by adding the layers we downloaded previously to our new custom layer (substitute $DEVHOME with the $DEVHOME path, e.g. `home/ubuntu/environment/src/mydev-proto`)
-```
-$DEVHOME/meta-openembedded/meta-oe
-$DEVHOME/meta-openembedded/meta-python
-$DEVHOME/meta-openembedded/meta-networking
-$DEVHOME/meta-aws
-```
-
-It should look like this:
-
-```
-BBLAYERS ?= " \
- /home/ubuntu/environment/src/mydev-proto/meta \
- /home/ubuntu/environment/src/mydev-proto/meta-poky \
- /home/ubuntu/environment/src/mydev-proto/meta-yocto-bsp \
- /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-oe \
- /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-python \
- /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-networking \
- /home/ubuntu/environment/src/mydev-proto/meta-aws \
- "
-```
-This basically enables the layers in the build system.
-
-Before baking the image, let's add the aws-ioto-device-client to the image.
-Let's modify `$DEVHOME/build/conf/local.conf` and add the following line at the end of the file.
-```
-IMAGE_INSTALL_append = "aws-iot-device-client"
-```
-
-Wonder what this does? Check https://github.com/aws4embeddedlinux/meta-aws/blob/hardknott/recipes-iot/aws-iot-device-client/aws-iot-device-client_1.2.0.bb
-
-Now let's bake the image again.
-
-```
-MACHINE=qemux86-64 \
- bitbake \
- core-image-minimal
-```
-
-Notice how this time, it take less time because it only needs to bake the incremental layers we just added.
-
-### Step 4 - Test the image
-
-
-```
-runqemu \
- qemux86-64 \
- core-image-minimal \
- ext4 \
- qemuparams="-m 2048" \
- nographic
-```
-
-provide user __root__ and test that the aws-device-client-sdk is installed by running the following command:
-```
-/sbin/aws-iot-device-client --help
-```
-
-{{% notice note %}}
- You can fix the name lookup by modifying the /etc/resolv.conf and adding your preferred nameservers (e.g. 1.1.1.1 and 1.0.0.1).
- Wonder how to do it the "Yocto" way? Head over to: https://www.yoctoproject.org/docs/1.6/dev-manual/dev-manual.html#using-bbappend-files
-{{% /notice %}}
-
-
-If you want to exit the simulation, just run Ctrl+A and then press X
-
-### Checkpoint
-
-1. You have successfully logged onto the Cloud9 instance and set up the prerequisites
-1. You have baked the image without any additional layer
-1. You have modified the configuration to include the cloned layers
-1. You have run the non graphical simulation of the firmware you just baked and ensured that the aws-iot-device-client sdk is present
-
-### Considerations
-Whew, this is fine if you are a single developer and are not maintaining a plethora of architectures, branches and distributions.
-
-What if we had an automation that the bitbake process would kick-off everytime our team did a pull request/committed to the code repository and generate and archive the different layers to further speed up the bitbake times for every set of PCBs, Firmware versions, Architectures?
-
-Follow along in the next module to discover more!
diff --git a/workshop/03_02_build_images.md b/workshop/03_02_build_images.md
deleted file mode 100644
index 404219f..0000000
--- a/workshop/03_02_build_images.md
+++ /dev/null
@@ -1,120 +0,0 @@
----
-title: "2 – Build images in a fast and repeatable way"
-weight: 10
----
-
-### Introduction
-
-In this module we use AWS CloudFormation, AWS CodePipelines and the Yocto project to define and deploy a solution that constructs a Linux image compatible with a Raspberry Pi 4.
-
-Here is a high-level diagram of how the solution works and the services used:
-
-
-
-### Prerequisites
-- An AWS Account
-- A Dockerhub Account
-- Experience building images using Yocto
-- Familiarity AWS CloudFormation, the AWS CLI and shell scripts
-- (Optional) A Raspberry Pi 4 and an SD card to test the produced image
-
-### Expected Environment
-If you are continuing from Module 1, you can continue to use Cloud9. Otherwise you can use AWS CloudShell which is a browser-based shell that makes it easy to securely manage, explore, and interact with your AWS resources. CloudShell is pre-authenticated with your console credentials. Common development and operations tools are pre-installed, so no local installation or configuration is required.
-
-
-### Step 1 - Setup your environment
-
-Open the AWS CloudShell service and run the following command to clone this repository and set `$PREFIX` to something unique like "mod2-YOUR_AWS_ACCOUNT_NUMBER".
-
-```bash
-cd ~/
-git clone https://github.com/aws4embeddedlinux/meta-aws-ci
-cd ~/meta-aws-ci/core/scripts/
-
-export PREFIX=mod2-<>
-```
-
-### Step 2 – Securely store your Dockerhub credentials
-
-When building containers, you will need to setup a secret that contains your Dockerhub username and password in AWS Secrets Manager. This is used to authenticate the CodePipeline with Dockerhub and used when composing images.
-
-In AWS CloudShell, run this script without arguments and enter your Dockerhub username and password. It will create a Secrets Manager entry and return an ARN that you will use when doing setup for the container projects.
-
-```bash
-./setup_dockerhub_secret.sh $PREFIX
-```
-Once this process is complete, store the secret ARN in an environment variable for later use.
-
-```bash
-export SECRET_ARN=arn:aws:secretsmanager:eu-west-1:123456789123:secret:dockerhub_EXAMPLE
-```
-
-### Step 3 – Create the baseline components
-Baseline components are required for all other automation areas.
-
-In AWS CloudShell, run the script to create the network layer. The network layer is a Virtual Private Cloud (VPC) for AWS CodeBuild.
-
-```bash
-./setup_ci_network.sh $PREFIX
-```
-
-### Step 4 – Install the container build layer and invoke the build process
-
-In AWS CloudShell, run the script to create the container build layer. This script installs an AWS CodeBuild project to construct a custom container that is used to build Linux compatible images for the reference distribution named ‘Poky’.
-
-```bash
-./setup_ci_container_poky.sh $PREFIX $SECRET_ARN
-```
-
-Once this process is complete, invoke the build process. The process takes about 15 minutes to complete. You can monitor it using the CLI or by logging into the [AWS CodeBuild console](https://console.aws.amazon.com/codesuite/codebuild/projects). Make sure you select the right region.
-
-
-```bash
-aws codebuild start-build --project-name $PREFIX-el-ci-container-poky
-```
-
-Finally, find out the image URI and store it in an environment variable for later use.
-
-```bash
-aws ecr describe-repositories --query repositories[].repositoryUri --output text
-export CONTAINER_URI=123456789123.dkr.ecr.eu-west-1.amazonaws.com/yoctoproject/EXAMPLE/buildmachine-poky
-```
-
-### Step 5 – Install the Linux build layer and invoke the build process
-
-In AWS CloudShell, run the script to create the Linux build layer. This script installs an AWS CodeBuild project to construct the core-image-minimal image for the QEMU x86-64 MACHINE target that includes the AWS IoT Device Client. The AWS CodeBuild project file for this project is in the [meta-aws-demos](https://github.com/aws-samples/meta-aws-demos) repository. It also creates a new S3 bucket to store images it creates.
-
-```bash
-export VENDOR=rpi_foundation
-export BOARD=rpi4-64
-export DEMO=aws-iot-greengrass-v2
-export YOCTO_RELEASE=dunfell
-export COMPUTE_TYPE=BUILD_GENERAL1_LARGE
-./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE
-```
-Once the process is complete, find out the name of the newly created S3 bucket and store in an environment variable for later use
-
-```bash
-aws s3 ls | grep $PREFIX-el-build- | awk '{print $3}'
-export S3_BUCKET=EXAMPLE-el-build-rpi4-64-aws-iot-gre-buildbucket-EXAMPLE
-```
-
-Invoke the build process. The process takes about 90 minutes to complete using `BUILD_GENERAL1_LARGE`. You can monitor it using the CLI or by logging into the [AWS CodeBuild console](https://console.aws.amazon.com/codesuite/codebuild/projects). Make sure you select the right region.
-
-```bash
-aws codebuild start-build --project-name $PREFIX-el-build-$BOARD-$DEMO-$YOCTO_RELEASE
-```
-Once the build process is complete you can review the contents of the S3 bucket
-
-```bash
-aws s3 ls $S3_BUCKET --recursive
-```
-
-### Step 6 (Optional) - Download the image from S3 and test it
-
-Download the image using the CLI or the AWS console and then use your favorite software to write the downloaded image to the SD card. Make sure you choose the right device. This process will overwrite the card.
-
-```bash
-dd if=image.bin of=/dev/ bs=4M status=progress
-```
-
diff --git a/workshop/03_03_dev_experience.md b/workshop/03_03_dev_experience.md
deleted file mode 100644
index 3cfabf8..0000000
--- a/workshop/03_03_dev_experience.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "3 - How to integrate the dev experience"
-weight: 10
----
-Delivering an integrated developer experience is key to adopt a sustainable CI/CD practice.
\ No newline at end of file
diff --git a/workshop/03_04_auto_testing.md b/workshop/03_04_auto_testing.md
deleted file mode 100644
index 9ba2611..0000000
--- a/workshop/03_04_auto_testing.md
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: "4 – Automate build and test processes"
-weight: 10
----
-In this module participants will learn about various methods for device on-boarding at scale and device fleet provisioning/fleet management. Needless to say that an IoT device that don’t have a strong root-of-trust and robust update capabilities will be eventually compromised or become dysfunctional.
-While AWS IoT Greengrass allows for reliable management and orchestration of components, {TBC}
\ No newline at end of file
diff --git a/workshop/03_05_remote_update.md b/workshop/03_05_remote_update.md
deleted file mode 100644
index 59284f7..0000000
--- a/workshop/03_05_remote_update.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-title: "5 – Remotely update devices"
-weight: 10
----
-
-In this module participants will learn about different update options for updating a device
-- File level vs. Block level
-- As well as different options for tooling to achieve device updates
--- block level options: Mender, swupdate
--- file level options: OSTree, swupd
-- We will introduce the supporting AWS IoT functions that can be used to trigger and process to update jobs, e.g. CodeBuild, IoT Jobs, CloudFront
-- During the hands-on section the particpants will use iot-jobs and meta-swupdate to update a device/image
-
diff --git a/workshop/03_modules.md b/workshop/03_modules.md
deleted file mode 100644
index ca9f697..0000000
--- a/workshop/03_modules.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "Modules"
-weight: 30
----
-TBD
\ No newline at end of file
diff --git a/workshop/04_conclusion.md b/workshop/04_conclusion.md
deleted file mode 100644
index c8e099c..0000000
--- a/workshop/04_conclusion.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "Conclusion"
-weight: 40
----
-TBD
\ No newline at end of file
diff --git a/workshop/static/images/01_hello_yocto_bitbaketimes.png b/workshop/static/images/01_hello_yocto_bitbaketimes.png
deleted file mode 100644
index 3ec3e56..0000000
Binary files a/workshop/static/images/01_hello_yocto_bitbaketimes.png and /dev/null differ
diff --git a/workshop/static/images/01_hello_yocto_diskfull.png b/workshop/static/images/01_hello_yocto_diskfull.png
deleted file mode 100644
index 86d5293..0000000
Binary files a/workshop/static/images/01_hello_yocto_diskfull.png and /dev/null differ
diff --git a/workshop/static/images/02_build_images_solution_architecture.png b/workshop/static/images/02_build_images_solution_architecture.png
deleted file mode 100644
index 379a88b..0000000
Binary files a/workshop/static/images/02_build_images_solution_architecture.png and /dev/null differ