Put into place initial release engineering

This can release x86_64-linux binaries to staging, with ephemeral keys. I think it's good enough to review at least at this point, so we don't keep adding more stuff to it to make it harder to review. Change-Id: Ie95e8f35d1252f5d014e819566f170b30eda152e
author: Jade Lovelace <lix@jade.fyi> 2024-05-31 16:35:13 -0700
committer: Jade Lovelace <lix@jade.fyi> 2024-06-06 20:53:08 -0700
commit: c32a01f9ebae026c1b7b8ba081411581453b4624 (patch)
tree: c246e14bc178bfa1ea2ad6fe6487d80b528a31dc /releng/keys.py
parent: 611b1de441a54d3ed7781ca0a26b51b6cb9c45cc (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/releng/keys.py b/releng/keys.py
new file mode 100644
index 000000000..01607e1bf
--- /dev/null
+++ b/releng/keys.py
@@ -0,0 +1,18 @@
+import subprocess
+import json
+from . import environment
+
+
+def get_ephemeral_key(
+        env: environment.RelengEnvironment) -> environment.S3Credentials:
+    output = subprocess.check_output([
+        'ssh', '-l', 'root', environment.S3_HOST, 'garage-ephemeral-key',
+        'new', '--name', f'releng-{env.name}', '--read', '--write',
+        '--age-secs', '3600',
+        env.releases_bucket.removeprefix('s3://'),
+        env.cache_bucket.removeprefix('s3://')
+    ])
+    d = json.loads(output.decode())
+    return environment.S3Credentials(name=d['name'],
+                                     id=d['id'],
+                                     secret_key=d['secret_key'])
author	Jade Lovelace <lix@jade.fyi>	2024-05-31 16:35:13 -0700
committer	Jade Lovelace <lix@jade.fyi>	2024-06-06 20:53:08 -0700
commit	c32a01f9ebae026c1b7b8ba081411581453b4624 (patch)
tree	c246e14bc178bfa1ea2ad6fe6487d80b528a31dc /releng/keys.py
parent	611b1de441a54d3ed7781ca0a26b51b6cb9c45cc (diff)