v3.0.0 rc.0 Release

.github/workflows/build_push_release.yml

@@ -21,7 +21,6 @@ jobs:
         echo "RELEASE_VERSION=${VERSION}" >> $GITHUB_ENV
 
     - name: Create GitHub Release
-      id: create_release
       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
@@ -30,13 +29,21 @@ jobs:
         else
           echo "Release $RELEASE_TAG does not exists. creating..."
           RELEASE_NOTES=$(sed -e "/^## ${RELEASE_TAG}/,/^## / ! d" CHANGELOG.md | tail -n +2 | head -n -1)
-          gh release create $RELEASE_TAG \
-            --generate-notes \
-            --title $RELEASE_TAG \
-            --notes "$RELEASE_NOTES"
+          if [[ ${{ contains(github.ref_name, '-rc') }} == 'true' || ${{ contains(github.ref_name, '-beta') }} == 'true' || ${{ contains(github.ref_name, '-alpha') }} == 'true' ]]; then
+            gh release create $RELEASE_TAG \
+              --generate-notes \
+              --title $RELEASE_TAG \
+              --notes "$RELEASE_NOTES" \
+              --prerelease
+          else
+            gh release create $RELEASE_TAG \
+              --generate-notes \
+              --title $RELEASE_TAG \
+              --notes "$RELEASE_NOTES"
+          fi
         fi
 
-  create_release_artifacts:
+  create_static:
     permissions:
       contents: write
     runs-on: "${{ matrix.os }}"
@@ -63,14 +70,39 @@ jobs:
 
     - name: Build release artifacts
       run: |
-        docker build --output type=local,dest=docker_output/ -f release/Containerfile-build.${{ matrix.target }} .
+        docker build --platform linux/${{ matrix.target }} --output type=local,dest=docker_output/ -f release/Containerfile-build-static .
 
     - name: Upload Release Asset
       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-        mv ./docker_output/${{ matrix.target }}/peridiod-${RELEASE_VERSION}.tar.gz ./docker_output/peridiod-${RELEASE_VERSION}-${{ matrix.target }}.tar.gz
-        gh release upload $RELEASE_TAG ./docker_output/peridiod-${RELEASE_VERSION}-${{ matrix.target }}.tar.gz --clobber
+        mv ./docker_output/peridiod-${RELEASE_VERSION}.tar.gz ./docker_output/peridiod-${RELEASE_VERSION}-${{ matrix.target }}-static.tar.gz
+        gh release upload $RELEASE_TAG ./docker_output/peridiod-${RELEASE_VERSION}-${{ matrix.target }}-static.tar.gz --clobber
+
+  create_container_images:
+    permissions:
+      contents: write
+    runs-on: "${{ matrix.os }}"
+    needs: create_release
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest-4-cores-arm64
+            target: arm64
+          - os: ubuntu-latest
+            target: amd64
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set Env
+      run: |
+        VERSION=$(echo "${GITHUB_REF#refs/*/}" | sed 's/^v//')
+        echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+        echo "RELEASE_VERSION=${VERSION}" >> $GITHUB_ENV
 
     - name: Load docker hub credentials
       id: op-load-docker-hub-credentials
@@ -97,9 +129,9 @@ jobs:
         tags: |
           peridio/peridiod:${{ env.RELEASE_TAG }}-${{ matrix.target }}
 
-  push_container_images:
+  create_container_manifest:
     runs-on: ubuntu-latest
-    needs: create_release_artifacts
+    needs: create_container_images
 
     steps:
     - name: Checkout repository
@@ -130,8 +162,157 @@ jobs:
         docker manifest create peridio/peridiod:${{ env.RELEASE_TAG }} \
           --amend peridio/peridiod:${{ env.RELEASE_TAG }}-arm64 \
           --amend peridio/peridiod:${{ env.RELEASE_TAG }}-amd64
-        docker manifest create peridio/peridiod:latest \
-          --amend peridio/peridiod:${{ env.RELEASE_TAG }}-arm64 \
-          --amend peridio/peridiod:${{ env.RELEASE_TAG }}-amd64
         docker manifest push peridio/peridiod:${{ env.RELEASE_TAG }}
-        docker manifest push peridio/peridiod:latest
+
+        if [[ "${{ env.RELEASE_TAG }}" != *-* ]]; then
+          docker manifest create peridio/peridiod:latest \
+            --amend peridio/peridiod:${{ env.RELEASE_TAG }}-arm64 \
+            --amend peridio/peridiod:${{ env.RELEASE_TAG }}-amd64
+          docker manifest push peridio/peridiod:latest
+        else
+          echo "Skipping latest tag update for pre-release tag ${{ env.RELEASE_TAG }}"
+        fi
+
+  create_debs:
+    runs-on: "${{ matrix.os }}"
+    needs: create_release
+
+    permissions:
+      contents: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest-4-cores-arm64
+            target: arm64
+            distro: jammy
+          - os: ubuntu-latest-4-cores-arm64
+            target: arm64
+            distro: noble
+          - os: ubuntu-latest
+            target: amd64
+            distro: jammy
+          - os: ubuntu-latest
+            target: amd64
+            distro: noble
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set Env
+      run: |
+        echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+    - name: Cache Debian packages
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/deb
+        key: ${{ runner.os }}-deb-cache
+        restore-keys: |
+          ${{ runner.os }}-deb-cache
+
+    - name: Install build dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y dpkg-dev debhelper fakeroot
+
+    - name: Build release artifacts
+      run: |
+        docker build --platform linux/${{ matrix.target }} --output type=local,dest=docker_output/ -f release/Containerfile-build-${{ matrix.distro }} .
+
+    - name: Build DEB package
+      run: |
+        source release/package-info.sh
+        PERIDIOD_ARCH=${{ matrix.target }}
+        PERIDIOD_VERSION=$(echo "${GITHUB_REF#refs/*/}" | sed 's/^v//')
+        PERIDIOD_PACKAGE_DIR=$(pwd)/package/peridiod_${PERIDIOD_VERSION}_${PERIDIOD_ARCH}
+        PERIDIOD_RELEASE_NOTES=$(sed -e "/^## ${RELEASE_TAG}/,/^## / ! d" CHANGELOG.md | tail -n +2 | head -n -1)
+
+        export PERIDIOD_RELEASE_NOTES
+        export PERIDIOD_VERSION
+        export PERIDIOD_ARCH
+
+        release/build-deb.sh ./docker_output/peridiod-${PERIDIOD_VERSION}.tar.gz $PERIDIOD_PACKAGE_DIR
+        mv "${PERIDIOD_PACKAGE_DIR}.deb" ./peridiod_${PERIDIOD_VERSION}_${PERIDIOD_ARCH}.${{ matrix.distro }}.deb
+        echo "PERIDIOD_PACKAGE=peridiod_${PERIDIOD_VERSION}_${PERIDIOD_ARCH}.${{ matrix.distro }}.deb" >> $GITHUB_ENV
+
+    - name: Upload Release Asset
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh release upload $RELEASE_TAG $PERIDIOD_PACKAGE --clobber
+
+  create_rpms:
+    runs-on: "${{ matrix.os }}"
+    needs: create_release
+
+    permissions:
+      contents: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest-4-cores-arm64
+            target: arm64
+            distro: rhel9
+          - os: ubuntu-latest
+            target: amd64
+            distro: rhel9
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set Env
+      run: |
+        echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+    - name: Install build dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y dpkg-dev debhelper fakeroot
+
+    - name: Install build dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y dpkg-dev debhelper fakeroot
+
+    - name: Build release artifacts
+      run: |
+        docker build --platform linux/${{ matrix.target }} --output type=local,dest=docker_output/ -f release/Containerfile-build-${{ matrix.distro }} .
+
+    - name: Build RPM package
+      run: |
+        source release/package-info.sh
+        PERIDIOD_ARCH=${{ matrix.target }}
+        if [ "$PERIDIOD_ARCH" == "arm64" ]; then
+          PERIDIOD_ARCH_RPM="aarch64"
+        elif [ "$PERIDIOD_ARCH" == "amd64" ]; then
+          PERIDIOD_ARCH_RPM="x86_64"
+        else
+          PERIDIOD_ARCH_RPM="$ARCH"
+        fi
+        PERIDIOD_VERSION=$(echo "${GITHUB_REF#refs/*/}" | sed 's/^v//')
+        PERIDIOD_VERSION_RPM=${PERIDIOD_VERSION//-/_}
+        PERIDIOD_PACKAGE_DIR=$(pwd)/package/peridiod_${PERIDIOD_VERSION}_${PERIDIOD_ARCH}
+        PERIDIOD_RELEASE_NOTES=$(sed -e "/^## ${RELEASE_TAG}/,/^## / ! d" CHANGELOG.md | tail -n +2 | head -n -1)
+
+        export PERIDIOD_RELEASE_NOTES
+        export PERIDIOD_VERSION
+        export PERIDIOD_VERSION_RPM
+        export PERIDIOD_ARCH
+        export PERIDIOD_ARCH_RPM
+
+        release/build-rpm.sh ./docker_output/peridiod-${PERIDIOD_VERSION}.tar.gz $PERIDIOD_PACKAGE_DIR
+
+        mv "${PERIDIOD_PACKAGE_DIR}/RPMS/$PERIDIOD_ARCH_RPM/peridiod-${PERIDIOD_VERSION_RPM}-1.${PERIDIOD_ARCH_RPM}.rpm" peridiod-${PERIDIOD_VERSION_RPM}-1.${PERIDIOD_ARCH_RPM}.${{ matrix.distro }}.rpm
+        echo "PERIDIOD_PACKAGE=peridiod-${PERIDIOD_VERSION_RPM}-1.${PERIDIOD_ARCH_RPM}.${{ matrix.distro }}.rpm" >> $GITHUB_ENV
+
+    - name: Upload Release Asset
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh release upload $RELEASE_TAG $PERIDIOD_PACKAGE --clobber

.github/workflows/build_test.yml

@@ -21,8 +21,8 @@ jobs:
     - name: Set up Elixir
       uses: erlef/setup-beam@v1
       with:
-        elixir-version: '1.16.2'
-        otp-version: '26.2.5'
+        elixir-version: '1.17.2'
+        otp-version: '27.0.1'
     - name: Restore dependencies cache
       uses: actions/cache@v4
       with:

CHANGELOG.md

@@ -1,5 +1,92 @@
 # peridiod releases
 
+## v3.0.0-rc.0
+
+**This is a major update and this release should be thoroughly tested.**
+
+Add support for Peridio Cloud Releases
+
+Peridio Releases allow you greater flexibility in how you manage the content installed on your device.
+
+### Config
+
+New `peridiod` config keys introduced:
+
+* `release_poll_enabled`: true | false
+* `release_poll_interval`: the interval in ms to automatically check for updates
+* `cache_dir`: a writable path where `peridiod` can store release metadata
+* `targets`: A list of string target names for peridiod to install as part of a release update
+* `trusted_signing_keys`: A list of base64 encoded ed25519 public signing key strings
+
+### Installers
+
+Peridiod now has a concept of "Installers", initially supported installer types are `file` and `fwup`. When using releases, you will have to use the `custom_metadata` of a binary, artifact version, or artifact to instruct peridiod how to install the binary content. Here is an example of what custom metadata for installers would look like:
+
+fwup
+
+```json
+{
+  "installer": "fwup",
+  "installer_opts": {
+    "devpath": "/dev/mmcblk0",
+    "extra_args": [],
+    "env": {}
+  },
+  "reboot_required": true
+}
+```
+
+file
+
+```json
+{
+  "installer": "file",
+  "installer_opts": {
+    "name": "my_file.txt",
+    "path": "/opt/my_app",
+  },
+  "reboot_required": false
+}
+```
+
+The custom metadata will need to configured on a Binary, Artifact Version, or Artifact record. You can add this custom metadata to these records using Peridio CLI v0.22.0 or later.
+
+### U-Boot Environment additions
+
+peridiod releases will track and expose release metadata in the uboot environment under the following new keys
+
+* `peridiod_rel_current`: the PRN of the current installed release
+* `peridiod_rel_previous`: the PRN of the previous installed release
+* `peridiod_rel_progress`: the PRN of the release in progress
+* `peridiod_vsn_current`: the semantic version of the current installed release
+* `peridiod_vsn_previous`: the semantic version of the previous installed release
+* `peridiod_vsn_progress`: the semantic version of the release in progress
+* `peridiod_bin_current`: an concatenated key / value paired encoded string of `<binary_id><custom_metadata_sha256_hash>` internally used to diff installed binaries from release to release
+
+### Preparing a release
+
+Peridiod will track installed binaries from release to release by updating the `peridio_bin_current` value in the u-boot-env. When burning in a device firmware for the first time, you can pre-compute this field value with information about the supplied binaries by constructing a concatenated string according to the field specifications. This will prevent peridiod from installing binaries unnecessarily on first boot.
+
+### Release Install
+
+The release server will check for an update from Peridio Cloud a the designated interval. When an update is available, the release server will immediately cache the release metadata to the cache_dir and begin processing the release. Currently, the release server is configured to install an update once it is available. This behavior will change before public release and instead be routed through the update client module. The release server will apply an update in the following order:
+
+* Validate artifact signatures' public key values have been signed by a public key in `trusted_signing_keys`
+* Filter the Binaries by uninstalled with a target listed in the `targets` list
+* Install Binaries
+  * Initialize a Download with an Installer
+  * Begin Download (Download Started Event)
+  * Download chunks (Download Progress Events)
+  * Finish Download (Download Finished Event)
+  * Validate hash (during stream)
+  * Installer applied (Binary Applied)
+  * Update Binary status to complete
+* Update Release status to complete
+
+When peridiod installs a release, it will accumulate `reboot_required` and trigger a reboot once all binaries have finished the installation process if any `reboot_required` is true.
+
+See the [Peridio Docs](https://docs.peridio.com/) for more information on configuring Releases for your organization.
+
 ## v2.5.4
 
 * Enhancement