Set GCP project when doing GCP trusted image uploads

trustedimage/Makefile

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 SHELL=/bin/bash -o pipefail  # needed for pipefail
 
-all: build/azure_version
+all: build/azure_version build/gcp_version
 
 build/dir:
 	mkdir -p build

trustedimage/gcp.sh

@@ -7,6 +7,8 @@ if ! source ./gcp_config; then
   exit 1
 fi
 
+GCLOUD="gcloud --project=$GCP_PROJECT"
+
 FROM=build/debian2.out/disk.raw-1
 VERSION="$1"
 VERSION_DASH="$(echo $VERSION | sed 's/\./-/g')"
@@ -19,17 +21,18 @@ function rm_blob() {
   # Whether we succeed in creating an image or fail in our endeavours, we
   # don't need the blob anymore, so try to delete it.  But don't worry
   # if this attempt fails; it's just a nice-to-have.
-  gcloud storage rm $BLOB
+  $GCLOUD storage rm $BLOB
 }
 trap rm_blob EXIT
+$GCLOUD storage cp ../host/main gs://$GCP_BUCKET/svr3-$VERSION
 if [ -z "$GCP_JUMPHOST" ]; then
   tar --transform="s/$(basename $FROM)/disk.raw/" --format=oldgnu -cvf - -C $(dirname $FROM) $(basename $FROM) | pv -f | pigz >gcp.tar.gz
-  gcloud storage cp $FROM $BLOB
+  $GCLOUD storage cp $FROM $BLOB
 else
   rsync -e ssh --progress --compress --inplace $FROM $GCP_JUMPHOST:./disk.raw
 	ssh $GCP_JUMPHOST "tar --format=oldgnu -cvf - disk.raw | pv -f | pigz --fast >gcp.tar.gz"
-  ACCESS_TOKEN="$(gcloud auth print-access-token --lifetime=900 --impersonate-service-account $GCP_SERVICE_ACCOUNT)"
-  ssh $GCP_JUMPHOST "CLOUDSDK_AUTH_ACCESS_TOKEN=$ACCESS_TOKEN gcloud storage cp gcp.tar.gz $BLOB"
+  ACCESS_TOKEN="$($GCLOUD auth print-access-token --lifetime=900 --impersonate-service-account $GCP_SERVICE_ACCOUNT)"
+  ssh $GCP_JUMPHOST "CLOUDSDK_AUTH_ACCESS_TOKEN=$ACCESS_TOKEN $GCLOUD storage cp gcp.tar.gz $BLOB"
 fi
-gcloud compute images create svr3-$VERSION_DASH --source-uri $BLOB --guest-os-features=SEV_SNP_CAPABLE,UEFI_COMPATIBLE
+$GCLOUD compute images create svr3-$VERSION_DASH --source-uri $BLOB --guest-os-features=SEV_SNP_CAPABLE,UEFI_COMPATIBLE
 echo $VERSION > build/gcp_version

trustedimage/gcp_config.example

@@ -2,6 +2,9 @@
 # Copyright 2024 Signal Messenger, LLC
 # SPDX-License-Identifier: AGPL-3.0-only
 
+# Which GCP Project to put things in
+GCP_PROJECT=my-project
+
 # Which GCP bucket should be used for intermediate storage of disk
 # images before they become images proper.
 GCP_BUCKET=my-storage-bucket