Move build_binaries_rust into build_test_and_copy_to_placer

Change-Id: I342612f53b75aaf4f7cd8930d0150cc48db64b33

justfile

@@ -36,7 +36,7 @@ export CARGO_LOCKFILES_LIST_CMD := 'find . -name "Cargo*.lock"'
 # Convenience bundle of tests and checks prior to sending a change for review.
 presubmit: \
     format \
-    bazel \
+    build-and-test \
     clippy-ci \
     cargo-audit \
     cargo-udeps
@@ -328,7 +328,11 @@ clang-tidy:
 bare_metal_crates_query := "kind(\"rust_.*\", //...) intersect attr(\"target_compatible_with\", \"x86_64-none-setting\", //...)"
 wasm_crates_query := "kind(\"rust_.*\", //...) intersect attr(\"target_compatible_with\", \"wasm32-none-setting\", //...)"
 
-bazel: test-workspace std-crates bare-metal-crates wasm-crates
+# Build and test all targets.
+# The kokoro script build_test_and_copy_to_placer expects this recipe to
+# generate properly optimized and stripped binaries that it will then copy to
+# placer. See kokoro/helpers/copy_binaries.sh for the expected outputs.
+build-and-test: test-workspace std-crates bare-metal-crates wasm-crates kokoro_build_binaries_rust
 
 std-crates:
     # When no platform is specified, build for Bazel host platform (x86_64, Linux):

kokoro/build_binaries_rust.sh

@@ -1,58 +1,3 @@
 #!/usr/bin/env bash
 
-# shellcheck source=./kokoro/helpers/common.sh
-source "$(dirname "$0")/helpers/common.sh"
-
-./scripts/docker_pull
-./scripts/docker_run nix develop .#ci --command just kokoro_build_binaries_rust
-./scripts/git_check_diff
-
-mkdir -p "${KOKORO_ARTIFACTS_DIR}/test_logs/"
-cp --preserve=timestamps \
-    ./target/nextest/default/*.xml \
-    "${KOKORO_ARTIFACTS_DIR}/test_logs/" || true
-
-mkdir -p "${KOKORO_ARTIFACTS_DIR}/binaries/"
-
-# Store the git commit hash in the name of an empty file, so that it can be
-# efficiently found via a glob.
-touch "${KOKORO_ARTIFACTS_DIR}/binaries/git_commit_${KOKORO_GIT_COMMIT_oak:?}"
-
-# Copy the generated binaries to Placer. The timestamps are used to convey
-# the creation time.
-readonly generated_binaries=(
-    artifacts/enclave_apps/key_xor_test_app
-    artifacts/client_app.apk
-    artifacts/enclave_apps/oak_echo_enclave_app
-    artifacts/enclave_apps/oak_echo_raw_enclave_app
-    artifacts/enclave_apps/oak_functions_enclave_app
-    artifacts/enclave_apps/oak_functions_insecure_enclave_app
-    artifacts/enclave_apps/oak_orchestrator
-    artifacts/oak_restricted_kernel_wrapper_simple_io_channel_bin
-    artifacts/stage0_bin
-    artifacts/stage0_bin_tdx
-)
-readonly binary_names=(
-    key_xor_test_app
-    oak_client_android_app
-    oak_echo_enclave_app
-    oak_echo_raw_enclave_app
-    oak_functions_enclave_app
-    oak_functions_insecure_enclave_app
-    oak_orchestrator
-    oak_restricted_kernel_simple_io_init_rd_wrapper_bin
-    stage0_bin
-    stage0_bin_tdx
-)
-for i in "${!binary_names[@]}"; do
-    cp --preserve=timestamps \
-        "${generated_binaries[$i]}" \
-        "${KOKORO_ARTIFACTS_DIR}/binaries/${binary_names[$i]}"
-done
-
-ls -alsR "${KOKORO_ARTIFACTS_DIR}/binaries"
-
-# Print binary digests (ignore failures, e.g. for directories).
-sha256sum "${KOKORO_ARTIFACTS_DIR}"/binaries/* || true
-
-kokoro_cleanup
+# No-op

kokoro/build_test_and_copy_to_placer.sh

@@ -7,7 +7,7 @@ source "$(dirname "$0")/helpers/common.sh"
 
 ./scripts/docker_pull
 # TODO: b/337266665 - Remove bazel-cache-test logic once we are satisfied with remote cache hits.
-./scripts/docker_run nix develop .#default --command just bazel bazel-cache-test containers_placer_artifacts
+./scripts/docker_run nix develop .#default --command just build-and-test bazel-cache-test containers_placer_artifacts
 ./scripts/git_check_diff
 
 # Upload the bazel execution logs as Kokoro artifacts so we can debug remote cache. This should

kokoro/helpers/copy_binaries.sh

@@ -11,16 +11,26 @@ function copy_binaries_to_placer() {
     # expected to be imported transiently into google3 for the sake of provenance
     # verification (i.e., do Kokoro and GitHub produce identical results).
     readonly generated_binaries=(
-        ./artifacts/oak_containers_agent
-        ./artifacts/oak_containers_kernel
-        ./artifacts/oak_containers_nvidia_system_image.tar.xz
-        ./artifacts/oak_containers_orchestrator
-        ./artifacts/oak_containers_syslogd
-        ./artifacts/oak_containers_system_image.tar.xz
-        ./artifacts/oak_functions_containers_app_bundle.tar
-        ./artifacts/oak_functions_containers_app_bundle_insecure.tar
-        ./artifacts/rust_hello_world_enclave_bundle.tar
-        ./artifacts/stage1.cpio
+        artifacts/oak_containers_agent
+        artifacts/oak_containers_kernel
+        artifacts/oak_containers_nvidia_system_image.tar.xz
+        artifacts/oak_containers_orchestrator
+        artifacts/oak_containers_syslogd
+        artifacts/oak_containers_system_image.tar.xz
+        artifacts/oak_functions_containers_app_bundle.tar
+        artifacts/oak_functions_containers_app_bundle_insecure.tar
+        artifacts/rust_hello_world_enclave_bundle.tar
+        artifacts/stage1.cpio
+        artifacts/enclave_apps/key_xor_test_app
+        artifacts/client_app.apk
+        artifacts/enclave_apps/oak_echo_enclave_app
+        artifacts/enclave_apps/oak_echo_raw_enclave_app
+        artifacts/enclave_apps/oak_functions_enclave_app
+        artifacts/enclave_apps/oak_functions_insecure_enclave_app
+        artifacts/enclave_apps/oak_orchestrator
+        artifacts/oak_restricted_kernel_wrapper_simple_io_channel_bin
+        artifacts/stage0_bin
+        artifacts/stage0_bin_tdx
     )
     readonly binary_names=(
         oak_containers_agent
@@ -33,6 +43,16 @@ function copy_binaries_to_placer() {
         oak_functions_insecure_container
         oak_containers_hello_world_container
         oak_containers_stage1
+        key_xor_test_app
+        oak_client_android_app
+        oak_echo_enclave_app
+        oak_echo_raw_enclave_app
+        oak_functions_enclave_app
+        oak_functions_insecure_enclave_app
+        oak_orchestrator
+        oak_restricted_kernel_simple_io_init_rd_wrapper_bin
+        stage0_bin
+        stage0_bin_tdx
     )
     for i in "${!binary_names[@]}"; do
         cp --preserve=timestamps \