Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NO_ISSUE: use release shared library #5973

Merged
merged 2 commits into from
Jul 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 19 additions & 18 deletions .ci/jenkins/Jenkinsfile.deploy
Original file line number Diff line number Diff line change
Expand Up @@ -127,29 +127,22 @@ pipeline {
.withProperty('maven.test.failure.ignore', true)
.skipTests(params.SKIP_TESTS)

if (isRelease()) {
withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) {
withCredentials([file(credentialsId: 'asf-release-gpg-signing-key-password', variable: 'SIGNING_KEY_PASSWORD')]) {
// copy the key to singkey.gpg file in *plain text* so we can import it
sh ("cat \"${SIGNING_KEY}\" > \"${WORKSPACE}\"/signkey.gpg")
// Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals.
sh ('gpg --list-keys')
sh ("gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import \"${WORKSPACE}\"/signkey.gpg")
sh ("rm \"${WORKSPACE}\"/signkey.gpg")
def Closure mavenRunClosure = {
configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) {
mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy")
}
}

if (isRelease()) {
release.gpgImportKeyFromFileWithPassword(getReleaseGpgSignKeyCredsId(), getReleaseGpgSignPassphraseCredsId())
withCredentials([string(credentialsId: getReleaseGpgSignPassphraseCredsId(), variable: 'SIGNING_KEY_PASSWORD')]) {
mavenCommand.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD)
.withProfiles(['apache-release'])

// If there are passwords, this needs to be duplicated within the withCredentials block.
configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) {
mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy")
}
mavenRunClosure()
}
}
} else {
configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) {
mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy")
}
mavenRunClosure()
}
}
}
Expand Down Expand Up @@ -302,4 +295,12 @@ MavenCommand getMavenCommand(String directory = '') {

boolean isMainStream() {
return env.DROOLS_STREAM == 'main'
}
}

String getReleaseGpgSignKeyCredsId() {
return env.RELEASE_GPG_SIGN_KEY_CREDS_ID
}

String getReleaseGpgSignPassphraseCredsId() {
return env.RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID
}
5 changes: 5 additions & 0 deletions .ci/jenkins/config/branch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,11 @@ cloud:
registry: quay.io
namespace: tradisso
latest_git_branch: main
release:
gpg:
sign:
key-credentials-id: 'asf-release-gpg-signing-key'
passphrase-credentials-id: 'asf-release-gpg-signing-key-passphrase'
jenkins:
email_creds_id: DROOLS_CI_NOTIFICATION_EMAILS
agent:
Expand Down
3 changes: 3 additions & 0 deletions .ci/jenkins/dsl/jobs.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -322,6 +322,9 @@ void setupDeployJob(JobType jobType) {
MAVEN_REPO_CREDS_ID: "${MAVEN_ARTIFACTS_UPLOAD_REPOSITORY_CREDS_ID}",

DROOLS_STREAM: Utils.getStream(this),

RELEASE_GPG_SIGN_KEY_CREDS_ID: Utils.getReleaseGpgSignKeyCredentialsId(this),
RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID: Utils.getReleaseGpgSignPassphraseCredentialsId(this)
])
KogitoJobTemplate.createPipelineJob(this, jobParams)?.with {
parameters {
Expand Down
Loading