Skip to content

Commit 8408045

Browse files
akurtakovakurtakov
committed
Enable pgp signing in Jenkinsfile
1 parent 02dc2df commit 8408045

File tree

2 files changed

+59
-7
lines changed

2 files changed

+59
-7
lines changed

Jenkinsfile

+33-7
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,26 @@ spec:
2828
- name: jnlp
2929
image: 'eclipsecbi/jenkins-jnlp-agent'
3030
volumeMounts:
31-
- mountPath: /home/jenkins/.ssh
32-
name: volume-known-hosts
31+
- name: volume-known-hosts
32+
mountPath: /home/jenkins/.ssh
33+
- name: settings-xml
34+
mountPath: /home/jenkins/.m2/settings.xml
35+
subPath: settings.xml
36+
readOnly: true
37+
- name: m2-repo
38+
mountPath: /home/jenkins/.m2/repository
3339
volumes:
34-
- configMap:
40+
- name: volume-known-hosts
41+
configMap:
3542
name: known-hosts
36-
name: volume-known-hosts
43+
- name: settings-xml
44+
secret:
45+
secretName: m2-secret-dir
46+
items:
47+
- key: settings.xml
48+
path: settings.xml
49+
- name: m2-repo
50+
emptyDir: {}
3751
"""
3852
}
3953
}
@@ -43,6 +57,16 @@ spec:
4357
GITHUB_API_CREDENTIALS_ID = 'github-bot-token'
4458
}
4559
stages {
60+
stage('initialize PGP') {
61+
steps {
62+
container('container') {
63+
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
64+
sh 'gpg --batch --import "${KEYRING}"'
65+
sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
66+
}
67+
}
68+
}
69+
}
4670
stage('Prepare-environment') {
4771
steps {
4872
container('container') {
@@ -57,9 +81,11 @@ spec:
5781
stage('Build') {
5882
steps {
5983
container('container') {
60-
withCredentials([string(credentialsId: "${GITHUB_API_CREDENTIALS_ID}", variable: 'GITHUB_API_TOKEN')]) {
61-
wrap([$class: 'Xvnc', useXauthority: true]) {
62-
sh """mvn clean verify -B -fae -Dtycho.disableP2Mirrors=true -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" """
84+
withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) {
85+
withCredentials([string(credentialsId: "${GITHUB_API_CREDENTIALS_ID}", variable: 'GITHUB_API_TOKEN')]) {
86+
wrap([$class: 'Xvnc', useXauthority: true]) {
87+
sh """mvn clean verify -B -fae -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" """
88+
}
6389
}
6490
}
6591
}

repository/pom.xml

+26
Original file line numberDiff line numberDiff line change
@@ -41,4 +41,30 @@
4141
</plugin>
4242
</plugins>
4343
</build>
44+
<profiles>
45+
<profile>
46+
<id>sign</id>
47+
<build>
48+
<plugins>
49+
<plugin>
50+
<groupId>org.eclipse.tycho</groupId>
51+
<artifactId>tycho-gpg-plugin</artifactId>
52+
<version>${tycho-version}</version>
53+
<executions>
54+
<execution>
55+
<id>pgpsigner</id>
56+
<goals>
57+
<goal>sign-p2-artifacts</goal>
58+
</goals>
59+
<configuration>
60+
<keyname>9BC06FC97ED4ED26</keyname>
61+
<skipIfJarsigned>true</skipIfJarsigned>
62+
</configuration>
63+
</execution>
64+
</executions>
65+
</plugin>
66+
</plugins>
67+
</build>
68+
</profile>
69+
</profiles>
4470
</project>

0 commit comments

Comments
 (0)