From d3098d18325548a6bcc07221725a1ab501ec5405 Mon Sep 17 00:00:00 2001 From: Stewart X Addison Date: Mon, 13 Jun 2022 17:43:03 +0100 Subject: [PATCH] Sign binaries in pipeline job Signed-off-by: Stewart X Addison --- .../common/openjdk_build_pipeline.groovy | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/pipelines/build/common/openjdk_build_pipeline.groovy b/pipelines/build/common/openjdk_build_pipeline.groovy index 1a4a07056..ab98712d4 100644 --- a/pipelines/build/common/openjdk_build_pipeline.groovy +++ b/pipelines/build/common/openjdk_build_pipeline.groovy @@ -496,7 +496,7 @@ class Build { selector: context.specific("${signJob.getNumber()}"), filter: 'workspace/target/*', fingerprintArtifacts: true, - target: "workspace/target/", + target: 'workspace/target/', flatten: true) @@ -507,6 +507,34 @@ class Build { } } } + context.stage("GPG sign") { + + context.println "RUNNING sign_temurin_gpg for ${buildConfig.TARGET_OS}/${buildConfig.ARCHITECTURE} ..." + + def params = [ + context.string(name: 'UPSTREAM_JOB_NUMBER', value: "${env.BUILD_NUMBER}"), + context.string(name: 'UPSTREAM_JOB_NAME', value: "${env.JOB_NAME}"), + context.string(name: 'UPSTREAM_DIR', value: "workspace/target"), + ['$class': 'LabelParameterValue', name: 'NODE_LABEL', label: "built-in"] + ] + + def signSHAsJob = context.build job: "build-scripts/release/sign_temurin_gpg", + propagate: true, + parameters: params + + context.node('built-in || master') { + context.sh "rm -f workspace/target/*.sig" + context.copyArtifacts( + projectName: "build-scripts/release/sign_temurin_gpg", + selector: context.specific("${signSHAsJob.getNumber()}"), + filter: '**/*.sig', + fingerprintArtifacts: true, + target: 'workspace/target/', + flatten: true) + // Archive GPG signatures in Jenkins + context.archiveArtifacts artifacts: "workspace/target/*.sig" + } + } } /*