Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid sign_temurin_gpg in non-adopt pipelines #983

Merged
merged 3 commits into from
Apr 4, 2024
Merged

avoid sign_temurin_gpg in non-adopt pipelines #983

merged 3 commits into from
Apr 4, 2024

Conversation

mahdipub
Copy link
Contributor

@mahdipub mahdipub commented Mar 27, 2024
edited
Loading

fixes issue #981

This is to avoid not adoptium pipelines pick the sign_temurin_gpg

@mahdipub
avoid sign_temurin_gpg in non-adopt pipelines
5c9150f 
This is to avoid not adoptium pipelines pick the sign_temurin_gpg
@github-actions GitHub Actions
Copy link

Thank you for creating a pull request!

Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work).

Code Quality and Contributing Guidelines

If you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before.

Tests

Github actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post run tests on this PR.
If you are not an admin, please ask for one's attention in #infrastructure on Slack or ping one here.
To run full set of tests, use "run tests"; a subset of tests on specific jdk version, use "run tests quick 11,21"

@mahdipub mahdipub mentioned this pull request Mar 27, 2024
Open
smlambert
smlambert approved these changes Mar 27, 2024
View reviewed changes
Copy link
Contributor

@smlambert smlambert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving it because I assume no downstream user of these pipelines would want this block, though I have not confirmed with anyone about that assumption.

sxa
sxa reviewed Mar 28, 2024
View reviewed changes
Copy link
Member

@sxa sxa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to defer to @andrew-m-leonard on this. While I'd be ok with it (and it's something I've done elsewhere) I feel there ought to be a parameter that can be used to determine whether to invoke the signing code.

@AdamBrousseau has suggested a VARIANT check as potentially suitable for this in #981 (comment) - I'd be ok with it being if VARIANT = temurin as a preference if that's feasible since I don't think we'll ever have a requirement to be doing this on another variant (since Adoptium don't ship anything else)

@AdamBrousseau
Copy link
Contributor

There is ENABLE_SIGNER param. But we use that to toggle our own signing process. We kick a different job to sign our stuff with presumably different params. If you don't care to sign your OpenJ9 builds we could use variant=temurin here. I figured since you are currently signing your openj9 builds we'd go this route.

andrew-m-leonard
andrew-m-leonard approved these changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@andrew-m-leonard andrew-m-leonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although I feel a new param maybe ideal, we do have precedence for this same check on JENKINS_URL for things like pipeline generation authentication...
So I am good with this.

sxa
sxa approved these changes Apr 3, 2024
View reviewed changes
Copy link
Member

@sxa sxa left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although I feel a new param maybe ideal, we do have precedence for this same check on JENKINS_URL for things like pipeline generation authentication... So I am good with this.

👍🏻 in which case I'll approve too. It's a terrible (IMHO) precedent, and perhaps we should look at going through them all later (I hadn't realised it was in other places too) but I'm ok with this extra 'leak' for now.

I'll approve the workflows so they can run through but I don't anticipate a problem here (Does me saying that guaranteeing there will be?)

@karianna karianna merged commit 15c83ae into adoptium:master Apr 4, 2024
4 checks passed
AdamBrousseau pushed a commit to ibmruntimes/ci-jenkins-pipelines that referenced this pull request May 3, 2024
@mahdipub @karianna @AdamBrousseau
avoid sign_temurin_gpg in non-adopt pipelines (adoptium#983)
5d1aa46 
This is to avoid not adoptium pipelines pick the sign_temurin_gpg

Co-authored-by: Martijn Verburg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrew-m-leonard andrew-m-leonard andrew-m-leonard approved these changes

@sxa sxa sxa approved these changes

@smlambert smlambert smlambert approved these changes

Assignees
No one assigned
Labels
jenkins-pipeline
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mahdipub @AdamBrousseau @smlambert @sxa @andrew-m-leonard @karianna