# Ensure we fail the job if any steps fail.
set -e -o pipefail
+# shellcheck disable=SC1090
+. ~/lf-env.sh
+
+lf-activate-venv --python python3 lftools
+
OS=$(facter operatingsystem | tr '[:upper:]' '[:lower:]')
OS_RELEASE=$(facter lsbdistrelease | tr '[:upper:]' '[:lower:]')
if [[ "$OS_RELEASE" == "8" && "$OS" == 'centos' ]]; then
# Get Dockerfile and the enterpoint to build the docker image.
+ # shellcheck disable=SC2140
wget -O "${WORKSPACE}/sigul-sign.sh" "https://raw.githubusercontent.com/"\
- "lfit/releng-global-jjb/master/shell/sigul-sign.sh"
+"lfit/releng-global-jjb/master/shell/sigul-sign.sh"
+ # shellcheck disable=SC2140
wget -O "${WORKSPACE}/Dockerfile" "https://raw.githubusercontent.com/"\
- "lfit/releng-global-jjb/master/docker/Dockerfile"
+"lfit/releng-global-jjb/master/docker/Dockerfile"
# Setup the docker environment for jenkins user
- docker build -f ${WORKSPACE}/Dockerfile \
- --build-arg SIGN_DIR=${SIGN_DIR} \
+ docker build -f "${WORKSPACE}/Dockerfile" \
+ --build-arg SIGN_DIR="${SIGN_DIR}" \
-t sigul-sign .
docker volume create --driver local \
docker volume inspect wrkspc_vol
+ # shellcheck disable=SC2140
docker run -e SIGUL_KEY="${SIGUL_KEY}" \
-e SIGUL_PASSWORD="${SIGUL_PASSWORD}" \
- -e SIGUL_CONFIG=${SIGUL_CONFIG} \
- -e SIGN_DIR=${SIGN_DIR} \
- -e WORKSPACE=${WORKSPACE} \
+ -e SIGUL_CONFIG="${SIGUL_CONFIG}" \
+ -e SIGN_DIR="${SIGN_DIR}" \
+ -e WORKSPACE="${WORKSPACE}" \
--name sigul-sign \
--security-opt label:disable \
--mount type=bind,source="/w/workspace",target="/w/workspace" \
--mount type=bind,source="/home/jenkins",target="/home/jenkins" \
- -u root:root -w $(pwd) sigul-sign
+ -u root:root -w "$(pwd)" sigul-sign
+
+ # change the .asc files owner permissions back to jenkins
+ sudo chown -R jenkins:jenkins "${SIGN_DIR}"
else
lftools sign sigul -m "${SIGN_MODE}" "${SIGN_DIR}"
fi