X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Frelease-job.sh;h=e01d3a93c89d73c0202cf9025c924f63a846bd72;hb=refs%2Ftags%2Fv0.90.2;hp=6c280d20c7de6c8ae62af00727fe7152fa824752;hpb=24841a2cd51681e9d066c9e3347970c78e092800;p=releng%2Fglobal-jjb.git diff --git a/shell/release-job.sh b/shell/release-job.sh index 6c280d20..e01d3a93 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -97,7 +97,7 @@ set_variables_common(){ TAG_RELEASE="${TAG_RELEASE:-None}" if [[ $TAG_RELEASE == "None" ]]; then - if grep -q "tag_release" $release_file ; then + if grep -q "tag_release" "$release_file"; then TAG_RELEASE=$(yq -r .tag_release "$release_file") else TAG_RELEASE=true @@ -183,7 +183,7 @@ set_variables_packagecloud(){ VERSION=$(yq -r ".version" "$release_file") fi if [[ -z ${GIT_TAG:-} ]]; then - if grep -q "git_tag" $release_file ; then + if grep -q "git_tag" "$release_file"; then GIT_TAG=$(yq -r ".git_tag" "$release_file") else GIT_TAG="$VERSION" @@ -385,8 +385,8 @@ artifact_release_file(){ mkdir artifacts ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}') - for namequoted in $(yq '.artifacts[].name' $release_file); do - pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" $release_file) + for namequoted in $(yq '.artifacts[].name' "$release_file"); do + pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" "$release_file") #Remove extra yaml quotes name="${namequoted#\"}" @@ -420,8 +420,8 @@ container_release_file(){ local lfn_umbrella lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')" - for namequoted in $(yq '.containers[].name' $release_file); do - versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" $release_file) + for namequoted in $(yq '.containers[].name' "$release_file"); do + versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" "$release_file") #Remove extra yaml quotes name="${namequoted#\"}" @@ -443,8 +443,16 @@ container_release_file(){ echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" if [[ "$JOB_NAME" =~ "merge" ]]; then + curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64" + sudo mv cosign-linux-amd64 /usr/local/bin/cosign + sudo chmod +x /usr/local/bin/cosign + export COSIGN_PASSWORD docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" + image_sha=$(docker images --no-trunc --quiet \ + "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION") + image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha" + cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest" fi echo "#########################" fi @@ -649,7 +657,7 @@ case $DISTRIBUTION_TYPE in fi set_variables_packagecloud verify_packagecloud_match_release - for name in $(yq -r '.packages[].name' $release_file); do + for name in $(yq -r '.packages[].name' "$release_file"); do package=$name packagecloud_verify "$package" "$packagecloud_account" if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then