any macros that calles the
:ref:`lf-provide-maven-settings <lf-provide-maven-settings>` macro.
-.. _provide-sigul-config:
-
-lf-provide-sigul-configuration
-------------------------------
-
-Provides sigual configuration to the Jenkins build node.
-
-Requires the following Config File Provider managed files in Jenkins
-preconfigured.
-
-* sigul-config
-* sigul-password
-* sigul-pki
-
-.. _provide-sigul-config-cleanup:
-
-lf-provide-sigul-configuration-cleanup
---------------------------------------
-
-Cleanup configuration provided by `provide-sigul-config`.
-
lf-rtd-trigger-build
--------------------
ReadTheDocs verify script.
-lf-sigul-install
-----------------
+lf-sigul-sign-dir
+-----------------
-Install Sigul.
+Use Sigul to sign a directory via {sign-dir}.
Requires ``SIGUL_BRIDGE_IP`` configured as a global envvar.
+:Required Parameters:
+ :sign-artifacts: Whether or not to sign artifacts with Sigul.
+ :sign-dir: Directory to sign.
+
lf-infra-provide-docker-cleanup
-------------------------------
:mvn-opts: Sets MAVEN_OPTS. (default: '')
:mvn-params: Additional mvn parameters to pass to the cli. (default: '')
:mvn-version: Version of maven to use. (default: mvn35)
+ :sign-artifacts: Sign artifacts with Sigul. (default: false)
:stream: Keyword that can be used to represent a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
- file-id: '{settings-file}'
variable: 'SETTINGS_FILE'
-- builder:
- name: lf-provide-sigul-configuration
- # Push configuration files to interact with sigul
- builders:
- - config-file-provider:
- files:
- - file-id: sigul-config
- variable: SIGUL_CONFIG
- - file-id: sigul-password
- variable: SIGUL_PASSWORD
- - file-id: sigul-pki
- variable: SIGUL_PKI
- - shell: !include-raw: ../shell/sigul-configuration.sh
-
- builder:
name: lf-pip-install
builders:
# DO NOT fail build if any of the above lines fail.
exit 0
-- builder:
- name: lf-provide-sigul-configuration-cleanup
- # Clear sigul configuration files after we're done using them
- builders:
- - shell: !include-raw: ../shell/sigul-configuration-cleanup.sh
-
- builder:
name: lf-rtd-trigger-build
builders:
- ../shell/rtd-verify.sh
- builder:
- name: lf-sigul-install
+ name: lf-sigul-sign-dir
# Requires that Jenkins be configured with SIGUL_BRIDGE_IP as a global
# Environment variable
builders:
- - shell: !include-raw: ../shell/sigul-install.sh
+ - conditional-step:
+ condition-kind: boolean-expression
+ condition-expression: '{sign-artifacts}'
+ steps:
+ - config-file-provider:
+ files:
+ - file-id: sigul-config
+ variable: SIGUL_CONFIG
+ - file-id: sigul-password
+ variable: SIGUL_PASSWORD
+ - file-id: sigul-pki
+ variable: SIGUL_PKI
+ - shell: !include-raw-escape: ../shell/sigul-configuration.sh
+ - shell: !include-raw-escape: ../shell/sigul-install.sh
+ - inject:
+ properties-content: SIGN_DIR={sign-dir}
+ - shell: !include-raw-escape:
+ - ../shell/common-variables.sh
+ - ../shell/sigul-sign-dir.sh
+ - shell: !include-raw-escape: ../shell/sigul-configuration-cleanup.sh
- builder:
name: lf-infra-provide-docker-cleanup
mvn-opts: ''
mvn-params: ''
mvn-version: mvn35
+ sign-artifacts: false
stream: master
submodule-recursive: true
- ../shell/maven-patch-release.sh
- lf-maven-build:
mvn-goals: '{mvn-goals}'
+ - lf-sigul-sign-dir:
+ sign-artifacts: '{sign-artifacts}'
+ sign-dir: '$WORKSPACE/m2repo'
- lf-maven-stage
- lf-provide-maven-settings-cleanup
--- /dev/null
+---
+features:
+ - |
+ New macro ``lf-sigul-sign-dir`` available to sign artifacts in a provided
+ directory using Sigul.
+
+ Usage:
+
+ .. code-block:: yaml
+
+ - lf-sigul-sign-dir:
+ sign-dir: '$WORKSPACE/m2repo'
+
+ This macro also requires a boolean variable to ``SIGN_ARTIFACTS`` to be set
+ to true to activate the macro. We recommend the job-template that uses
+ this macro to define it in the job parameters section.
+
+ Example:
+
+ .. code-block:: yaml
+
+ - bool:
+ name: SIGN_ARTIFACTS
+ default: '{sign-artifacts}'
+ description: Use Sigul to sign artifacts.
+
+ - |
+ Add Sigul signing support to the maven-staging job. To activate Sigul
+ signing make sure to set ``sign-artifacts: true``. Example:
+
+ .. code-block:: yaml
+
+ - project:
+ name: abc
+ jobs:
+ - gerrit-maven-stage
+
+ sign-artifacts: true
--- /dev/null
+#!/bin/bash -l
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2018 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> sigul-sign-dir.sh"
+
+# Ensure we fail the job if any steps fail.
+set -e -o pipefail
+
+lftools_activate
+lftools sign sigul "${SIGN_DIR}"