Import GPG signing key before verifying Gerrit
tag details.
Change-Id: I132fb8dbba51de995b0e42765344bf218340415c
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
--- /dev/null
+---
+fixes:
+ - |
+ Import GPG signing key in release jobs before verifying Gerrit tag details.
}
tag(){
+ # Import public signing key
+ gpg --import "$SIGNING_PUBKEY"
if git tag -v "$VERSION"; then
echo "---> OK: Repo already tagged $VERSION Continuting to release"
else
git tag -am "${PROJECT//\//-} $VERSION" "$VERSION"
sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$VERSION" < "$SIGUL_PASSWORD"
echo "Showing latest signature for $PROJECT:"
- gpg --import "$SIGNING_PUBKEY"
echo "git tag -v $VERSION"
git tag -v "$VERSION"