From: Jessica Wagantall <jwagantall@linuxfoundation.org>
Date: Wed, 11 Sep 2019 20:17:37 +0000 (-0700)
Subject: Fix import key release jobs
X-Git-Tag: v0.43.0^0
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=e823b65850383cef52df972e38c6e53648ed86b3;p=releng%2Fglobal-jjb.git

Fix import key release jobs

Import GPG signing key before verifying Gerrit
tag details.

Change-Id: I132fb8dbba51de995b0e42765344bf218340415c
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
---

diff --git a/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml b/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml
new file mode 100644
index 00000000..c9ad3034
--- /dev/null
+++ b/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Import GPG signing key in release jobs before verifying Gerrit tag details.
diff --git a/shell/release-job.sh b/shell/release-job.sh
index 785bda4e..72b3baea 100644
--- a/shell/release-job.sh
+++ b/shell/release-job.sh
@@ -119,6 +119,8 @@ verify_version(){
 }
 
 tag(){
+    # Import public signing key
+    gpg --import "$SIGNING_PUBKEY"
     if git tag -v "$VERSION"; then
         echo "---> OK: Repo already tagged $VERSION Continuting to release"
     else
@@ -126,7 +128,6 @@ tag(){
         git tag -am "${PROJECT//\//-} $VERSION" "$VERSION"
         sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$VERSION" < "$SIGUL_PASSWORD"
         echo "Showing latest signature for $PROJECT:"
-        gpg --import "$SIGNING_PUBKEY"
         echo "git tag -v $VERSION"
         git tag -v "$VERSION"