From e823b65850383cef52df972e38c6e53648ed86b3 Mon Sep 17 00:00:00 2001 From: Jessica Wagantall Date: Wed, 11 Sep 2019 13:17:37 -0700 Subject: [PATCH] Fix import key release jobs Import GPG signing key before verifying Gerrit tag details. Change-Id: I132fb8dbba51de995b0e42765344bf218340415c Signed-off-by: Jessica Wagantall --- releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml | 4 ++++ shell/release-job.sh | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml diff --git a/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml b/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml new file mode 100644 index 00000000..c9ad3034 --- /dev/null +++ b/releasenotes/notes/fix-import-sigul-key-release-904e6d1668a8db33.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Import GPG signing key in release jobs before verifying Gerrit tag details. diff --git a/shell/release-job.sh b/shell/release-job.sh index 785bda4e..72b3baea 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -119,6 +119,8 @@ verify_version(){ } tag(){ + # Import public signing key + gpg --import "$SIGNING_PUBKEY" if git tag -v "$VERSION"; then echo "---> OK: Repo already tagged $VERSION Continuting to release" else @@ -126,7 +128,6 @@ tag(){ git tag -am "${PROJECT//\//-} $VERSION" "$VERSION" sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$VERSION" < "$SIGUL_PASSWORD" echo "Showing latest signature for $PROJECT:" - gpg --import "$SIGNING_PUBKEY" echo "git tag -v $VERSION" git tag -v "$VERSION" -- 2.16.6