From fbcc8f2cab0ab369d8bc0d93b5c2c14e437e8868 Mon Sep 17 00:00:00 2001 From: Jan Stastny Date: Wed, 3 Jul 2024 16:02:37 +0200 Subject: [PATCH] NO_ISSUE: use release shared library (#3532) Co-authored-by: jstastny-cz --- .ci/jenkins/Jenkinsfile.deploy | 42 +++++++++++++++++----------------- .ci/jenkins/dsl/jobs.groovy | 3 +++ 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index d71a8ee87c1..953415b891b 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -152,30 +152,22 @@ pipeline { if (params.SKIP_TESTS) { mvnCmd.skipTests() // Conflict somehow with Python testing. If `skipTests={anyvalue}` is set, then exec plugin is not executed ... } + def Closure mavenRunClosure = { + configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) { + mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE) + .run("clean $installOrDeploy") + } + } if (isRelease()) { - withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) { - withCredentials([file(credentialsId: 'asf-release-gpg-signing-key-password', variable: 'SIGNING_KEY_PASSWORD')]) { - // copy the key to singkey.gpg file in *plain text* so we can import it - sh ('cat $SIGNING_KEY > $WORKSPACE/signkey.gpg') - // Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals. - sh ('gpg --list-keys') - sh ("gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg") - sh ('rm $WORKSPACE/signkey.gpg') - - mvnCmd.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD) - .withProfiles(['apache-release']) - - configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - mvnCmd.withSettingsXmlFile(MAVEN_SETTINGS_FILE) - .run("clean $installOrDeploy") - } - } + release.gpgImportKeyFromFileWithPassword(getReleaseGpgSignKeyCredsId(), getReleaseGpgSignPassphraseCredsId()) + withCredentials([string(credentialsId: getReleaseGpgSignPassphraseCredsId(), variable: 'SIGNING_KEY_PASSWORD')]) { + mvnCmd.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD) + .withProfiles(['apache-release']) + + mavenRunClosure() } } else { - configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - mvnCmd.withSettingsXmlFile(MAVEN_SETTINGS_FILE) - .run("clean $installOrDeploy") - } + mavenRunClosure() } } @@ -328,3 +320,11 @@ String getWorkflowCommonDeploymentPath() { String getDataIndexEphemeralReleaseImage() { return "docker.io/apache/incubator-kie-kogito-data-index-ephemeral:${util.getMajorMinorVersion(getProjectVersion())}" } + +String getReleaseGpgSignKeyCredsId() { + return env.RELEASE_GPG_SIGN_KEY_CREDS_ID +} + +String getReleaseGpgSignPassphraseCredsId() { + return env.RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID +} diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index aba056af657..d0ac6d88049 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -196,6 +196,9 @@ void setupReleaseDeployJob() { MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}", MAVEN_DEPLOY_REPOSITORY: "${MAVEN_ARTIFACTS_UPLOAD_REPOSITORY_URL}", MAVEN_REPO_CREDS_ID: "${MAVEN_ARTIFACTS_UPLOAD_REPOSITORY_CREDS_ID}", + + RELEASE_GPG_SIGN_KEY_CREDS_ID: Utils.getReleaseGpgSignKeyCredentialsId(this), + RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID: Utils.getReleaseGpgSignPassphraseCredentialsId(this) ]) KogitoJobTemplate.createPipelineJob(this, jobParams)?.with { parameters {