From bf697ce160444f9d3672559c34b42caeddc27969 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= Date: Thu, 23 May 2024 12:26:11 +0200 Subject: [PATCH 1/5] Add apache-release profile to release builds. --- .ci/jenkins/Jenkinsfile.deploy | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 28ab4d6d629..55853add15a 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -139,13 +139,26 @@ pipeline { } else { installOrDeploy = 'install' } + + def mavenCommand = getOptaplannerMavenCommand() + .withProperty('maven.test.failure.ignore', true) + .withProperty('operator.image.build') + .skipTests(params.SKIP_TESTS) + .withSettingsXmlFile(MAVEN_SETTINGS_FILE) + + if (isRelease()) { + withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) { + // copy the key to singkey.gpg file in *plain text* so we can import it + sh ('cat $SIGNING_KEY > $WORKSPACE/signkey.gpg') + // import the key into the gpg keyring + sh ('gpg --allow-secret-key-import --import signkey.gpg') + sh ('rm $WORKSPACE/signkey.gpg') + } + mavenCommand.withProfiles(['apache-release']) + } + configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - getOptaplannerMavenCommand() - .withProperty('maven.test.failure.ignore', true) - .withProperty('operator.image.build') - .skipTests(params.SKIP_TESTS) - .withSettingsXmlFile(MAVEN_SETTINGS_FILE) - .run("clean $installOrDeploy") + mavenCommand.run("clean $installOrDeploy") } } if (isRelease()) { From 4a73231ba3954cace5d1b261f89515b7bd48f708 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= Date: Thu, 23 May 2024 13:14:54 +0200 Subject: [PATCH 2/5] Add password to gpg signing setup. --- .ci/jenkins/Jenkinsfile.deploy | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 55853add15a..8df7bbb25e7 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -148,11 +148,14 @@ pipeline { if (isRelease()) { withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) { - // copy the key to singkey.gpg file in *plain text* so we can import it - sh ('cat $SIGNING_KEY > $WORKSPACE/signkey.gpg') - // import the key into the gpg keyring - sh ('gpg --allow-secret-key-import --import signkey.gpg') - sh ('rm $WORKSPACE/signkey.gpg') + withCredentials([file(credentialsId: 'asf-release-gpg-signing-key-password', variable: 'SIGNING_KEY_PASSWORD')]) { + // copy the key to singkey.gpg file in *plain text* so we can import it + sh ('cat $SIGNING_KEY > $WORKSPACE/signkey.gpg') + // Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals. + sh ('gpg --list-keys') + sh ("gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg") + sh ('rm $WORKSPACE/signkey.gpg') + } } mavenCommand.withProfiles(['apache-release']) } From c3e8aad3920e9f1ecddda7854b216249f521a68c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= Date: Fri, 24 May 2024 08:51:18 +0200 Subject: [PATCH 3/5] Fix Maven settings use. --- .ci/jenkins/Jenkinsfile.deploy | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 8df7bbb25e7..470190dcff7 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -144,7 +144,6 @@ pipeline { .withProperty('maven.test.failure.ignore', true) .withProperty('operator.image.build') .skipTests(params.SKIP_TESTS) - .withSettingsXmlFile(MAVEN_SETTINGS_FILE) if (isRelease()) { withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) { @@ -161,7 +160,7 @@ pipeline { } configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - mavenCommand.run("clean $installOrDeploy") + mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") } } if (isRelease()) { From ad6d0ea2fc1a86460b5089aaf299bb61548e2fc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= Date: Fri, 24 May 2024 09:53:04 +0200 Subject: [PATCH 4/5] Add GPG password to Maven command. --- .ci/jenkins/Jenkinsfile.deploy | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 470190dcff7..9ef6cd1c580 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -154,6 +154,8 @@ pipeline { sh ('gpg --list-keys') sh ("gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg") sh ('rm $WORKSPACE/signkey.gpg') + + mavenCommand.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD) } } mavenCommand.withProfiles(['apache-release']) From 66c1940703e5819818d2fe340065501f3e1936a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tibor=20Zim=C3=A1nyi?= Date: Fri, 24 May 2024 10:05:08 +0200 Subject: [PATCH 5/5] Run from within withCredentials block when releasing. --- .ci/jenkins/Jenkinsfile.deploy | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 9ef6cd1c580..acc3daf7787 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -156,14 +156,18 @@ pipeline { sh ('rm $WORKSPACE/signkey.gpg') mavenCommand.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD) + mavenCommand.withProfiles(['apache-release']) + configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) { + mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") + } } } - mavenCommand.withProfiles(['apache-release']) + } else { + configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ + mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") + } } - configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") - } } if (isRelease()) { updateAntoraYaml(optaplannerFolder)