From 662c2f8706f12990af78be2e24d09d35f876d612 Mon Sep 17 00:00:00 2001 From: Jan Stastny Date: Wed, 3 Jul 2024 16:03:07 +0200 Subject: [PATCH] NO_ISSUE: Use release share library (#3095) * NO_ISSUE: use release shared library * add gpg into branch.yaml --------- Co-authored-by: jstastny-cz --- .ci/jenkins/Jenkinsfile.deploy | 34 ++++++++++++++++++---------------- .ci/jenkins/config/branch.yaml | 5 +++++ .ci/jenkins/dsl/jobs.groovy | 3 +++ .ci/jenkins/dsl/test.sh | 6 +++--- 4 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 83298655dbf..ce1bf0af095 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -144,28 +144,22 @@ pipeline { .withProperty('maven.test.failure.ignore', true) .withProperty('operator.image.build') .skipTests(params.SKIP_TESTS) - + def Closure mavenRunClosure = { + configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) { + mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") + } + } if (isRelease()) { - withCredentials([file(credentialsId: 'asf-release-gpg-signing-key', variable: 'SIGNING_KEY')]) { - withCredentials([file(credentialsId: 'asf-release-gpg-signing-key-password', variable: 'SIGNING_KEY_PASSWORD')]) { - // copy the key to singkey.gpg file in *plain text* so we can import it - sh ('cat $SIGNING_KEY > $WORKSPACE/signkey.gpg') - // Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals. - sh ('gpg --list-keys') - sh ("gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg") - sh ('rm $WORKSPACE/signkey.gpg') - + release.gpgImportKeyFromFileWithPassword(getReleaseGpgSignKeyCredsId(), getReleaseGpgSignPassphraseCredsId()) + withCredentials([string(credentialsId: getReleaseGpgSignPassphraseCredsId(), variable: 'SIGNING_KEY_PASSWORD')]) { mavenCommand.withProperty('gpg.passphrase', SIGNING_KEY_PASSWORD) mavenCommand.withProfiles(['apache-release']) - configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]) { - mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") - } + + mavenRunClosure() } } } else { - configFileProvider([configFile(fileId: env.MAVEN_SETTINGS_CONFIG_FILE_ID, variable: 'MAVEN_SETTINGS_FILE')]){ - mavenCommand.withSettingsXmlFile(MAVEN_SETTINGS_FILE).run("clean $installOrDeploy") - } + mavenRunClosure() } } @@ -536,3 +530,11 @@ void pushOperatorTemporaryImage() { boolean isDeployDisabled() { return env.DISABLE_DEPLOY.toBoolean() } + +String getReleaseGpgSignKeyCredsId() { + return env.RELEASE_GPG_SIGN_KEY_CREDS_ID +} + +String getReleaseGpgSignPassphraseCredsId() { + return env.RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID +} \ No newline at end of file diff --git a/.ci/jenkins/config/branch.yaml b/.ci/jenkins/config/branch.yaml index 65fcae46d88..77a2a539b37 100644 --- a/.ci/jenkins/config/branch.yaml +++ b/.ci/jenkins/config/branch.yaml @@ -84,6 +84,11 @@ cloud: registry: docker.io namespace: apache latest_git_branch: main +release: + gpg: + sign: + key-credentials-id: 'asf-release-gpg-signing-key' + passphrase-credentials-id: 'asf-release-gpg-signing-key-passphrase' jenkins: email_creds_id: OPTAPLANNER_CI_NOTIFICATION_EMAILS agent: diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index 5d793dde2e6..64a62c5919f 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -312,6 +312,9 @@ void setupDeployJob(JobType jobType, String envName = '') { MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", OPTAPLANNER_LATEST_STREAM: "${GIT_MAIN_BRANCH}", DISABLE_DEPLOY: Utils.isDeployDisabled(this), + + RELEASE_GPG_SIGN_KEY_CREDS_ID: Utils.getReleaseGpgSignKeyCredentialsId(this), + RELEASE_GPG_SIGN_PASSPHRASE_CREDS_ID: Utils.getReleaseGpgSignPassphraseCredentialsId(this) ]) if (jobType == JobType.PULL_REQUEST) { jobParams.env.putAll([ diff --git a/.ci/jenkins/dsl/test.sh b/.ci/jenkins/dsl/test.sh index d412c5b3e05..cac6dc28bec 100755 --- a/.ci/jenkins/dsl/test.sh +++ b/.ci/jenkins/dsl/test.sh @@ -41,13 +41,13 @@ fi git_author="$(echo ${git_url} | awk -F"${git_server_url}" '{print $2}' | awk -F. '{print $1}' | awk -F/ '{print $1}')" -export DSL_DEFAULT_MAIN_CONFIG_FILE_REPO="${git_author}"/incubator-kie-optaplanner +export DSL_DEFAULT_MAIN_CONFIG_FILE_REPO="${git_author}"/optaplanner export DSL_DEFAULT_FALLBACK_MAIN_CONFIG_FILE_REPO=apache/incubator-kie-optaplanner export DSL_DEFAULT_MAIN_CONFIG_FILE_PATH=.ci/jenkins/config/main.yaml -export DSL_DEFAULT_BRANCH_CONFIG_FILE_REPO="${git_author}"/incubator-kie-optaplanner +export DSL_DEFAULT_BRANCH_CONFIG_FILE_REPO="${git_author}"/optaplanner file=$(mktemp) # For more usage of the script, use ./test.sh -h curl -o ${file} https://raw.githubusercontent.com/apache/incubator-kie-kogito-pipelines/main/dsl/seed/scripts/seed_test.sh chmod u+x ${file} -${file} $@ \ No newline at end of file +${file} $@