From: Eric Ball Date: Fri, 8 May 2020 21:10:09 +0000 (+0000) Subject: Merge "Add signing to Akraino deploy templates" X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ci-management.git;a=commitdiff_plain;h=f3676935f6c18da1a1748251781d8cb30ac2acfa;hp=859d3549b7f56cc66289e951cec29ca31ad1b953 Merge "Add signing to Akraino deploy templates" --- diff --git a/jjb/akraino-templates/akraino-jjb-templates.yaml b/jjb/akraino-templates/akraino-jjb-templates.yaml index 52d4901..01210ac 100644 --- a/jjb/akraino-templates/akraino-jjb-templates.yaml +++ b/jjb/akraino-templates/akraino-jjb-templates.yaml @@ -115,6 +115,20 @@ builders: - lf-infra-pre-build + - config-file-provider: + files: + - file-id: lftoolsini + target: "$HOME/.config/lftools/lftools.ini" + - file-id: sigul-config + variable: SIGUL_CONFIG + - file-id: sigul-password + variable: SIGUL_PASSWORD + - file-id: sigul-pki + variable: SIGUL_PKI + - file-id: signing-pubkey + variable: SIGNING_PUBKEY + - shell: !include-raw-escape: ../global-jjb/shell/sigul-configuration.sh + - shell: !include-raw-escape: ../global-jjb/shell/sigul-install.sh - lf-maven-install: mvn-version: '{mvn-version}' - lf-update-java-alternatives: @@ -243,6 +257,20 @@ builders: - lf-infra-pre-build + - config-file-provider: + files: + - file-id: lftoolsini + target: "$HOME/.config/lftools/lftools.ini" + - file-id: sigul-config + variable: SIGUL_CONFIG + - file-id: sigul-password + variable: SIGUL_PASSWORD + - file-id: sigul-pki + variable: SIGUL_PKI + - file-id: signing-pubkey + variable: SIGNING_PUBKEY + - shell: !include-raw-escape: ../global-jjb/shell/sigul-configuration.sh + - shell: !include-raw-escape: ../global-jjb/shell/sigul-install.sh - lf-jacoco-nojava-workaround - lf-maven-install: mvn-version: '{mvn-version}' diff --git a/jjb/akraino-templates/akraino-ta-common-macros.yaml b/jjb/akraino-templates/akraino-ta-common-macros.yaml index a0d578c..feb1bc2 100644 --- a/jjb/akraino-templates/akraino-ta-common-macros.yaml +++ b/jjb/akraino-templates/akraino-ta-common-macros.yaml @@ -189,6 +189,16 @@ files: - file-id: 'ta-settings' variable: 'SETTINGS_FILE' + - file-id: lftoolsini + target: "$HOME/.config/lftools/lftools.ini" + - file-id: sigul-config + variable: SIGUL_CONFIG + - file-id: sigul-password + variable: SIGUL_PASSWORD + - file-id: sigul-pki + variable: SIGUL_PKI + - file-id: signing-pubkey + variable: SIGNING_PUBKEY - inject: properties-content: 'ALT_NEXUS_URL=https://nexus3.akraino.org' - lf-infra-create-netrc: @@ -201,6 +211,8 @@ # Ensure python-tools are installed in case job template does not # call the lf-infra-pre-build macro. - ../../global-jjb/shell/python-tools-install.sh + - shell: !include-raw: ../global-jjb/shell/sigul-configuration.sh + - shell: !include-raw: ../global-jjb/shell/sigul-install.sh - shell: !include-raw: - ../shell/ta-rpm-deploy.sh - shell: !include-raw: @@ -215,12 +227,24 @@ files: - file-id: 'ta-settings' variable: 'SETTINGS_FILE' + - file-id: lftoolsini + target: "$HOME/.config/lftools/lftools.ini" + - file-id: sigul-config + variable: SIGUL_CONFIG + - file-id: sigul-password + variable: SIGUL_PASSWORD + - file-id: sigul-pki + variable: SIGUL_PKI + - file-id: signing-pubkey + variable: SIGNING_PUBKEY - lf-infra-create-netrc: server-id: images-snapshots - shell: !include-raw: # Ensure python-tools are installed in case job template does not # call the lf-infra-pre-build macro. - ../../global-jjb/shell/python-tools-install.sh + - shell: !include-raw: ../global-jjb/shell/sigul-configuration.sh + - shell: !include-raw: ../global-jjb/shell/sigul-install.sh - shell: !include-raw: - ../shell/ta-iso-deploy.sh - shell: !include-raw: diff --git a/jjb/shell/make-tar.sh b/jjb/shell/make-tar.sh index adc830d..2e8819a 100644 --- a/jjb/shell/make-tar.sh +++ b/jjb/shell/make-tar.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -l # # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # @@ -14,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +echo "---> make-tar.sh" + sudo yum install -y dos2unix # shellcheck source="$WORKSPACE/version.properties" disable=SC1091 dos2unix "${WORKSPACE}/version.properties" @@ -47,25 +49,29 @@ then # Build the regional controller scripts tar ball ARTIFACT_NAME="onap-amsterdam-regional-controller-${STREAM}" TAR_NAME="${ARTIFACT_NAME}-${VERSION}.tgz" - echo "Making tar file ${TARDIR}/${TAR_NAME}" + echo "---> Making tar file ${TARDIR}/${TAR_NAME}" cd ./src/regional_controller_scripts/ tar -cvzf "${TARDIR}/${TAR_NAME}" -- * # Build the ONAP VM scripts tar ball ARTIFACT_NAME="onap-amsterdam-VM-${STREAM}" TAR_NAME="${ARTIFACT_NAME}-${VERSION}.tgz" - echo "Making tar file ${TARDIR}/${TAR_NAME}" + echo "---> Making tar file ${TARDIR}/${TAR_NAME}" cd ../onap_vm_scripts/ tar -cvzf "${TARDIR}/${TAR_NAME}" -- * else TAR_NAME="${PROJECT}-${VERSION}.tgz" - echo "Making tar file ${TARDIR}/${TAR_NAME}" + echo "---> Making tar file ${TARDIR}/${TAR_NAME}" # Put the file in /tmp initially to prevent it $TARDIR from going into the tar file tar -cvzf "/tmp/${TAR_NAME}" -- * mkdir "$TARDIR" cp "/tmp/${TAR_NAME}" "${TARDIR}/${TAR_NAME}" fi + +echo "-----> Sign all artifacts" +lftools sign sigul "${TARDIR}" + set +u +x diff --git a/jjb/shell/ta-iso-deploy.sh b/jjb/shell/ta-iso-deploy.sh index e40eeba..9525e8a 100644 --- a/jjb/shell/ta-iso-deploy.sh +++ b/jjb/shell/ta-iso-deploy.sh @@ -41,6 +41,9 @@ fi cp "$WORKSPACE/work/results/images/"* "$upload_dir1" cp "$WORKSPACE/work/results/images/"* "$upload_dir2" +echo "-----> Sign all artifacts" +lftools sign sigul "$repo_dir" + echo "-----> Upload ISOs to Nexus" lftools deploy nexus "$nexus_repo_url" "$repo_dir" rm -rf "$repo_dir" diff --git a/jjb/shell/ta-rpm-deploy.sh b/jjb/shell/ta-rpm-deploy.sh index d742333..719ec5d 100644 --- a/jjb/shell/ta-rpm-deploy.sh +++ b/jjb/shell/ta-rpm-deploy.sh @@ -63,6 +63,9 @@ for artifact in \ fi done +echo "-----> Sign all artifacts" +lftools sign sigul "$repo_dir" + echo "-----> Upload RPMs to Nexus" lftools deploy nexus "$nexus_repo_url" "$repo_dir"