Enable pgp signing in Jenkinsfile

eclipse-wildwebdeveloper · May 27, 2024 · 196e8d1 · 196e8d1
1 parent 49c946c
commit 196e8d1
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 8 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -28,12 +28,12 @@ spec:
   - name: jnlp
     image: 'eclipsecbi/jenkins-jnlp-agent'
     volumeMounts:
-    - mountPath: /home/jenkins/.ssh
-      name: volume-known-hosts
+    - mountPath: "/home/jenkins"
+      name: "jenkins-home"
+      readOnly: false
   volumes:
-  - configMap:
-      name: known-hosts
-    name: volume-known-hosts
+  - name: "jenkins-home"
+    emptyDir: {}
 """
     }
   }
@@ -54,12 +54,20 @@ spec:
 				}
 			}
 		}
+		stage('initialize PGP') {
+			steps {
+				withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
+					sh 'gpg --batch --import "${KEYRING}"'
+					sh 'for fpr in $(gpg --list-keys --with-colons  | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
+				}
+			}
+		}
 		stage('Build') {
 			steps {
 				container('container') {
-					withCredentials([string(credentialsId: "${GITHUB_API_CREDENTIALS_ID}", variable: 'GITHUB_API_TOKEN')]) {
-						wrap([$class: 'Xvnc', useXauthority: true]) {
-							sh """mvn clean verify -B -fae -Dtycho.disableP2Mirrors=true -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" """
+					withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) {
+						withCredentials([string(credentialsId: "${GITHUB_API_CREDENTIALS_ID}", variable: 'GITHUB_API_TOKEN')]) {
+							sh """mvn clean -B -fae -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" """
 						}
 					}
 				}

diff --git a/repository/pom.xml b/repository/pom.xml
@@ -41,4 +41,30 @@
 			</plugin>
 		</plugins>
 	</build>
+	<profiles>
+		<profile>
+			<id>sign</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.eclipse.tycho</groupId>
+						<artifactId>tycho-gpg-plugin</artifactId>
+						<version>${tycho-version}</version>
+						<executions>
+							<execution>
+								<id>pgpsigner</id>
+								<goals>
+									<goal>sign-p2-artifacts</goal>
+								</goals>
+								<configuration>
+									<keyname>9BC06FC97ED4ED26</keyname>
+									<skipIfJarsigned>true</skipIfJarsigned>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+	</profiles>
 </project>