Use gpg1 for client-side actions.

JGit has limited support for GPGv2 KBX files. Switching to gpg1 and legacy keyring files enables proper signing of commits.
This commit is contained in:
Greg L. Turnquist
2023-01-23 11:16:34 -06:00
parent ae2bc720f4
commit 949b92bb8a
7 changed files with 12 additions and 60 deletions

4
Jenkinsfile vendored
View File

@@ -25,7 +25,7 @@ pipeline {
steps {
script {
def image = docker.build("springci/spring-data-release-tools:0.5", "ci")
def image = docker.build("springci/spring-data-release-tools:0.6", "ci")
docker.withRegistry('', 'hub.docker.com-springbuildmaster') {
image.push()
}
@@ -39,7 +39,7 @@ pipeline {
}
agent {
docker {
image 'springci/spring-data-release-tools:0.5'
image 'springci/spring-data-release-tools:0.6'
}
}
options { timeout(time: 4, unit: 'HOURS') }

View File

@@ -1,48 +0,0 @@
pipeline {
agent none
triggers {
pollSCM 'H/10 * * * *'
}
options {
disableConcurrentBuilds()
buildDiscarder(logRotator(numToKeepStr: '14'))
}
stages {
stage('Build the Spring Data release tools container') {
when {
changeset 'ci/Dockerfile'
}
agent {
label 'data'
}
steps {
script {
def image = docker.build("springci/spring-data-release-tools:0.4", "ci")
docker.withRegistry('', 'hub.docker.com-springbuildmaster') {
image.push()
}
}
}
}
}
post {
changed {
script {
slackSend(
color: (currentBuild.currentResult == 'SUCCESS') ? 'good' : 'danger',
channel: '#spring-data-dev',
message: "${currentBuild.fullDisplayName} - `${currentBuild.currentResult}`\n${env.BUILD_URL}")
emailext(
subject: "[${currentBuild.fullDisplayName}] ${currentBuild.currentResult}",
mimeType: 'text/html',
recipientProviders: [[$class: 'CulpritsRecipientProvider'], [$class: 'RequesterRecipientProvider']],
body: "<a href=\"${env.BUILD_URL}\">${currentBuild.fullDisplayName} is reported as ${currentBuild.currentResult}</a>")
}
}
}
}

View File

@@ -26,7 +26,7 @@ deployment.maven-central.staging-profile-id=
# GPG
gpg.keyname=
gpg.passphrase=
gpg.executable=/usr/local/bin/gpg2
gpg.executable=/usr/local/bin/gpg1
# A GitHub token with user:email, read:user and read:org scopes.
# User needs to be part of the Spring team on GitHub as well.

View File

@@ -17,7 +17,7 @@ RUN set -eux; \
sed -i -e 's/ports.ubuntu.com/ftp.tu-chemnitz.de\/pub\/linux/g' /etc/apt/sources.list && \
sed -i -e 's/http/https/g' /etc/apt/sources.list && \
apt-get update && \
apt-get -y install curl zip gnupg libfreetype6
apt-get -y install curl zip gnupg gnupg1 libfreetype6
RUN rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/*

View File

@@ -34,9 +34,9 @@ if test -f application-local.properties; then
else
echo "You are running inside Jenkins! Using parameters fed from the agent."
echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}"
echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}"
/usr/bin/gpg -k
echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}"
echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}"
/usr/bin/gpg1 -k
function spring-data-release-shell {
java \

View File

@@ -34,9 +34,9 @@ if test -f application-local.properties; then
else
echo "You are running inside Jenkins! Using parameters fed from the agent."
echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}"
echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}"
/usr/bin/gpg -k
echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}"
echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}"
/usr/bin/gpg1 -k
function spring-data-release-shell {
java \

View File

@@ -5,7 +5,7 @@ git.password=${GITHUB_TOKEN}
#git.gpg.keyname=B3B6F3E392A8615C65A98FC51F33293B709FA3E2
#git.gpg.passphrase=${GIT_SIGNING_KEY_PASSWORD}
#git.gpg.executable=/usr/bin/gpg
#git.gpg.executable=/usr/bin/gpg1
deployment.username=${REPO_SPRING_IO_USR}
deployment.password=${REPO_SPRING_IO_PSW}
@@ -16,7 +16,7 @@ deployment.maven-central.stagingProfileId=${STAGING_PROFILE_ID}
deployment.maven-central.gpg.keyname=E2ACB037933CDEAAB7BF77D49A2C7A98E457C53D
deployment.maven-central.gpg.passphrase=${MAVEN_SIGNING_KEY_PASSWORD}
deployment.maven-central.gpg.executable=/usr/bin/gpg
deployment.maven-central.gpg.executable=/usr/bin/gpg1
sagan.key=n/a