From 949b92bb8adfd40936680dfec911ea3b6e85e07b Mon Sep 17 00:00:00 2001 From: "Greg L. Turnquist" Date: Mon, 23 Jan 2023 11:16:34 -0600 Subject: [PATCH] Use gpg1 for client-side actions. JGit has limited support for GPGv2 KBX files. Switching to gpg1 and legacy keyring files enables proper signing of commits. --- Jenkinsfile | 4 +- Jenkinsfile-container | 48 ------------------- application-local.template | 2 +- ci/Dockerfile | 2 +- ci/build-and-distribute.bash | 6 +-- ci/prepare-and-build.bash | 6 +-- .../resources/application-jenkins.properties | 4 +- 7 files changed, 12 insertions(+), 60 deletions(-) delete mode 100644 Jenkinsfile-container diff --git a/Jenkinsfile b/Jenkinsfile index e5cd0c6..936b343 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,7 +25,7 @@ pipeline { steps { script { - def image = docker.build("springci/spring-data-release-tools:0.5", "ci") + def image = docker.build("springci/spring-data-release-tools:0.6", "ci") docker.withRegistry('', 'hub.docker.com-springbuildmaster') { image.push() } @@ -39,7 +39,7 @@ pipeline { } agent { docker { - image 'springci/spring-data-release-tools:0.5' + image 'springci/spring-data-release-tools:0.6' } } options { timeout(time: 4, unit: 'HOURS') } diff --git a/Jenkinsfile-container b/Jenkinsfile-container deleted file mode 100644 index d8b98a2..0000000 --- a/Jenkinsfile-container +++ /dev/null @@ -1,48 +0,0 @@ -pipeline { - agent none - - triggers { - pollSCM 'H/10 * * * *' - } - - options { - disableConcurrentBuilds() - buildDiscarder(logRotator(numToKeepStr: '14')) - } - - stages { - stage('Build the Spring Data release tools container') { - when { - changeset 'ci/Dockerfile' - } - agent { - label 'data' - } - - steps { - script { - def image = docker.build("springci/spring-data-release-tools:0.4", "ci") - docker.withRegistry('', 'hub.docker.com-springbuildmaster') { - image.push() - } - } - } - } - } - - post { - changed { - script { - slackSend( - color: (currentBuild.currentResult == 'SUCCESS') ? 'good' : 'danger', - channel: '#spring-data-dev', - message: "${currentBuild.fullDisplayName} - `${currentBuild.currentResult}`\n${env.BUILD_URL}") - emailext( - subject: "[${currentBuild.fullDisplayName}] ${currentBuild.currentResult}", - mimeType: 'text/html', - recipientProviders: [[$class: 'CulpritsRecipientProvider'], [$class: 'RequesterRecipientProvider']], - body: "${currentBuild.fullDisplayName} is reported as ${currentBuild.currentResult}") - } - } - } -} diff --git a/application-local.template b/application-local.template index 568d5bb..3366381 100644 --- a/application-local.template +++ b/application-local.template @@ -26,7 +26,7 @@ deployment.maven-central.staging-profile-id= # GPG gpg.keyname= gpg.passphrase= -gpg.executable=/usr/local/bin/gpg2 +gpg.executable=/usr/local/bin/gpg1 # A GitHub token with user:email, read:user and read:org scopes. # User needs to be part of the Spring team on GitHub as well. diff --git a/ci/Dockerfile b/ci/Dockerfile index 3dd678e..14ddb0c 100755 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -17,7 +17,7 @@ RUN set -eux; \ sed -i -e 's/ports.ubuntu.com/ftp.tu-chemnitz.de\/pub\/linux/g' /etc/apt/sources.list && \ sed -i -e 's/http/https/g' /etc/apt/sources.list && \ apt-get update && \ - apt-get -y install curl zip gnupg libfreetype6 + apt-get -y install curl zip gnupg gnupg1 libfreetype6 RUN rm -rf /var/lib/apt/lists/* && \ rm -rf /tmp/* diff --git a/ci/build-and-distribute.bash b/ci/build-and-distribute.bash index 1f6dfa3..024ab73 100755 --- a/ci/build-and-distribute.bash +++ b/ci/build-and-distribute.bash @@ -34,9 +34,9 @@ if test -f application-local.properties; then else echo "You are running inside Jenkins! Using parameters fed from the agent." - echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}" - echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}" - /usr/bin/gpg -k + echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}" + echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}" + /usr/bin/gpg1 -k function spring-data-release-shell { java \ diff --git a/ci/prepare-and-build.bash b/ci/prepare-and-build.bash index 8077cd0..f0b87fa 100755 --- a/ci/prepare-and-build.bash +++ b/ci/prepare-and-build.bash @@ -34,9 +34,9 @@ if test -f application-local.properties; then else echo "You are running inside Jenkins! Using parameters fed from the agent." - echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}" - echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}" - /usr/bin/gpg -k + echo "${GIT_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${GIT_SIGNING_KEY}" + echo "${MAVEN_SIGNING_KEY_PASSWORD}" | /usr/bin/gpg1 --batch --yes --passphrase-fd 0 --import "${MAVEN_SIGNING_KEY}" + /usr/bin/gpg1 -k function spring-data-release-shell { java \ diff --git a/src/main/resources/application-jenkins.properties b/src/main/resources/application-jenkins.properties index 47ca4e0..a4d1db2 100644 --- a/src/main/resources/application-jenkins.properties +++ b/src/main/resources/application-jenkins.properties @@ -5,7 +5,7 @@ git.password=${GITHUB_TOKEN} #git.gpg.keyname=B3B6F3E392A8615C65A98FC51F33293B709FA3E2 #git.gpg.passphrase=${GIT_SIGNING_KEY_PASSWORD} -#git.gpg.executable=/usr/bin/gpg +#git.gpg.executable=/usr/bin/gpg1 deployment.username=${REPO_SPRING_IO_USR} deployment.password=${REPO_SPRING_IO_PSW} @@ -16,7 +16,7 @@ deployment.maven-central.stagingProfileId=${STAGING_PROFILE_ID} deployment.maven-central.gpg.keyname=E2ACB037933CDEAAB7BF77D49A2C7A98E457C53D deployment.maven-central.gpg.passphrase=${MAVEN_SIGNING_KEY_PASSWORD} -deployment.maven-central.gpg.executable=/usr/bin/gpg +deployment.maven-central.gpg.executable=/usr/bin/gpg1 sagan.key=n/a