sign artefact and metadata file and upload signatures #303
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- ensure the value of signing setting in app.cfg is read as json - convert all paths used to absolute paths - bind mount all paths used plus their realpath into the container (the latter is needed to make sure targets of symlinks that reside on a different file system prefix are still accessible inside the container) - put env arguments in run_cmd and run_subcommand at the end
Merged
Neves-P
requested changes
Mar 12, 2025
Member
Neves-P
left a comment
Neves-P
left a comment
There was a problem hiding this comment.
This looks great and is quite clear! I made just a few suggestions in the help messages and a default, but these are minor and I have no issues if you disagree and would rather merge as is.
Feel free to commit the suggestions or reject them and I'm happy to merge when done either way.
boegel
reviewed
Mar 13, 2025
| if [[ -n "${sign_key}" ]] && [[ -n "${sign_script}" ]]; then | ||
| sign=1 | ||
| elif [[ -n "${sign_key}" ]]; then | ||
| sign=0 |
Contributor
There was a problem hiding this comment.
Nitpicking, can maybe be tackled in a follow-up PR: I would've used 'no' and 'yes' here, to avoid confusion.
0 is often a sign of success in bash scripts, here's it's a negative value, 'no' leaves no room for confusion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds signing of a tarball (artefact) and the corresponding metadata file and uploading those to the S3 bucket too.
Uses a sign script that could be provided by the target repository, for example, see EESSI/software-layer#948
Because the latter uses the "recently" added option of
ssh-keygento sign files (option-Yrequires OpenSSH v8.2 or newer), the bot may be configured to run the upload script in a container that provides a sufficiently recent version.The PR adds the capability to skip the ReFrame tests at the end of a build job. This should not be used for production builds, but is useful to shorten development cycles.
The PR has been extensively tested via trz42/software-layer#89