Skip to content

Commit 7993cad

Browse files
onobconobc
committed
Add gpg sign to stream apps
Signed-off-by: Chris Bono <[email protected]>
1 parent 92e5efb commit 7993cad

File tree

5 files changed

+92
-0
lines changed

5 files changed

+92
-0
lines changed

.github/workflows/ci-main.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@ jobs:
2525
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
2626
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
2727
JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
28+
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
29+
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
30+
2831
with:
2932
branch: 'main'
3033
verbose: ${{ inputs.verbose == 'true' }}

.github/workflows/common.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,17 @@ on:
3535
GH_ARC_PRIVATE_KEY:
3636
GH_ARC_PAT:
3737
JF_ARTIFACTORY_SPRING:
38+
GPG_PASSPHRASE:
39+
GPG_PRIVATE_KEY:
3840

3941
env:
4042
VERBOSE: ${{ (github.debug || inputs.verbose) && 'true' || '' }}
4143
BRANCH: ${{ inputs.branch }}
4244
MAVEN_THREADS: ${{ inputs.mavenThreads }}
4345
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
4446
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
47+
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
48+
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
4549

4650
jobs:
4751
scan:

applications/stream-applications-core/pom.xml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,29 @@
299299
<version>${nimbus-jose-jwt.version}</version>
300300
</dependency>
301301
</dependencies>
302+
<plugins>
303+
<plugin>
304+
<artifactId>maven-gpg-plugin</artifactId>
305+
<version>3.2.8</version>
306+
<executions>
307+
<execution>
308+
<id>sign-artifacts</id>
309+
<phase>verify</phase>
310+
<goals>
311+
<goal>sign</goal>
312+
</goals>
313+
</execution>
314+
</executions>
315+
<configuration>
316+
<![CDATA[
317+
<gpgArguments>
318+
<arg>--batch</arg>
319+
<arg>--pinentry-mode=loopback</arg>
320+
</gpgArguments>
321+
]]>
322+
</configuration>
323+
</plugin>
324+
</plugins>
302325
</maven>
303326
</application>
304327
<binders>

build-folder.sh

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,8 +156,21 @@ if ((RESULT == 0)); then
156156
# fi
157157
# MVNW="jfrog mvn"
158158
# fi
159+
160+
if [[ "$VERSION" == *"-SNAPSHOT" ]]; then
161+
MAVEN_OPTS="$MAVEN_OPTS -Dgpg.skip=true "
162+
else
163+
check_env MAVEN_GPG_PRIVATE_KEY
164+
check_env MAVEN_GPG_PASSPHRASE
165+
# Prime gpg w/ the expected private key
166+
echo "${MAVEN_GPG_PRIVATE_KEY}" > private.asc
167+
gpg --import --batch --no-tty private.asc
168+
fi
169+
159170
echo -e "Executing:${bold}$MVNW -f "$FOLDER" $MAVEN_OPTS $MVN_THR $MAVEN_GOAL${end}"
171+
160172
$MVNW -f "$FOLDER" -Pfull $MAVEN_OPTS $MVN_THR $MAVEN_GOAL
173+
161174
RESULT=$?
162175
set -e
163176
if ((RESULT != 0)); then

stream-applications-build/pom.xml

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,11 @@
113113
<artifactId>maven-deploy-plugin</artifactId>
114114
<version>3.0.0</version>
115115
</plugin>
116+
<plugin>
117+
<groupId>org.apache.maven.plugins</groupId>
118+
<artifactId>maven-gpg-plugin</artifactId>
119+
<version>3.2.8</version>
120+
</plugin>
116121
<plugin>
117122
<groupId>org.apache.maven.plugins</groupId>
118123
<artifactId>maven-javadoc-plugin</artifactId>
@@ -383,6 +388,28 @@
383388
</profile>
384389
<profile>
385390
<id>milestone</id>
391+
<build>
392+
<plugins>
393+
<plugin>
394+
<artifactId>maven-gpg-plugin</artifactId>
395+
<executions>
396+
<execution>
397+
<id>sign-artifacts</id>
398+
<phase>verify</phase>
399+
<goals>
400+
<goal>sign</goal>
401+
</goals>
402+
</execution>
403+
</executions>
404+
<configuration>
405+
<gpgArguments>
406+
<arg>--batch</arg>
407+
<arg>--pinentry-mode=loopback</arg>
408+
</gpgArguments>
409+
</configuration>
410+
</plugin>
411+
</plugins>
412+
</build>
386413
<distributionManagement>
387414
<repository>
388415
<id>repo.spring.io</id>
@@ -403,6 +430,28 @@
403430
</profile>
404431
<profile>
405432
<id>release</id>
433+
<build>
434+
<plugins>
435+
<plugin>
436+
<artifactId>maven-gpg-plugin</artifactId>
437+
<executions>
438+
<execution>
439+
<id>sign-artifacts</id>
440+
<phase>verify</phase>
441+
<goals>
442+
<goal>sign</goal>
443+
</goals>
444+
</execution>
445+
</executions>
446+
<configuration>
447+
<gpgArguments>
448+
<arg>--batch</arg>
449+
<arg>--pinentry-mode=loopback</arg>
450+
</gpgArguments>
451+
</configuration>
452+
</plugin>
453+
</plugins>
454+
</build>
406455
<distributionManagement>
407456
<repository>
408457
<id>repo.spring.io</id>

0 commit comments

Comments
 (0)