Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SBOM jsf signing to openjdk_build_pipeline.groovy #1131

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

Haroon-Khel
Copy link
Contributor

@Haroon-Khel Haroon-Khel commented Oct 30, 2024

ref adoptium/temurin-build#3946

Code to run the (incomplete) https://ci.adoptium.net/job/build-scripts/job/release/job/sign_temurin_jsf/ job which signs the SBOM using https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/sign_src/TemurinSignSBOM.java

On line 1866 it should archive the temurin-sign-sbom.jar so that it can be used later to sign the SBOM on the eclipse worker node. The artifact should get copied over during the sign_temurin_jsf job

Lines 1057 to 1094 is just the gpgSign() function repeated for the sign_temurin_jsf job

This pr is together with adoptium/temurin-build#4017

Copy link

Thank you for creating a pull request!

Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work).

Code Quality and Contributing Guidelines

If you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before.

Tests

Github actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post run tests on this PR.
If you are not an admin, please ask for one's attention in #infrastructure on Slack or ping one here.
To run full set of tests, use "run tests"; a subset of tests on specific jdk version, use "run tests quick 11,21"

@sophia-guo
Copy link
Contributor

Could this be done at post build stage as initially we tried to do this in post stage but due to the PEM issue it's blocked. i.e, to sign all sbom files at the post stage. https://github.com/adoptium/ci-jenkins-pipelines/pull/739/files

@Haroon-Khel Haroon-Khel marked this pull request as ready for review December 2, 2024 17:36
@karianna
Copy link
Contributor

karianna commented Dec 3, 2024

@Haroon-Khel linter failures

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants