diff --git a/Jenkinsfile b/Jenkinsfile index 9404c99b2a..3821eeea4f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -28,12 +28,12 @@ spec: - name: jnlp image: 'eclipsecbi/jenkins-jnlp-agent' volumeMounts: - - mountPath: /home/jenkins/.ssh - name: volume-known-hosts + - mountPath: "/home/jenkins" + name: "jenkins-home" + readOnly: false volumes: - - configMap: - name: known-hosts - name: volume-known-hosts + - name: "jenkins-home" + emptyDir: {} """ } } @@ -54,12 +54,20 @@ spec: } } } + stage('initialize PGP') { + steps { + withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) { + sh 'gpg --batch --import "${KEYRING}"' + sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done' + } + } + } stage('Build') { steps { container('container') { - withCredentials([string(credentialsId: "${GITHUB_API_CREDENTIALS_ID}", variable: 'GITHUB_API_TOKEN')]) { + withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) { wrap([$class: 'Xvnc', useXauthority: true]) { - sh """mvn clean verify -B -fae -Dtycho.disableP2Mirrors=true -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" """ + sh """mvn clean verify -B -fae -Ddownload.cache.skip=true -Dmaven.test.error.ignore=true -Dmaven.test.failure.ignore=true -Psign -Dmaven.repo.local=$WORKSPACE/.m2/repository -Dgithub.api.token="${GITHUB_API_TOKEN}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" """ } } } diff --git a/repository/pom.xml b/repository/pom.xml index 4851fcd16a..c0c52c912e 100644 --- a/repository/pom.xml +++ b/repository/pom.xml @@ -41,4 +41,30 @@ + + + sign + + + + org.eclipse.tycho + tycho-gpg-plugin + ${tycho-version} + + + pgpsigner + + sign-p2-artifacts + + + 9BC06FC97ED4ED26 + true + + + + + + + +