Google Git
Sign in
coral / gke-jenkins / c13dd1b38f87faafb5d0834a054d082f403112c1^! / .
commitc13dd1b38f87faafb5d0834a054d082f403112c1[log] [tgz]
authorJune Tate-Gans <jtgans@google.com>Wed May 27 15:51:45 2020 -0400
committerJune Tate-Gans <jtgans@google.com>Wed May 27 15:51:45 2020 -0400
treea3adff08fb400f4a7f308c13552edbdd55effeed
parenta57144b98649aa93bb4a93d49bf8d4381b786c50 [diff]
Use the proper keyring during a publish.

Change-Id: I879bc68ebb821eb63fe8bc1d1f764a2cb8393657

diff --git a/cicd/pipelines/tasks/task_publish_unstable.jenkins b/cicd/pipelines/tasks/task_publish_unstable.jenkins
index f6b642b..6caebf3 100644
--- a/cicd/pipelines/tasks/task_publish_unstable.jenkins
+++ b/cicd/pipelines/tasks/task_publish_unstable.jenkins

@@ -10,6 +10,10 @@
     return sh(returnStdout: true, script: script)
 }
 
+String getFileContents(filename) {
+    return sh(returnStdout: true, script: "cat ${filename}")
+}
+
 def workspacePath = "/home/jenkins/workspace"
 def buildLabel = "task.publish.unstable-${UUID.randomUUID().toString()}"
 def sourcePath = "${workspacePath}/src"
@@ -25,8 +29,9 @@
                                         privileged: true,
                                         alwaysPullImage: true)
 def aptlyVolume = persistentVolumeClaim(claimName: 'aptly-state', mountPath: '/var/lib/aptly')
+def gpgVolume = secretVolume(secretName: 'mendel-release-credentials', mountPath: '/var/lib/aptly/.gnupg')
 
-podTemplate(label: buildLabel, containers: [jnlpContainer, debianContainer], volumes: [aptlyVolume], envVars: []) {
+podTemplate(label: buildLabel, containers: [jnlpContainer, debianContainer], volumes: [aptlyVolume, gpgVolume], envVars: []) {
     node(buildLabel) {
         dir(sourcePath) {
             container('debian') {
@@ -35,6 +40,7 @@
                     def debianMirrorSnapshotName = getLatestSnapshot('debian-buster')
                     def coreSnapshotName = getLatestSnapshot('core-unstable')
                     def bspSnapshotName  = getLatestSnapshot('enterprise-bsp-unstable')
+                    def keygripId = getFileContents('/var/lib/aptly/.gnupg/keygrip.txt')
 
                     def date = new Date()
                     String stamp = date.format("yyyyMMdd-HHmmss")
@@ -43,8 +49,8 @@
                        cat /etc/aptly.conf
                        mkdir -p /var/lib/aptly/publishes/unstable
                        aptly snapshot merge core-full-unstable-${stamp} ${debianMirrorSnapshotName} ${coreSnapshotName}
-                       aptly publish snapshot --config=/etc/aptly.conf --distribution=unstable core-full-unstable-${stamp} filesystem:unstable:unstable
-                       aptly publish snapshot --config=/etc/aptly.conf --distribution=unstable ${bspSnapshotName} filesystem:unstable:unstable
+                       aptly publish snapshot --config=/etc/aptly.conf --passphrase-file=/var/lib/aptly/.gnupg/passphrase.txt --secret-keyring=release-keyring.gpg --distribution=unstable core-full-unstable-${stamp} filesystem:unstable:unstable
+                       aptly publish snapshot --config=/etc/aptly.conf --passphrase-file=/var/lib/aptly/.gnupg/passphrase.txt --secret-keyring=release-keyring.gpg --distribution=unstable ${bspSnapshotName} filesystem:unstable:unstable
                        """
                 }
             }