diff --git a/tests/jenkins/TestPublishToMaven.groovy b/tests/jenkins/TestPublishToMaven.groovy index 4ffa4c459..136b9c1b8 100644 --- a/tests/jenkins/TestPublishToMaven.groovy +++ b/tests/jenkins/TestPublishToMaven.groovy @@ -27,7 +27,7 @@ class TestPublishToMaven extends BuildPipelineTest { def release_sh = getCommands('sh', 'stage-maven-release.sh') assertThat(signing, hasItem('{artifactPath=/path/to/signing, type=maven, platform=linux, sigtype=.asc}')) - assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n workspace/sign.sh /path/to/signing --type=maven --platform=linux --sigtype=.asc\n ')) + assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n workspace/sign.sh /path/to/signing --type maven --platform linux --sigtype .asc\n ')) assertThat(release_sh, hasItem('./stage-maven-release.sh /path/to/maven/artifacts true')) assertThat(release_sh, hasItem('chmod a+x ./stage-maven-release.sh')) @@ -45,7 +45,7 @@ class TestPublishToMaven extends BuildPipelineTest { def release_sh = getCommands('sh', 'stage-maven-release.sh') assertThat(signing, hasItem('{artifactPath=/path/to/signing/manifest.yml, type=maven, platform=linux, sigtype=.asc}')) - assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n workspace/sign.sh /path/to/signing/manifest.yml --type=maven --platform=linux --sigtype=.asc\n ')) + assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n workspace/sign.sh /path/to/signing/manifest.yml --type maven --platform linux --sigtype .asc\n ')) assertThat(release_sh, hasItem('./stage-maven-release.sh /path/to/maven/artifacts false')) assertThat(release_sh, hasItem('chmod a+x ./stage-maven-release.sh')) } diff --git a/tests/jenkins/TestPublishToPyPi.groovy b/tests/jenkins/TestPublishToPyPi.groovy index 979c1a915..ab2f7a0cd 100644 --- a/tests/jenkins/TestPublishToPyPi.groovy +++ b/tests/jenkins/TestPublishToPyPi.groovy @@ -31,7 +31,7 @@ class TestPublishToPyPi extends BuildPipelineTest { def signing = getCommands('signArtifacts', '') def signing_sh = getCommands('sh', 'sign.sh') assertThat(signing, hasItem('{artifactPath=/tmp/workspace/dist, sigtype=.asc, platform=linux}')) - assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n /tmp/workspace/sign.sh /tmp/workspace/dist --sigtype=.asc --platform=linux\n ')) + assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n /tmp/workspace/sign.sh /tmp/workspace/dist --sigtype .asc --platform linux\n ')) } @Test @@ -48,7 +48,7 @@ class TestPublishToPyPi extends BuildPipelineTest { assertThat(signing, hasItem('{artifactPath=/tmp/workspace/test, sigtype=.asc, platform=linux}')) def signing_sh = getCommands('sh', 'sign.sh') - assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n /tmp/workspace/sign.sh /tmp/workspace/test --sigtype=.asc --platform=linux\n ')) + assertThat(signing_sh, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n /tmp/workspace/sign.sh /tmp/workspace/test --sigtype .asc --platform linux\n ')) } def getCommands(method, text) { diff --git a/tests/jenkins/TestSignArtifacts.groovy b/tests/jenkins/TestSignArtifacts.groovy index e013298c8..479a74f64 100644 --- a/tests/jenkins/TestSignArtifacts.groovy +++ b/tests/jenkins/TestSignArtifacts.groovy @@ -9,7 +9,11 @@ import jenkins.tests.BuildPipelineTest -import org.junit.* +import static com.lesfurets.jenkins.unit.MethodCall.callArgsToString +import static org.hamcrest.CoreMatchers.hasItem +import static org.hamcrest.MatcherAssert.assertThat +import org.junit.Before +import org.junit.Test class TestSignArtifacts extends BuildPipelineTest { @@ -18,8 +22,9 @@ class TestSignArtifacts extends BuildPipelineTest { void setUp() { this.registerLibTester(new SignArtifactsLibTester('.sig', 'linux', "${this.workspace}/artifacts", null, null)) - this.registerLibTester(new SignArtifactsLibTester('.rpm', 'linux', "${this.workspace}/artifacts", 'null', null)) + this.registerLibTester(new SignArtifactsLibTester('.rpm', 'linux', "${this.workspace}/artifacts", 'null', null, false)) this.registerLibTester(new SignArtifactsLibTester(null, 'linux', "${this.workspace}/file.yml", 'maven', null)) + this.registerLibTester(new SignArtifactsLibTester(null, 'windows', "${this.workspace}/the_msi.msi", null, null, true)) super.setUp() } @@ -27,4 +32,31 @@ class TestSignArtifacts extends BuildPipelineTest { void testSignArtifacts() { super.testPipeline("tests/jenkins/jobs/SignArtifacts_Jenkinsfile") } + + @Test + void 'verify shell commands'() { + runScript('tests/jenkins/jobs/SignArtifacts_Jenkinsfile') + + def signCommands = getShellCommands('sign.sh') + assertThat(signCommands, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_CLIENT_ROLE\n export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET\n\n /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype .sig --platform linux\n ')) + } + + @Test + void 'verify_overwrite'(){ + runScript('tests/jenkins/jobs/SignArtifacts_Jenkinsfile') + + def signCommands = getShellCommands('sign.sh') + assertThat(signCommands, hasItem('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_WINDOWS_ROLE\n export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET\n export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER\n export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER\n\n /tmp/workspace/sign.sh /tmp/workspace/the_msi.msi --platform windows --overwrite \n ')) + } + + def getShellCommands(matchstring) { + def shCommands = helper.callStack.findAll { call -> + call.methodName == 'sh' + }.collect { call -> + callArgsToString(call) + }.findAll { command -> + command.contains(matchstring) + } + return shCommands + } } diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt index 31d3f36c5..af9d5010c 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/core/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/builds/opensearch/dist/, includePathPattern=**/opensearch-min-2.0.0-rc1-linux-x64*}) @@ -89,7 +89,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/rpm/vars-build/2.0.0-rc1/33/linux/x64/rpm/dist/opensearch/, includePathPattern=**/opensearch-2.0.0-rc1-linux-x64*}) @@ -126,7 +126,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/deb/vars-build/2.0.0-rc1/33/linux/x64/deb/dist/opensearch/, includePathPattern=**/opensearch-2.0.0-rc1-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt index 638cfa589..662a0c9e1 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/zip/vars-build/2.0.0-rc1/33/windows/x64/zip/dist/opensearch/, includePathPattern=**/opensearch-2.0.0-rc1-windows-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt index 94d064ed8..efc252f3a 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/core/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/builds/opensearch-dashboards/dist/, includePathPattern=**/opensearch-dashboards-min-2.0.0-rc1-linux-x64*}) @@ -89,7 +89,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/rpm/vars-build/2.0.0-rc1/33/linux/x64/rpm/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-2.0.0-rc1-linux-x64*}) @@ -126,7 +126,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/deb/vars-build/2.0.0-rc1/33/linux/x64/deb/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-2.0.0-rc1-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt index dcc7e0ae5..92134fe48 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/zip/vars-build/2.0.0-rc1/33/windows/x64/zip/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-2.0.0-rc1-windows-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt index 7676024ff..aa79b29e4 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt @@ -54,7 +54,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins --sigtype .sig ) promoteArtifacts.println(Signing Core/Bundle Artifacts) promoteArtifacts.findFiles({glob=**/opensearch-min-1.3.0*.tar*,**/opensearch-1.3.0*.tar*}) @@ -83,7 +83,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/plugins/discovery-ec2/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins/, includePathPattern=**/discovery-ec2*}) @@ -141,7 +141,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/1.3.0/, workingDir=tests/jenkins/artifacts/rpm/vars-build/1.3.0/33/linux/x64/rpm/dist/opensearch/, includePathPattern=**/opensearch-1.3.0-linux-x64*}) @@ -178,7 +178,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/1.3.0/, workingDir=tests/jenkins/artifacts/deb/vars-build/1.3.0/33/linux/x64/deb/dist/opensearch/, includePathPattern=**/opensearch-1.3.0-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt index 31bb8a83c..de4c14518 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch/1.3.0/, workingDir=tests/jenkins/artifacts/zip/vars-build/1.3.0/33/windows/x64/zip/dist/opensearch/, includePathPattern=**/opensearch-1.3.0-windows-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt index a76bd614a..021a37db9 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/core/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch-dashboards/dist/, includePathPattern=**/opensearch-dashboards-min-1.3.0-linux-x64*}) @@ -89,7 +89,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/rpm/vars-build/1.3.0/33/linux/x64/rpm/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-1.3.0-linux-x64*}) @@ -126,7 +126,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/deb/vars-build/1.3.0/33/linux/x64/deb/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-1.3.0-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt index 963271ee6..679693172 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt @@ -51,7 +51,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype .sig ) promoteArtifacts.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=ARTIFACT_PRODUCTION_BUCKET_NAME, path=releases/bundle/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/zip/vars-build/1.3.0/33/windows/x64/zip/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-1.3.0-windows-x64*}) diff --git a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt index 211f47c0b..e223c98bb 100644 --- a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt @@ -62,7 +62,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - /tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype=.sig --platform=linux + /tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype .sig --platform linux ) promoteYumRepos.sh( set -e diff --git a/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt index f829d5791..4ffead461 100644 --- a/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt @@ -219,7 +219,7 @@ fi export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - workspace/sign.sh /path/to/signing/manifest.yml --type=maven --platform=linux --sigtype=.asc + workspace/sign.sh /path/to/signing/manifest.yml --type maven --platform linux --sigtype .asc ) publishToMaven.usernamePassword({credentialsId=jenkins-sonatype-creds, usernameVariable=SONATYPE_USERNAME, passwordVariable=SONATYPE_PASSWORD}) publishToMaven.withCredentials([[SONATYPE_USERNAME, SONATYPE_PASSWORD]], groovy.lang.Closure) diff --git a/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt index 9ee595e79..c66d587a7 100644 --- a/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt @@ -219,7 +219,7 @@ fi export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - workspace/sign.sh /path/to/signing --type=maven --platform=linux --sigtype=.asc + workspace/sign.sh /path/to/signing --type maven --platform linux --sigtype .asc ) publishToMaven.usernamePassword({credentialsId=jenkins-sonatype-creds, usernameVariable=SONATYPE_USERNAME, passwordVariable=SONATYPE_PASSWORD}) publishToMaven.withCredentials([[SONATYPE_USERNAME, SONATYPE_PASSWORD]], groovy.lang.Closure) diff --git a/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt index 3d86fea70..0339144fb 100644 --- a/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt @@ -25,7 +25,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - /tmp/workspace/sign.sh /tmp/workspace/test --sigtype=.asc --platform=linux + /tmp/workspace/sign.sh /tmp/workspace/test --sigtype .asc --platform linux ) publishToPyPi.usernamePassword({credentialsId=pypi-token, usernameVariable=TWINE_USERNAME, passwordVariable=TWINE_PASSWORD}) publishToPyPi.withCredentials([[TWINE_USERNAME, TWINE_PASSWORD]], groovy.lang.Closure) diff --git a/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt index 552c90f18..e8c9b141b 100644 --- a/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt @@ -25,7 +25,7 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - /tmp/workspace/sign.sh /tmp/workspace/dist --sigtype=.asc --platform=linux + /tmp/workspace/sign.sh /tmp/workspace/dist --sigtype .asc --platform linux ) publishToPyPi.usernamePassword({credentialsId=pypi-token, usernameVariable=TWINE_USERNAME, passwordVariable=TWINE_PASSWORD}) publishToPyPi.withCredentials([[TWINE_USERNAME, TWINE_PASSWORD]], groovy.lang.Closure) diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile index 5fd7e99c8..b68387b70 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile @@ -22,14 +22,21 @@ pipeline { signArtifacts( artifactPath: "${WORKSPACE}/artifacts", sigtype: '.rpm', - platform: 'linux' + platform: 'linux', + overwrite: false ) signArtifacts( artifactPath: "${WORKSPACE}/file.yml", platform: 'linux', - type: 'maven' + type: 'maven', ) + + signArtifacts( + artifactPath: "${WORKSPACE}/the_msi.msi", + platform: 'windows', + overwrite: true + ) } } } diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt index 6ef8ada6f..d6c0911e0 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt @@ -22,9 +22,9 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux + /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype .sig --platform linux ) - SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/artifacts, sigtype=.rpm, platform=linux}) + SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/artifacts, sigtype=.rpm, platform=linux, overwrite=false}) signArtifacts.string({credentialsId=jenkins-rpm-signing-account-number, variable=RPM_SIGNING_ACCOUNT_NUMBER}) signArtifacts.string({credentialsId=jenkins-rpm-signing-passphrase-secrets-arn, variable=RPM_SIGNING_PASSPHRASE_SECRETS_ARN}) signArtifacts.string({credentialsId=jenkins-rpm-signing-secret-key-secrets-arn, variable=RPM_SIGNING_SECRET_KEY_ID_SECRETS_ARN}) @@ -123,5 +123,30 @@ export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET - /tmp/workspace/sign.sh /tmp/workspace/file.yml --platform=linux --type=maven + /tmp/workspace/sign.sh /tmp/workspace/file.yml --platform linux --type maven + ) + SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/the_msi.msi, platform=windows, overwrite=true}) + signArtifacts.echo(PGP or Windows Signature Signing) + signArtifacts.fileExists(/tmp/workspace/sign.sh) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.string({credentialsId=jenkins-signer-windows-role, variable=SIGNER_WINDOWS_ROLE}) + signArtifacts.string({credentialsId=jenkins-signer-windows-external-id, variable=SIGNER_WINDOWS_EXTERNAL_ID}) + signArtifacts.string({credentialsId=jenkins-signer-windows-unsigned-bucket, variable=SIGNER_WINDOWS_UNSIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-signed-bucket, variable=SIGNER_WINDOWS_SIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-profile-identifier, variable=SIGNER_WINDOWS_PROFILE_IDENTIFIER}) + signArtifacts.string({credentialsId=jenkins-signer-windows-platform-identifier, variable=SIGNER_WINDOWS_PLATFORM_IDENTIFIER}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], SIGNER_WINDOWS_ROLE, SIGNER_WINDOWS_EXTERNAL_ID, SIGNER_WINDOWS_UNSIGNED_BUCKET, SIGNER_WINDOWS_SIGNED_BUCKET, SIGNER_WINDOWS_PROFILE_IDENTIFIER, SIGNER_WINDOWS_PLATFORM_IDENTIFIER], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=SIGNER_WINDOWS_ROLE + export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID + export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET + export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET + export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER + export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER + + /tmp/workspace/sign.sh /tmp/workspace/the_msi.msi --platform windows --overwrite ) diff --git a/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy b/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy index 6195f0c9c..10071d388 100644 --- a/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy +++ b/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy @@ -16,6 +16,8 @@ class SignArtifactsLibTester extends LibFunctionTester { private String artifactPath private String type private String component + private boolean overwrite + public SignArtifactsLibTester(sigtype, platform, artifactPath, type, component) { this.sigtype = sigtype @@ -25,6 +27,15 @@ class SignArtifactsLibTester extends LibFunctionTester { this.component = component } + public SignArtifactsLibTester(sigtype, platform, artifactPath, type, component, overwrite) { + this.sigtype = sigtype + this.platform = platform + this.artifactPath = artifactPath + this.type = type + this.component = component + this.overwrite = overwrite + } + void configure(helper, binding) { binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') helper.registerAllowedMethod('git', [Map]) @@ -43,8 +54,6 @@ class SignArtifactsLibTester extends LibFunctionTester { assertThat(call.args.platform.first(), notNullValue()) if (call.args.artifactPath.first().toString().endsWith('.yml')) { assertThat(call.args.type.first(), notNullValue()) - } else if (call.args.type.first() != 'maven') { - assertThat(call.args.sigtype.first(), notNullValue()) } } @@ -55,8 +64,7 @@ class SignArtifactsLibTester extends LibFunctionTester { && call.args.type.first().toString().equals(this.type) && (call.args.component.first() == null || call.args.component.first().toString().equals(this.component)) } else { - return call.args.sigtype.first().toString().equals(this.sigtype) - && call.args.platform.first().toString().equals(this.platform) + return call.args.platform.first().toString().equals(this.platform) && call.args.artifactPath.first().toString().equals(this.artifactPath) } } diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index 60e0f4a04..2740c37a0 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -10,10 +10,11 @@ /** SignArtifacts signs the given artifacts and saves the signature in the same directory @param Map[artifactPath] - Path to yml or artifact file. +@param Map[platform] - The distribution platform for signing. @param Map[component] - Path to yml or artifact file. @param Map[type] - Artifact type in the manifest, [type] is required for signing yml. @param Map[sigtype] - The signature type of signing artifacts. e.g. '.sig'. Required for non-yml artifacts signing. -@param Map[platform] - The distribution platform for signing. +@param Map[overwrite] - Allow output artifacts to overwrite the existing artifacts. Defaults to False */ void call(Map args = [:]) { if (args.sigtype.equals('.rpm')) { @@ -158,8 +159,15 @@ String generateArguments(args) { String artifactPath = args.remove('artifactPath') // artifactPath is mandatory and the first argument String arguments = artifactPath + + // overwrite does not take an argument so removing it + if (args['overwrite'] == true) { + args['overwrite'] = '' + } else { + args.remove('overwrite') + } // generation command line arguments - args.each { key, value -> arguments += " --${key }=${value }" } + args.each { key, value -> arguments += " --${key } ${value }" } return arguments }