mirror of
https://github.com/status-im/status-desktop.git
synced 2025-02-17 17:19:02 +00:00
Jakub Sokołowski
2df6def7f9
Adds `scripts/sign-linux-file.sh` which expectes the following variables set: * `LINUX_GPG_PRIVATE_KEY_FILE` - Path to the GPG export of private key. * `LINUX_GPG_PRIVATE_KEY_PASS` - Password necessary to use the private key. Given a file it creates a file with a `.asc` suffix containing the signature: ``` > wget -q https://status-im-prs.ams3.digitaloceanspaces.com/StatusIm-210809-104514-156806-pr.tar.gz > tar xvf StatusIm-210809-104514-156806-pr.tar.gz StatusIm-210809-104514-156806-pr.AppImage StatusIm-210809-104514-156806-pr.AppImage.asc > gpg --verify StatusIm-210809-104514-156806-pr.AppImage.asc gpg: assuming signed data in 'StatusIm-210809-104514-156806-pr.AppImage' gpg: Signature made Mon 09 Aug 2021 12:54:49 PM CEST using RSA key ID E20B4DFD gpg: Good signature from "Status.im Devel Signing (GPG key for signing Status.im development builds.) <devel@status.im>" [ultimate] Primary key fingerprint: BBF0 5F92 536B ED19 30A9 FD44 009F B3BF E20B 4DFD ``` Issue: https://github.com/status-im/infra-ci/issues/25 Requires: https://github.com/status-im/status-jenkins-lib/pull/32 Signed-off-by: Jakub Sokołowski <jakub@status.im>
88 lines
2.4 KiB
Plaintext
88 lines
2.4 KiB
Plaintext
library 'status-jenkins-lib@ci-linux-signing'
|
|
|
|
pipeline {
|
|
agent { label 'linux' }
|
|
|
|
options {
|
|
timestamps()
|
|
disableConcurrentBuilds()
|
|
/* Prevent Jenkins jobs from running forever */
|
|
timeout(time: 35, unit: 'MINUTES')
|
|
/* Limit builds retained */
|
|
buildDiscarder(logRotator(
|
|
numToKeepStr: '10',
|
|
daysToKeepStr: '30',
|
|
artifactNumToKeepStr: '10',
|
|
))
|
|
}
|
|
|
|
parameters {
|
|
booleanParam(
|
|
name: 'PUBLISH',
|
|
description: 'Trigger publishing of build results to GitHub.',
|
|
defaultValue: getPublishDefault(params.PUBLISH),
|
|
)
|
|
}
|
|
|
|
stages {
|
|
stage('Build') {
|
|
parallel {
|
|
stage('Linux') { steps { script {
|
|
linux = jenkins.Build('status-desktop/platforms/linux')
|
|
} } }
|
|
stage('Windows') { steps { script {
|
|
windows = jenkins.Build('status-desktop/platforms/windows')
|
|
} } }
|
|
stage('MacOS') { steps { script {
|
|
macos = jenkins.Build('status-desktop/platforms/macos')
|
|
} } }
|
|
}
|
|
}
|
|
stage('Archive') {
|
|
steps { script {
|
|
sh('rm -f pkg/*')
|
|
jenkins.copyArts(linux)
|
|
jenkins.copyArts(windows)
|
|
jenkins.copyArts(macos)
|
|
sha = "pkg/${utils.pkgFilename('sha256')}"
|
|
dir('pkg') {
|
|
/* generate sha256 checksums for upload */
|
|
sh "sha256sum * | tee ../${sha}"
|
|
archiveArtifacts('*')
|
|
}
|
|
} }
|
|
}
|
|
stage('Upload') {
|
|
steps { script {
|
|
/* object for easier URLs handling */
|
|
urls = [
|
|
/* mobile */
|
|
Linux: utils.pkgUrl(linux),
|
|
Windows: utils.pkgUrl(windows),
|
|
MacOS: utils.pkgUrl(macos),
|
|
/* upload the sha256 checksums file too */
|
|
SHA: s3.uploadArtifact(sha),
|
|
]
|
|
/* add URLs to the build description */
|
|
jenkins.setBuildDesc(urls)
|
|
} }
|
|
}
|
|
stage('Publish') {
|
|
when { expression { params.PUBLISH } }
|
|
steps { script {
|
|
github.publishReleaseFiles(repo: 'status-desktop');
|
|
} }
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Helper that makes PUBLISH default to 'false' unless:
|
|
* - The build is for a release branch
|
|
* - A user explicitly specified a value
|
|
* Since release builds create and re-create GitHub drafts every time. */
|
|
def Boolean getPublishDefault(Boolean previousValue) {
|
|
if (env.JOB_NAME.startsWith('status-desktop/release')) { return true }
|
|
if (previousValue != null) { return previousValue }
|
|
return false
|
|
}
|