status-desktop/ci/Jenkinsfile.combined
Jakub Sokołowski 2df6def7f9 ci: add scripts/sign-linux-tarball.sh for GPG signing
Adds `scripts/sign-linux-file.sh` which expectes the following variables set:

* `LINUX_GPG_PRIVATE_KEY_FILE` - Path to the GPG export of private key.
* `LINUX_GPG_PRIVATE_KEY_PASS` - Password necessary to use the private key.

Given a file it creates a file with a `.asc` suffix containing the signature:
```
 > wget -q https://status-im-prs.ams3.digitaloceanspaces.com/StatusIm-210809-104514-156806-pr.tar.gz

 > tar xvf StatusIm-210809-104514-156806-pr.tar.gz
StatusIm-210809-104514-156806-pr.AppImage
StatusIm-210809-104514-156806-pr.AppImage.asc

 > gpg --verify StatusIm-210809-104514-156806-pr.AppImage.asc
gpg: assuming signed data in 'StatusIm-210809-104514-156806-pr.AppImage'
gpg: Signature made Mon 09 Aug 2021 12:54:49 PM CEST using RSA key ID E20B4DFD
gpg: Good signature from "Status.im Devel Signing (GPG key for signing Status.im development builds.) <devel@status.im>" [ultimate]
Primary key fingerprint: BBF0 5F92 536B ED19 30A9  FD44 009F B3BF E20B 4DFD
```

Issue: https://github.com/status-im/infra-ci/issues/25
Requires: https://github.com/status-im/status-jenkins-lib/pull/32

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-08-16 11:21:36 -04:00

88 lines
2.4 KiB
Plaintext

library 'status-jenkins-lib@ci-linux-signing'
pipeline {
agent { label 'linux' }
options {
timestamps()
disableConcurrentBuilds()
/* Prevent Jenkins jobs from running forever */
timeout(time: 35, unit: 'MINUTES')
/* Limit builds retained */
buildDiscarder(logRotator(
numToKeepStr: '10',
daysToKeepStr: '30',
artifactNumToKeepStr: '10',
))
}
parameters {
booleanParam(
name: 'PUBLISH',
description: 'Trigger publishing of build results to GitHub.',
defaultValue: getPublishDefault(params.PUBLISH),
)
}
stages {
stage('Build') {
parallel {
stage('Linux') { steps { script {
linux = jenkins.Build('status-desktop/platforms/linux')
} } }
stage('Windows') { steps { script {
windows = jenkins.Build('status-desktop/platforms/windows')
} } }
stage('MacOS') { steps { script {
macos = jenkins.Build('status-desktop/platforms/macos')
} } }
}
}
stage('Archive') {
steps { script {
sh('rm -f pkg/*')
jenkins.copyArts(linux)
jenkins.copyArts(windows)
jenkins.copyArts(macos)
sha = "pkg/${utils.pkgFilename('sha256')}"
dir('pkg') {
/* generate sha256 checksums for upload */
sh "sha256sum * | tee ../${sha}"
archiveArtifacts('*')
}
} }
}
stage('Upload') {
steps { script {
/* object for easier URLs handling */
urls = [
/* mobile */
Linux: utils.pkgUrl(linux),
Windows: utils.pkgUrl(windows),
MacOS: utils.pkgUrl(macos),
/* upload the sha256 checksums file too */
SHA: s3.uploadArtifact(sha),
]
/* add URLs to the build description */
jenkins.setBuildDesc(urls)
} }
}
stage('Publish') {
when { expression { params.PUBLISH } }
steps { script {
github.publishReleaseFiles(repo: 'status-desktop');
} }
}
}
}
/* Helper that makes PUBLISH default to 'false' unless:
* - The build is for a release branch
* - A user explicitly specified a value
* Since release builds create and re-create GitHub drafts every time. */
def Boolean getPublishDefault(Boolean previousValue) {
if (env.JOB_NAME.startsWith('status-desktop/release')) { return true }
if (previousValue != null) { return previousValue }
return false
}