From 5129326d01c6f1f69ed7ea281123ecd0c27c38e7 Mon Sep 17 00:00:00 2001 From: Zelin Hao Date: Tue, 28 Jun 2022 14:03:26 -0700 Subject: [PATCH] Fix the python tests and combine credentials Signed-off-by: Zelin Hao --- ...data-prepper-all-artifacts.jenkinsfile.txt | 62 ++++++------- .../maven-sign-release.jenkinsfile.txt | 31 +++---- .../sign-standalone-artifacts.jenkinsfile.txt | 31 +++---- ...ArtifactsQualifier_actions_Jenkinsfile.txt | 62 ++++++------- ...ions_OpenSearch_Dashboards_Jenkinsfile.txt | 62 ++++++------- .../PromoteArtifacts_actions_Jenkinsfile.txt | 93 +++++++++---------- ...ions_OpenSearch_Dashboards_Jenkinsfile.txt | 62 ++++++------- .../jobs/PromoteYumRepos_Jenkinsfile.txt | 31 +++---- .../jobs/SignArtifacts_Jenkinsfile.txt | 62 ++++++------- .../test_signer_windows.py | 7 +- vars/signArtifacts.groovy | 46 ++++----- 11 files changed, 266 insertions(+), 283 deletions(-) diff --git a/tests/jenkins/jenkinsjob-regression-files/data-prepper/release-data-prepper-all-artifacts.jenkinsfile.txt b/tests/jenkins/jenkinsjob-regression-files/data-prepper/release-data-prepper-all-artifacts.jenkinsfile.txt index d232e9a1f4..a25c1a3973 100644 --- a/tests/jenkins/jenkinsjob-regression-files/data-prepper/release-data-prepper-all-artifacts.jenkinsfile.txt +++ b/tests/jenkins/jenkinsjob-regression-files/data-prepper/release-data-prepper-all-artifacts.jenkinsfile.txt @@ -17,22 +17,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/archive --sigtype=.sig --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/archive --sigtype=.sig --platform=linux + ) release-data-prepper-all-artifacts.stage(Release Archives to Production Distribution Bucket, groovy.lang.Closure) release-data-prepper-all-artifacts.script(groovy.lang.Closure) release-data-prepper-all-artifacts.withAWS({role=production-role-name, roleAccount=aws-account-artifact, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) @@ -94,22 +93,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/maven --type=maven --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/maven --type=maven --platform=linux + ) release-data-prepper-all-artifacts.stage(Upload Artifacts to Sonatype, groovy.lang.Closure) release-data-prepper-all-artifacts.script(groovy.lang.Closure) release-data-prepper-all-artifacts.usernamePassword({credentialsId=Sonatype, usernameVariable=SONATYPE_USERNAME, passwordVariable=SONATYPE_PASSWORD}) diff --git a/tests/jenkins/jenkinsjob-regression-files/maven-sign-release/maven-sign-release.jenkinsfile.txt b/tests/jenkins/jenkinsjob-regression-files/maven-sign-release/maven-sign-release.jenkinsfile.txt index cda473472c..d761d0171a 100644 --- a/tests/jenkins/jenkinsjob-regression-files/maven-sign-release/maven-sign-release.jenkinsfile.txt +++ b/tests/jenkins/jenkinsjob-regression-files/maven-sign-release/maven-sign-release.jenkinsfile.txt @@ -16,22 +16,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/artifacts/distribution-build-opensearch/1.0.0/123/linux/x64/builds/opensearch/manifest.yml --type=maven --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/artifacts/distribution-build-opensearch/1.0.0/123/linux/x64/builds/opensearch/manifest.yml --type=maven --platform=linux + ) maven-sign-release.stage(stage maven artifacts, groovy.lang.Closure) maven-sign-release.script(groovy.lang.Closure) maven-sign-release.usernamePassword({credentialsId=Sonatype, usernameVariable=SONATYPE_USERNAME, passwordVariable=SONATYPE_PASSWORD}) diff --git a/tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts/sign-standalone-artifacts.jenkinsfile.txt b/tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts/sign-standalone-artifacts.jenkinsfile.txt index 246be41fa9..65403a3b7c 100644 --- a/tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts/sign-standalone-artifacts.jenkinsfile.txt +++ b/tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts/sign-standalone-artifacts.jenkinsfile.txt @@ -14,22 +14,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux + ) sign-standalone-artifacts.uploadToS3({sourcePath=/tmp/workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) uploadToS3.string({credentialsId=jenkins-aws-account-public, variable=AWS_ACCOUNT_PUBLIC}) uploadToS3.withCredentials([AWS_ACCOUNT_PUBLIC], groovy.lang.Closure) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt index 2bdf958795..e440d20a68 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt @@ -29,22 +29,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/core/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/builds/opensearch/dist/, includePathPattern=**/opensearch-min-2.0.0-rc1-linux-x64*}) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/dist/opensearch/, includePathPattern=**/opensearch-2.0.0-rc1-linux-x64*}) @@ -65,21 +64,20 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/rpm/vars-build/2.0.0-rc1/33/linux/x64/rpm/dist/opensearch/, includePathPattern=**/opensearch-2.0.0-rc1-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt index 6c64f73222..302b226eb4 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -29,22 +29,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/core/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/builds/opensearch-dashboards/dist/, includePathPattern=**/opensearch-dashboards-min-2.0.0-rc1-linux-x64*}) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/tar/vars-build/2.0.0-rc1/33/linux/x64/tar/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-2.0.0-rc1-linux-x64*}) @@ -65,21 +64,20 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch-dashboards/2.0.0-rc1/, workingDir=tests/jenkins/artifacts/rpm/vars-build/2.0.0-rc1/33/linux/x64/rpm/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-2.0.0-rc1-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt index 59c6c893c9..bed154332c 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt @@ -32,22 +32,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins --sigtype=.sig + ) promoteArtifacts.findFiles({glob=**/opensearch-min-1.3.0*.tar*,**/opensearch-1.3.0*.tar*}) promoteArtifacts.getPath() createSha512Checksums.sh({script=find tests/jenkins/tests/jenkins/file/found.zip -type f, returnStdout=true}) @@ -61,22 +60,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/plugins/discovery-ec2/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins/, includePathPattern=**/discovery-ec2*}) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/plugins/transport-nio/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins/, includePathPattern=**/transport-nio*}) @@ -117,21 +115,20 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch/1.3.0/, workingDir=tests/jenkins/artifacts/rpm/vars-build/1.3.0/33/linux/x64/rpm/dist/opensearch/, includePathPattern=**/opensearch-1.3.0-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt index 267281e5d2..a061f354b7 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -29,22 +29,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/core/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch-dashboards/dist/, includePathPattern=**/opensearch-dashboards-min-1.3.0-linux-x64*}) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-1.3.0-linux-x64*}) @@ -65,21 +64,20 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + tests/jenkins/sign.sh tests/jenkins/tests/jenkins/file/found.zip --sigtype=.sig + ) promoteArtifacts.withAWS({role=artifactPromotionRole, roleAccount=artifactsAccount, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) promoteArtifacts.s3Upload({bucket=prod-bucket-name, path=releases/bundle/opensearch-dashboards/1.3.0/, workingDir=tests/jenkins/artifacts/rpm/vars-build/1.3.0/33/linux/x64/rpm/dist/opensearch-dashboards/, includePathPattern=**/opensearch-dashboards-1.3.0-linux-x64*}) diff --git a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt index 274a019532..a4a9c06570 100644 --- a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt @@ -45,22 +45,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype=.sig --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype=.sig --platform=linux + ) promoteYumRepos.sh( set -e set +x diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt index 1120e42306..efbf850428 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt @@ -9,22 +9,21 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux + ) SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/artifacts, sigtype=.rpm, platform=linux}) signArtifacts.echo(RPM Add Sign) signArtifacts.withAWS({role=sign_asm_role, roleAccount=sign_asm_account, duration=900, roleSessionName=jenkins-signing-session}, groovy.lang.Closure) @@ -109,19 +108,18 @@ signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) - signArtifacts.withCredentials([configs], groovy.lang.Closure) - signArtifacts.readJSON({text=configs}) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_role - export EXTERNAL_ID=dummy_ID - export UNSIGNED_BUCKET=dummy_unsigned_bucket - export SIGNED_BUCKET=dummy_signed_bucket - export PROFILE_IDENTIFIER=null - export PLATFORM_IDENTIFIER=null - - /tmp/workspace/sign.sh /tmp/workspace/file.yml --platform=linux --type=maven - ) + signArtifacts.string({credentialsId=signer-pgp-config, variable=configs}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], configs], groovy.lang.Closure) + signArtifacts.readJSON({text=configs}) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_role + export EXTERNAL_ID=dummy_ID + export UNSIGNED_BUCKET=dummy_unsigned_bucket + export SIGNED_BUCKET=dummy_signed_bucket + export PROFILE_IDENTIFIER=null + export PLATFORM_IDENTIFIER=null + + /tmp/workspace/sign.sh /tmp/workspace/file.yml --platform=linux --type=maven + ) diff --git a/tests/tests_sign_workflow/test_signer_windows.py b/tests/tests_sign_workflow/test_signer_windows.py index a42b956cdf..4fc39b230f 100644 --- a/tests/tests_sign_workflow/test_signer_windows.py +++ b/tests/tests_sign_workflow/test_signer_windows.py @@ -1,4 +1,3 @@ -import os import unittest from pathlib import Path from unittest.mock import MagicMock, Mock, call, patch @@ -39,10 +38,10 @@ def test_accepted_file_types(self, git_repo: Mock) -> None: self.assertEqual(signer.sign.call_args_list, expected) @patch("sign_workflow.signer.GitRepository") - def test_signer_sign(self, mock_repo: Mock) -> None: + @patch('os.rename') + @patch('os.mkdir') + def test_signer_sign(self, mock_os_mkdir: Mock, mock_os_rename: Mock, mock_repo: Mock) -> None: signer = SignerWindows() - os.mkdir = MagicMock() - os.rename = MagicMock() signer.sign("the-msi.msi", Path("/path/"), ".asc") mock_repo.assert_has_calls( [call().execute("./opensearch-signer-client -i /path/the-msi.msi -o /path/signed_the-msi.msi -p windows")]) diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index 738e19ce75..af8c2ed991 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -110,29 +110,29 @@ void call(Map args = [:]) { String arguments = generateArguments(args) // Sign artifacts - withCredentials([usernamePassword(credentialsId: "${GITHUB_BOT_TOKEN_NAME}", usernameVariable: 'GITHUB_USER', passwordVariable: 'GITHUB_TOKEN')]) { - def configSecret = args.platform == "windows" ? "signer-windows-config" : "signer-pgp-config" - withCredentials([string(credentialsId: configSecret, variable: 'configs')]) { - def creds = readJSON(text: configs) - def ROLE = creds['role'] - def EXTERNAL_ID = creds['external_id'] - def UNSIGNED_BUCKET = creds['unsigned_bucket'] - def SIGNED_BUCKET = creds['signed_bucket'] - def PROFILE_IDENTIFIER = creds['profile_identifier'] - def PLATFORM_IDENTIFIER = creds['platform_identifier'] - sh """ - #!/bin/bash - set +x - export ROLE=$ROLE - export EXTERNAL_ID=$EXTERNAL_ID - export UNSIGNED_BUCKET=$UNSIGNED_BUCKET - export SIGNED_BUCKET=$SIGNED_BUCKET - export PROFILE_IDENTIFIER=$PROFILE_IDENTIFIER - export PLATFORM_IDENTIFIER=$PLATFORM_IDENTIFIER - - $WORKSPACE/sign.sh ${arguments} - """ - } + def configSecret = args.platform == "windows" ? "signer-windows-config" : "signer-pgp-config" + withCredentials([usernamePassword(credentialsId: "${GITHUB_BOT_TOKEN_NAME}", usernameVariable: 'GITHUB_USER', passwordVariable: 'GITHUB_TOKEN'), + string(credentialsId: configSecret, variable: 'configs')]) { + def creds = readJSON(text: configs) + def ROLE = creds['role'] + def EXTERNAL_ID = creds['external_id'] + def UNSIGNED_BUCKET = creds['unsigned_bucket'] + def SIGNED_BUCKET = creds['signed_bucket'] + def PROFILE_IDENTIFIER = creds['profile_identifier'] + def PLATFORM_IDENTIFIER = creds['platform_identifier'] + sh """ + #!/bin/bash + set +x + export ROLE=$ROLE + export EXTERNAL_ID=$EXTERNAL_ID + export UNSIGNED_BUCKET=$UNSIGNED_BUCKET + export SIGNED_BUCKET=$SIGNED_BUCKET + export PROFILE_IDENTIFIER=$PROFILE_IDENTIFIER + export PLATFORM_IDENTIFIER=$PLATFORM_IDENTIFIER + + $WORKSPACE/sign.sh ${arguments} + """ + } } }