-
-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a post build stage #739
base: master
Are you sure you want to change the base?
Conversation
Thank you for creating a pull request!Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work). Code Quality and Contributing GuidelinesIf you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before. TestsGithub actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation. In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post |
tools/post-build/Jenkinsfile
Outdated
sh label: 'build-sign-sbom', script: ''' | ||
JAVA_HOME=/usr/lib/jvm/jdk-17 ant clean | ||
JAVA_HOME=/usr/lib/jvm/jdk-17 ant build-sign-sbom | ||
openssl genpkey -algorithm RSA -pass pass:test -outform PEM -out testPrivateFile -pkeyopt rsa_keygen_bits:2048 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So using a temporary generated key is fine for testing, but will need to use a secure GPG or similar Jenkins stored key ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's for testing. Any final decision like what should we use for signing? @andrew-m-leonard
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.
If this pull request needs to be merged during the release cycle then please comment /merge
and a PMC member will be able to remove the block.
If the code freeze is over you can remove this block by commenting /thaw
.
/thaw |
Pull Request unblocked - code freeze is over.
Add sbom sign job in post build stage Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is still in Draft, so I didn't review it yet. Is it ready for review and/or is in plan to bring in ahead of Jan release?
Add sbom sign job in post build stage
Close #610
Depends on adoptium/temurin-build#3404
Signed-off-by: Sophia Guo sophia.gwf@gmail.com