Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a post build stage #739

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Add a post build stage #739

wants to merge 3 commits into from

Conversation

sophia-guo
Copy link
Contributor

@sophia-guo sophia-guo commented Jun 26, 2023

Add sbom sign job in post build stage

Close #610

Depends on adoptium/temurin-build#3404

Signed-off-by: Sophia Guo sophia.gwf@gmail.com

@github-actions
Copy link

Thank you for creating a pull request!

Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work).

Code Quality and Contributing Guidelines

If you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before.

Tests

Github actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post run tests on this PR.
If you are not an admin, please ask for one's attention in #infrastructure on Slack or ping one here.
To run full set of tests, use "run tests"; a subset of tests on specific jdk version, use "run tests quick 11,20"

@sophia-guo sophia-guo marked this pull request as draft June 26, 2023 12:39
tools/post-build/Jenkinsfile Outdated Show resolved Hide resolved
sh label: 'build-sign-sbom', script: '''
JAVA_HOME=/usr/lib/jvm/jdk-17 ant clean
JAVA_HOME=/usr/lib/jvm/jdk-17 ant build-sign-sbom
openssl genpkey -algorithm RSA -pass pass:test -outform PEM -out testPrivateFile -pkeyopt rsa_keygen_bits:2048
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So using a temporary generated key is fine for testing, but will need to use a secure GPG or similar Jenkins stored key ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's for testing. Any final decision like what should we use for signing? @andrew-m-leonard

@sophia-guo sophia-guo self-assigned this Jul 27, 2023
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.

If this pull request needs to be merged during the release cycle then please comment /merge and a PMC member will be able to remove the block.

If the code freeze is over you can remove this block by commenting /thaw.

@karianna
Copy link
Contributor

karianna commented Aug 1, 2023

/thaw

@github-actions github-actions bot dismissed their stale review August 1, 2023 04:18

Pull Request unblocked - code freeze is over.

Add sbom sign job in post build stage

Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
Signed-off-by: Sophia Guo <sophia.gwf@gmail.com>
Copy link
Contributor

@smlambert smlambert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is still in Draft, so I didn't review it yet. Is it ready for review and/or is in plan to bring in ahead of Jan release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: In Progress
Development

Successfully merging this pull request may close these issues.

EPIC: Add a Post-Build job and Sign-SBOM job
4 participants