From 10a90afed819fdb76ebde4848a516cfb0740c721 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Fri, 7 Jan 2022 15:37:56 -0800 Subject: [PATCH 1/8] importing the key outside of if condition Signed-off-by: Abhinav Gupta --- vars/signArtifacts.groovy | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index 8a1fe77933..9cd26b55f6 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -30,8 +30,9 @@ void call(Map args = [:]) { } void importPGPKey(){ + keyPath = "$WORKSPACE/opensearch.pgp" if( !fileExists("$WORKSPACE/opensearch.pgp")) { - sh("curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o $WORKSPACE/opensearch.pgp") - sh("gpg --import $WORKSPACE/opensearch.pgp") + sh("curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o ${keyPath}") } + sh("gpg --import ${keyPath}") } From 624003f05b692a0d9092488b12058cef41ab5de3 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Sat, 8 Jan 2022 02:14:31 -0800 Subject: [PATCH 2/8] added test cases for pgp and sign-artifacts job Signed-off-by: Abhinav Gupta --- ... => sign-standalone-artifacts.jenkinsfile} | 0 .../sign-standalone-artifacts.jenkinsfile.txt | 34 +++++++++++ tests/jenkins/TestSignArtifacts.groovy | 12 ++++ tests/jenkins/jobs/SignArtifacts_Jenkinsfile | 57 ------------------- .../jobs/SignArtifacts_Jenkinsfile.txt | 6 -- .../jobs/SignArtifacts_WithPGP_Jenkinsfile | 16 ++++++ .../SignArtifacts_WithPGP_Jenkinsfile.txt | 22 +++++++ vars/signArtifacts.groovy | 2 +- 8 files changed, 85 insertions(+), 64 deletions(-) rename jenkins/sign-artifacts/{Jenkinsfile => sign-standalone-artifacts.jenkinsfile} (100%) create mode 100644 jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt create mode 100644 tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile create mode 100644 tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt diff --git a/jenkins/sign-artifacts/Jenkinsfile b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile similarity index 100% rename from jenkins/sign-artifacts/Jenkinsfile rename to jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile diff --git a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt new file mode 100644 index 0000000000..6ecea7f396 --- /dev/null +++ b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt @@ -0,0 +1,34 @@ + sign-standalone-artifacts.run() + sign-standalone-artifacts.legacySCM(groovy.lang.Closure) + sign-standalone-artifacts.library({identifier=jenkins@20211123, retriever=null}) + sign-standalone-artifacts.pipeline(groovy.lang.Closure) + sign-standalone-artifacts.echo(Executing on agent [docker:[image:opensearchstaging/ci-runner:ci-runner-centos7-v1, reuseNode:false, stages:[:], args:, alwaysPull:true, containerPerStageRoot:false, label:Jenkins-Agent-al2-x64-c54xlarge-Docker-Host]]) + sign-standalone-artifacts.stage(sign, groovy.lang.Closure) + sign-standalone-artifacts.script(groovy.lang.Closure) + sign-standalone-artifacts.sh(mkdir workspace/artifacts) + sign-standalone-artifacts.sh(curl -SL https://www.dummy.com/dummy_1_artifact.tar.gz -o workspace/artifacts/dummy_1_artifact.tar.gz) + sign-standalone-artifacts.sh(curl -SL https://www.dummy.com/dummy_2_artifact.tar.gz -o workspace/artifacts/dummy_2_artifact.tar.gz) + sign-standalone-artifacts.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) + signArtifacts.fileExists(workspace/sign.sh) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.fileExists(workspace/opensearch.pgp) + signArtifacts.sh(curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o workspace/opensearch.pgp) + signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_signer_client_role + export EXTERNAL_ID=signer_client_external_id + export UNSIGNED_BUCKET=signer_client_unsigned_bucket + export SIGNED_BUCKET=signer_client_signed_bucket + + workspace/sign.sh workspace/artifacts/ --sigtype=.sig --component=null --type=null + ) + sign-standalone-artifacts.uploadToS3({sourcePath=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) + uploadToS3.withAWS({role=Dummy_Upload_Role, roleAccount=dummy_account, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) + uploadToS3.s3Upload({file=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) + sign-standalone-artifacts.script(groovy.lang.Closure) + sign-standalone-artifacts.postCleanup() + postCleanup.cleanWs({disableDeferredWipeout=true, deleteDirs=true}) diff --git a/tests/jenkins/TestSignArtifacts.groovy b/tests/jenkins/TestSignArtifacts.groovy index 52a1e51c11..f6139b54be 100644 --- a/tests/jenkins/TestSignArtifacts.groovy +++ b/tests/jenkins/TestSignArtifacts.groovy @@ -39,6 +39,7 @@ class TestSignArtifacts extends BuildPipelineTest { helper.registerAllowedMethod("git", [Map]) helper.registerAllowedMethod("s3Upload", [Map]) + helper.registerAllowedMethod("cleanWs", [Map]) helper.registerAllowedMethod("withAWS", [Map, Closure], { args, closure -> closure.delegate = delegate return helper.callClosure(closure) @@ -49,4 +50,15 @@ class TestSignArtifacts extends BuildPipelineTest { void testSignArtifacts() { super.testPipeline("tests/jenkins/jobs/SignArtifacts_Jenkinsfile") } + + @Test + void testSignArtifactsWithPgpKey() { + helper.addFileExistsMock('workspace/opensearch.pgp', true) + super.testPipeline("tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile") + } + + @Test + void testSignArtifactsJob() { + super.testPipeline("jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile") + } } diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile index 621d29cbbe..7e815a3737 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile @@ -4,70 +4,13 @@ pipeline { stage('sign') { steps { script { - if (URLs == '' || S3_FILE_UPLOAD_PATH == '') { - currentBuild.result = 'ABORTED' - error('URLs or S3_FILE_UPLOAD_PATH params are not set') - } - S3_FILE_UPLOAD_PATH = S3_FILE_UPLOAD_PATH.replaceAll('/$', "") - S3_FILE_UPLOAD_PATH = S3_FILE_UPLOAD_PATH.replaceAll('^/+', "") - downloadedFiles = downloadArtifactsFromUrls() signArtifacts( artifactPath: "$WORKSPACE/artifacts/", signatureType: SIGNATURE_TYPE, distributionPlatform: DISTRIBUTION_PLATFORM ) - - finalUploadPath = ([ - "${JOB_NAME}", - "${S3_FILE_UPLOAD_PATH}", - "${BUILD_NUMBER}", - "dist", - "signed" - ].join('/')) - - // uploading artifacts with signatures on s3 - uploadToS3( - sourcePath: "$WORKSPACE/artifacts", - bucket: "${ARTIFACT_BUCKET_NAME}", - path: finalUploadPath - ) - - printUrls(downloadedFiles) - } } } } } - -void printUrls(downloadedFiles){ - - println("Note: only supported file types will be signed") - - for(filename in downloadedFiles){ - - println("Artifacts can be accessed using the url - https://ci.opensearch.org/ci/dbc/${finalUploadPath}/${filename}" ) - println("Signatures can be accessed using the url - https://ci.opensearch.org/ci/dbc/${finalUploadPath}/${filename}${SIGNATURE_TYPE}" ) - - } - -} - -List downloadArtifactsFromUrls() { - - listOfURls = URLs.split(",") - - def downloadedFiles = [] - - sh "mkdir ${WORKSPACE}/artifacts" - - for (url in listOfURls) { - trimmedUrl = url.trim() - filename = trimmedUrl.substring(trimmedUrl.lastIndexOf('/') + 1) - downloadedFiles.add(filename) - sh "curl -SL ${trimmedUrl} -o ${WORKSPACE}/artifacts/${filename}" - } - - return downloadedFiles - -} diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt index ceadaeb435..5e6c4bab36 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt @@ -3,9 +3,6 @@ SignArtifacts_Jenkinsfile.echo(Executing on agent [label:none]) SignArtifacts_Jenkinsfile.stage(sign, groovy.lang.Closure) SignArtifacts_Jenkinsfile.script(groovy.lang.Closure) - SignArtifacts_Jenkinsfile.sh(mkdir workspace/artifacts) - SignArtifacts_Jenkinsfile.sh(curl -SL https://www.dummy.com/dummy_1_artifact.tar.gz -o workspace/artifacts/dummy_1_artifact.tar.gz) - SignArtifacts_Jenkinsfile.sh(curl -SL https://www.dummy.com/dummy_2_artifact.tar.gz -o workspace/artifacts/dummy_2_artifact.tar.gz) SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) signArtifacts.fileExists(workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) @@ -24,6 +21,3 @@ workspace/sign.sh workspace/artifacts/ --sigtype=.sig --component=null --type=null ) - SignArtifacts_Jenkinsfile.uploadToS3({sourcePath=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) - uploadToS3.withAWS({role=Dummy_Upload_Role, roleAccount=dummy_account, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) - uploadToS3.s3Upload({file=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) diff --git a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile new file mode 100644 index 0000000000..7e815a3737 --- /dev/null +++ b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile @@ -0,0 +1,16 @@ +pipeline { + agent none + stages { + stage('sign') { + steps { + script { + signArtifacts( + artifactPath: "$WORKSPACE/artifacts/", + signatureType: SIGNATURE_TYPE, + distributionPlatform: DISTRIBUTION_PLATFORM + ) + } + } + } + } +} diff --git a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt new file mode 100644 index 0000000000..779c6abfa3 --- /dev/null +++ b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt @@ -0,0 +1,22 @@ + SignArtifacts_WithPGP_Jenkinsfile.run() + SignArtifacts_WithPGP_Jenkinsfile.pipeline(groovy.lang.Closure) + SignArtifacts_WithPGP_Jenkinsfile.echo(Executing on agent [label:none]) + SignArtifacts_WithPGP_Jenkinsfile.stage(sign, groovy.lang.Closure) + SignArtifacts_WithPGP_Jenkinsfile.script(groovy.lang.Closure) + SignArtifacts_WithPGP_Jenkinsfile.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) + signArtifacts.fileExists(workspace/sign.sh) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.fileExists(workspace/opensearch.pgp) + signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=dummy_signer_client_role + export EXTERNAL_ID=signer_client_external_id + export UNSIGNED_BUCKET=signer_client_unsigned_bucket + export SIGNED_BUCKET=signer_client_signed_bucket + + workspace/sign.sh workspace/artifacts/ --sigtype=.sig --component=null --type=null + ) diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index 9cd26b55f6..bc0e0cc1f6 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -31,7 +31,7 @@ void call(Map args = [:]) { void importPGPKey(){ keyPath = "$WORKSPACE/opensearch.pgp" - if( !fileExists("$WORKSPACE/opensearch.pgp")) { + if( !fileExists("${keyPath}")) { sh("curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o ${keyPath}") } sh("gpg --import ${keyPath}") From 19c0bd73c6b41ee6e4c27b17e92014893ee7f589 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Sat, 8 Jan 2022 02:33:08 -0800 Subject: [PATCH 3/8] moved variables for job in the job test case Signed-off-by: Abhinav Gupta --- tests/jenkins/TestSignArtifacts.groovy | 38 ++++++++++++++------------ 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/tests/jenkins/TestSignArtifacts.groovy b/tests/jenkins/TestSignArtifacts.groovy index f6139b54be..1fc03a24dd 100644 --- a/tests/jenkins/TestSignArtifacts.groovy +++ b/tests/jenkins/TestSignArtifacts.groovy @@ -18,19 +18,10 @@ class TestSignArtifacts extends BuildPipelineTest { void setUp() { super.setUp() - binding.setVariable('URLs', 'https://www.dummy.com/dummy_1_artifact.tar.gz,' + - ' https://www.dummy.com/dummy_2_artifact.tar.gz') - binding.setVariable('S3_FILE_UPLOAD_PATH', '/dummy/upload/path/') - binding.setVariable('JOB_NAME', 'sign_artifacts_job') - binding.setVariable('BUILD_NUMBER', '20') - binding.setVariable('ARTIFACT_DOWNLOAD_ROLE_NAME', 'Dummy_Download_Role') - binding.setVariable('ARTIFACT_UPLOAD_ROLE_NAME', 'Dummy_Upload_Role') - binding.setVariable('AWS_ACCOUNT_PUBLIC', 'dummy_account') - binding.setVariable('ARTIFACT_BUCKET_NAME', 'dummy_bucket_name') - binding.setVariable('DISTRIBUTION_PLATFORM', 'linux') - binding.setVariable('SIGNATURE_TYPE', '.sig') binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') binding.setVariable('WORKSPACE', 'workspace') + binding.setVariable('DISTRIBUTION_PLATFORM', 'linux') + binding.setVariable('SIGNATURE_TYPE', '.sig') binding.setVariable('SIGNER_CLIENT_ROLE', 'dummy_signer_client_role') binding.setVariable('SIGNER_CLIENT_EXTERNAL_ID', 'signer_client_external_id') @@ -38,12 +29,8 @@ class TestSignArtifacts extends BuildPipelineTest { binding.setVariable('SIGNER_CLIENT_SIGNED_BUCKET', 'signer_client_signed_bucket') helper.registerAllowedMethod("git", [Map]) - helper.registerAllowedMethod("s3Upload", [Map]) - helper.registerAllowedMethod("cleanWs", [Map]) - helper.registerAllowedMethod("withAWS", [Map, Closure], { args, closure -> - closure.delegate = delegate - return helper.callClosure(closure) - }) + helper.registerAllowedMethod("withCredentials", [Map]) + } @Test @@ -59,6 +46,23 @@ class TestSignArtifacts extends BuildPipelineTest { @Test void testSignArtifactsJob() { + binding.setVariable('URLs', 'https://www.dummy.com/dummy_1_artifact.tar.gz,' + + ' https://www.dummy.com/dummy_2_artifact.tar.gz') + binding.setVariable('S3_FILE_UPLOAD_PATH', '/dummy/upload/path/') + binding.setVariable('JOB_NAME', 'sign_artifacts_job') + binding.setVariable('BUILD_NUMBER', '20') + binding.setVariable('ARTIFACT_DOWNLOAD_ROLE_NAME', 'Dummy_Download_Role') + binding.setVariable('ARTIFACT_UPLOAD_ROLE_NAME', 'Dummy_Upload_Role') + binding.setVariable('AWS_ACCOUNT_PUBLIC', 'dummy_account') + binding.setVariable('ARTIFACT_BUCKET_NAME', 'dummy_bucket_name') + + helper.registerAllowedMethod("cleanWs", [Map]) + helper.registerAllowedMethod("s3Upload", [Map]) + helper.registerAllowedMethod("withAWS", [Map, Closure], { args, closure -> + closure.delegate = delegate + return helper.callClosure(closure) + }) + super.testPipeline("jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile") } } From a9c2e3a178f2973c364f560b5c22ff1ed4f4268b Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Sat, 8 Jan 2022 12:50:08 -0800 Subject: [PATCH 4/8] add printurl library Signed-off-by: Abhinav Gupta --- .../sign-standalone-artifacts.jenkinsfile | 27 +++++++++---------- .../sign-standalone-artifacts.jenkinsfile.txt | 1 + ...printArtifactDownloadUrlsForStaging.groovy | 7 +++++ 3 files changed, 21 insertions(+), 14 deletions(-) create mode 100644 vars/printArtifactDownloadUrlsForStaging.groovy diff --git a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile index 7b08ca4eab..1bb39c70d0 100644 --- a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile +++ b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile @@ -47,6 +47,15 @@ pipeline { distributionPlatform: DISTRIBUTION_PLATFORM ) + filenamesForUrls = [] + + println("Note: only supported file types will be signed") + + for(filename in downloadedFiles){ + filenamesForUrls.add(filename) + filenamesForUrls.add(filename + SIGNATURE_TYPE) + } + finalUploadPath = ([ "${JOB_NAME}", "${S3_FILE_UPLOAD_PATH}", @@ -62,7 +71,10 @@ pipeline { path: finalUploadPath ) - printUrls(downloadedFiles) + printArtifactDownloadUrlsForStaging( + artifactFileNames: filenamesForUrls, + uploadPath: finalUploadPath + ) } } @@ -77,19 +89,6 @@ pipeline { } } -void printUrls(downloadedFiles){ - - println("Note: only supported file types will be signed") - - for(filename in downloadedFiles){ - - println("Artifacts can be accessed using the url - https://ci.opensearch.org/ci/dbc/${finalUploadPath}/${filename}" ) - println("Signatures can be accessed using the url - https://ci.opensearch.org/ci/dbc/${finalUploadPath}/${filename}${SIGNATURE_TYPE}" ) - - } - -} - List downloadArtifactsFromUrls() { listOfURls = URLs.split(",") diff --git a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt index 6ecea7f396..1d156378a5 100644 --- a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt +++ b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt @@ -29,6 +29,7 @@ sign-standalone-artifacts.uploadToS3({sourcePath=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) uploadToS3.withAWS({role=Dummy_Upload_Role, roleAccount=dummy_account, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) uploadToS3.s3Upload({file=workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) + sign-standalone-artifacts.printArtifactDownloadUrlsForStaging({artifactFileNames=[dummy_1_artifact.tar.gz, dummy_1_artifact.tar.gz.sig, dummy_2_artifact.tar.gz, dummy_2_artifact.tar.gz.sig], uploadPath=sign_artifacts_job/dummy/upload/path/20/dist/signed}) sign-standalone-artifacts.script(groovy.lang.Closure) sign-standalone-artifacts.postCleanup() postCleanup.cleanWs({disableDeferredWipeout=true, deleteDirs=true}) diff --git a/vars/printArtifactDownloadUrlsForStaging.groovy b/vars/printArtifactDownloadUrlsForStaging.groovy new file mode 100644 index 0000000000..bb33b131a2 --- /dev/null +++ b/vars/printArtifactDownloadUrlsForStaging.groovy @@ -0,0 +1,7 @@ +void call(Map args = [:]){ + + for(filename in args.artifactFileNames){ + println("File ${filename} can be accessed using the url - https://ci.opensearch.org/ci/dbc/${args.uploadPath}/${filename}" ) + } + +} From d21faa5aee71958e843e3a751cc7e0e9e805cebf Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Sat, 8 Jan 2022 14:29:29 -0800 Subject: [PATCH 5/8] added test case for printArtifactUrls Signed-off-by: Abhinav Gupta --- ...PrintArtifactDownloadUrlsForStaging.groovy | 29 +++++++++++++++++++ ...ArtifactDownloadUrlsForStaging_Jenkinsfile | 15 ++++++++++ ...factDownloadUrlsForStaging_Jenkinsfile.txt | 6 ++++ ...printArtifactDownloadUrlsForStaging.groovy | 3 +- 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy create mode 100644 tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile create mode 100644 tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile.txt diff --git a/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy b/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy new file mode 100644 index 0000000000..3f005ba411 --- /dev/null +++ b/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy @@ -0,0 +1,29 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +package jenkins.tests + +import org.junit.* + + +class TestPrintArtifactDownloadUrlsForStaging extends BuildPipelineTest { + + @Before + void setUp() { + super.setUp() + binding.setVariable('filenamesForUrls', ['dummy_file.tar.gz', 'dummy_file.tar.gz.sig']) + binding.setVariable('UPLOAD_PATH', 'dummy/upload/path') + + } + + @Test + void testPrintArtifactDownloadUrlsForStaging() { + super.testPipeline("tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile") + } + +} diff --git a/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile b/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile new file mode 100644 index 0000000000..c5699c31a3 --- /dev/null +++ b/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile @@ -0,0 +1,15 @@ +pipeline { + agent none + stages { + stage('print_urls') { + steps { + script { + printArtifactDownloadUrlsForStaging( + artifactFileNames: filenamesForUrls, + uploadPath: UPLOAD_PATH + ) + } + } + } + } +} diff --git a/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile.txt b/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile.txt new file mode 100644 index 0000000000..da30e1b952 --- /dev/null +++ b/tests/jenkins/jobs/PrintArtifactDownloadUrlsForStaging_Jenkinsfile.txt @@ -0,0 +1,6 @@ + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.run() + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.pipeline(groovy.lang.Closure) + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.echo(Executing on agent [label:none]) + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.stage(print_urls, groovy.lang.Closure) + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.script(groovy.lang.Closure) + PrintArtifactDownloadUrlsForStaging_Jenkinsfile.printArtifactDownloadUrlsForStaging({artifactFileNames=[dummy_file.tar.gz, dummy_file.tar.gz.sig], uploadPath=dummy/upload/path}) diff --git a/vars/printArtifactDownloadUrlsForStaging.groovy b/vars/printArtifactDownloadUrlsForStaging.groovy index bb33b131a2..e27e27a0bc 100644 --- a/vars/printArtifactDownloadUrlsForStaging.groovy +++ b/vars/printArtifactDownloadUrlsForStaging.groovy @@ -1,7 +1,8 @@ void call(Map args = [:]){ for(filename in args.artifactFileNames){ - println("File ${filename} can be accessed using the url - https://ci.opensearch.org/ci/dbc/${args.uploadPath}/${filename}" ) + url = "https://ci.opensearch.org/ci/dbc/${args.uploadPath}/${filename}" + println("File ${filename} can be accessed using the url - ${url}" ) } } From 90c6b911a55eebb354f730c1f046d47315514086 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Mon, 10 Jan 2022 11:21:49 -0800 Subject: [PATCH 6/8] single line download and import key Signed-off-by: Abhinav Gupta --- .../sign-standalone-artifacts.jenkinsfile.txt | 4 +--- tests/jenkins/TestSignArtifacts.groovy | 6 ----- .../PromoteArtifacts_actions_Jenkinsfile.txt | 8 ++----- .../jobs/SignArtifacts_Jenkinsfile.txt | 4 +--- .../jobs/SignArtifacts_WithPGP_Jenkinsfile | 16 -------------- .../SignArtifacts_WithPGP_Jenkinsfile.txt | 22 ------------------- vars/signArtifacts.groovy | 8 +++---- 7 files changed, 7 insertions(+), 61 deletions(-) delete mode 100644 tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile delete mode 100644 tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt diff --git a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt index 1d156378a5..68279b9757 100644 --- a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt +++ b/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt @@ -11,9 +11,7 @@ sign-standalone-artifacts.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) signArtifacts.fileExists(workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) - signArtifacts.fileExists(workspace/opensearch.pgp) - signArtifacts.sh(curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o workspace/opensearch.pgp) - signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) signArtifacts.sh( diff --git a/tests/jenkins/TestSignArtifacts.groovy b/tests/jenkins/TestSignArtifacts.groovy index 1fc03a24dd..e6ad50b75c 100644 --- a/tests/jenkins/TestSignArtifacts.groovy +++ b/tests/jenkins/TestSignArtifacts.groovy @@ -38,12 +38,6 @@ class TestSignArtifacts extends BuildPipelineTest { super.testPipeline("tests/jenkins/jobs/SignArtifacts_Jenkinsfile") } - @Test - void testSignArtifactsWithPgpKey() { - helper.addFileExistsMock('workspace/opensearch.pgp', true) - super.testPipeline("tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile") - } - @Test void testSignArtifactsJob() { binding.setVariable('URLs', 'https://www.dummy.com/dummy_1_artifact.tar.gz,' + diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt index affe2c5331..22e280ccbd 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt @@ -28,9 +28,7 @@ createSignatureFiles.signArtifacts({signatureType=.sig, artifactPath=workspace/artifacts/vars-build/1.3.0/33/x64/linux/builds/opensearch/core-plugins}) signArtifacts.fileExists(workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) - signArtifacts.fileExists(workspace/opensearch.pgp) - signArtifacts.sh(curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o workspace/opensearch.pgp) - signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) signArtifacts.sh( @@ -53,9 +51,7 @@ createSignatureFiles.signArtifacts({signatureType=.sig, artifactPath=workspace/workspace/file/found.zip}) signArtifacts.fileExists(workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) - signArtifacts.fileExists(workspace/opensearch.pgp) - signArtifacts.sh(curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o workspace/opensearch.pgp) - signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) signArtifacts.sh( diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt index 5e6c4bab36..6c3a0f78a5 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt @@ -6,9 +6,7 @@ SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) signArtifacts.fileExists(workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) - signArtifacts.fileExists(workspace/opensearch.pgp) - signArtifacts.sh(curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o workspace/opensearch.pgp) - signArtifacts.sh(gpg --import workspace/opensearch.pgp) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) signArtifacts.sh( diff --git a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile deleted file mode 100644 index 7e815a3737..0000000000 --- a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile +++ /dev/null @@ -1,16 +0,0 @@ -pipeline { - agent none - stages { - stage('sign') { - steps { - script { - signArtifacts( - artifactPath: "$WORKSPACE/artifacts/", - signatureType: SIGNATURE_TYPE, - distributionPlatform: DISTRIBUTION_PLATFORM - ) - } - } - } - } -} diff --git a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt deleted file mode 100644 index 779c6abfa3..0000000000 --- a/tests/jenkins/jobs/SignArtifacts_WithPGP_Jenkinsfile.txt +++ /dev/null @@ -1,22 +0,0 @@ - SignArtifacts_WithPGP_Jenkinsfile.run() - SignArtifacts_WithPGP_Jenkinsfile.pipeline(groovy.lang.Closure) - SignArtifacts_WithPGP_Jenkinsfile.echo(Executing on agent [label:none]) - SignArtifacts_WithPGP_Jenkinsfile.stage(sign, groovy.lang.Closure) - SignArtifacts_WithPGP_Jenkinsfile.script(groovy.lang.Closure) - SignArtifacts_WithPGP_Jenkinsfile.signArtifacts({artifactPath=workspace/artifacts/, signatureType=.sig, distributionPlatform=linux}) - signArtifacts.fileExists(workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) - signArtifacts.fileExists(workspace/opensearch.pgp) - signArtifacts.sh(gpg --import workspace/opensearch.pgp) - signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) - signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure) - signArtifacts.sh( - #!/bin/bash - set +x - export ROLE=dummy_signer_client_role - export EXTERNAL_ID=signer_client_external_id - export UNSIGNED_BUCKET=signer_client_unsigned_bucket - export SIGNED_BUCKET=signer_client_signed_bucket - - workspace/sign.sh workspace/artifacts/ --sigtype=.sig --component=null --type=null - ) diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index bc0e0cc1f6..8f42d19581 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -30,9 +30,7 @@ void call(Map args = [:]) { } void importPGPKey(){ - keyPath = "$WORKSPACE/opensearch.pgp" - if( !fileExists("${keyPath}")) { - sh("curl -SL https://artifacts.opensearch.org/publickeys/opensearch.pgp -o ${keyPath}") - } - sh("gpg --import ${keyPath}") + + sh "curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -" + } From 9d6a8d856d9147cef3b1e67db360a93aa00c0b92 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Mon, 10 Jan 2022 11:27:41 -0800 Subject: [PATCH 7/8] remove extra line Signed-off-by: Abhinav Gupta --- tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy b/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy index 3f005ba411..68cb250813 100644 --- a/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy +++ b/tests/jenkins/TestPrintArtifactDownloadUrlsForStaging.groovy @@ -18,7 +18,6 @@ class TestPrintArtifactDownloadUrlsForStaging extends BuildPipelineTest { super.setUp() binding.setVariable('filenamesForUrls', ['dummy_file.tar.gz', 'dummy_file.tar.gz.sig']) binding.setVariable('UPLOAD_PATH', 'dummy/upload/path') - } @Test From 2ca4c8d849563352003c7bf37dacaebec868f1a9 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Mon, 10 Jan 2022 14:46:19 -0800 Subject: [PATCH 8/8] added regression test file in tests folder Signed-off-by: Abhinav Gupta --- tests/jenkins/TestSignArtifacts.groovy | 2 +- .../sign-standalone-artifacts.jenkinsfile.txt | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename {jenkins/sign-artifacts => tests/jenkins/jenkinsjob-regression-files}/sign-standalone-artifacts.jenkinsfile.txt (100%) diff --git a/tests/jenkins/TestSignArtifacts.groovy b/tests/jenkins/TestSignArtifacts.groovy index e6ad50b75c..da6ef1ec8d 100644 --- a/tests/jenkins/TestSignArtifacts.groovy +++ b/tests/jenkins/TestSignArtifacts.groovy @@ -57,6 +57,6 @@ class TestSignArtifacts extends BuildPipelineTest { return helper.callClosure(closure) }) - super.testPipeline("jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile") + super.testPipeline("jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile", "tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts.jenkinsfile") } } diff --git a/jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt b/tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts.jenkinsfile.txt similarity index 100% rename from jenkins/sign-artifacts/sign-standalone-artifacts.jenkinsfile.txt rename to tests/jenkins/jenkinsjob-regression-files/sign-standalone-artifacts.jenkinsfile.txt