BUILD-906 Sign published artifacts

author Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>

Thu, 15 Apr 2021 10:15:18 +0000 (12:15 +0200)

committer sonartech <sonartech@sonarsource.com>

Sat, 24 Apr 2021 20:03:36 +0000 (20:03 +0000)
author Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>
Thu, 15 Apr 2021 10:15:18 +0000 (12:15 +0200)
committer sonartech <sonartech@sonarsource.com>
Sat, 24 Apr 2021 20:03:36 +0000 (20:03 +0000)
diff --git a/.cirrus.yml b/.cirrus.yml

index 3cda7fecd4288a9265f3ef7df546db79c2d3dff1..762bc4258f4eab845a0cc7c5414e3028a87117c9 100644 (file)
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -112,6 +112,8 @@ build_task:
      # Depth of 1 is not enough because it would fail the build in case of consecutive pushes
      # (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
      CIRRUS_CLONE_DEPTH: 50
+    ORG_GRADLE_PROJECT_signingKey: ENCRYPTED[!54147bd7fb86bbe802fd432fab7d53bee19e71fe642d7b57703ec985b10f1976602adc743a906ea9851e5dd793be540c!]
+    ORG_GRADLE_PROJECT_signingPassword: ENCRYPTED[!15c41fa6fdc13ace4a011693a002664593e038f91a2597fad40f4295f0de9858a587c504f5b9f1f97250f19fd5f4a655!]
    script:
      - ./private/cirrus/cirrus-build.sh
    on_failure:
diff --git a/build.gradle b/build.gradle

index 32e8d46f3701ae0303cf8bf5789e96854e1d2a53..4a73c774182e46d8a41e6326790b4610036ae80f 100644 (file)
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ plugins {
    id 'com.github.hierynomus.license' version '0.15.0'
    id 'com.github.johnrengelman.shadow' version '5.2.0' apply false
    id 'com.google.protobuf' version '0.8.13' apply false
-  id 'com.jfrog.artifactory' version '4.18.0'
+  id 'com.jfrog.artifactory' version '4.21.0'
    id 'com.github.node-gradle.node' version '2.2.4' apply false
    id 'io.spring.dependency-management' version '1.0.10.RELEASE'
    id "com.asarkar.gradle.build-time-tracker" version "2.0.4" apply false
@@ -107,7 +107,7 @@ allprojects {
  
    artifactory {
      clientConfig.setIncludeEnvVars(true)
-    clientConfig.setEnvVarsExcludePatterns('*password*,*PASSWORD*,*secret*,*MAVEN_CMD_LINE_ARGS*,sun.java.command,*token*,*TOKEN*,*LOGIN*,*login*,*key*,*KEY*')
+    clientConfig.setEnvVarsExcludePatterns('*password*,*PASSWORD*,*secret*,*MAVEN_CMD_LINE_ARGS*,sun.java.command,*token*,*TOKEN*,*LOGIN*,*login*,*key*,*KEY*,*signing*')
      contextUrl = System.getenv('ARTIFACTORY_URL')
      publish {
        repository {
@@ -162,6 +162,7 @@ subprojects {
    apply plugin: 'jacoco'
    apply plugin: 'java'
    apply plugin: 'idea'
+  apply plugin: 'signing'
  
    sourceCompatibility = 1.8
    targetCompatibility = 1.8
@@ -572,6 +573,27 @@ subprojects {
        }
      }
    }
+
+  signing {
+    def signingKey = findProperty("signingKey")
+    def signingPassword = findProperty("signingPassword")
+    useInMemoryPgpKeys(signingKey, signingPassword)
+    required {
+      def branch = System.getenv()["CIRRUS_BRANCH"]
+      return (branch == 'master' || branch ==~ 'branch-[\\d.]+') &&
+             gradle.taskGraph.hasTask(":artifactoryPublish")
+    }
+    sign publishing.publications
+  }
+
+  tasks.withType(Sign) {
+    onlyIf {
+      def branch = System.getenv()["CIRRUS_BRANCH"]
+      return !artifactoryPublish.skip &&
+             (branch == 'master' || branch ==~ 'branch-[\\d.]+') &&
+             gradle.taskGraph.hasTask(":artifactoryPublish")
+    }
+  }
  }
author	Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>
	Thu, 15 Apr 2021 10:15:18 +0000 (12:15 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Sat, 24 Apr 2021 20:03:36 +0000 (20:03 +0000)
.cirrus.yml		patch \| blob \| history
build.gradle		patch \| blob \| history