You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by kw...@apache.org on 2022/11/06 17:53:14 UTC
[sling-ide-tooling] 01/01: SLING-10064 Sign JARs and build P2 repo in a dedicated stage
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch feature/sign-jars
in repository https://gitbox.apache.org/repos/asf/sling-ide-tooling.git
commit f7a0edf1dc1cf6e8851572f006019b872f9da5b2
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Sun Nov 6 18:53:07 2022 +0100
SLING-10064 Sign JARs and build P2 repo in a dedicated stage
Leverage the PKCS#11 library from DigiCert ONE being set up with
https://issues.apache.org/jira/browse/INFRA-23844
---
Jenkinsfile | 15 ++++++++-
eclipse/p2update/pom.xml | 85 ++++++++++++++----------------------------------
eclipse/pom.xml | 1 -
3 files changed, 39 insertions(+), 62 deletions(-)
diff --git a/Jenkinsfile b/Jenkinsfile
index ce88ca21..a2c7ab22 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -20,6 +20,7 @@ def jobConfig = [
helper.runWithErrorHandling(jobConfig, {
parallel 'linux': generateStages('linux', mvnVersion, javaVersion),
'windows': generateStages('windows', mvnVersion, javaVersion)
+ buildSignedP2Repository( mvnVersion, javaVersion )
})
// generates os-specific stages
@@ -48,7 +49,7 @@ def generateStages(String os, def mvnVersion, def javaVersion) {
timeout(20) {
// workaround for https://issues.jenkins-ci.org/browse/JENKINS-39415
wrap([$class: 'Xvfb', autoDisplayName: true]) {
- runCmd 'mvn -f eclipse clean verify'
+ runCmd 'mvn -f eclipse clean install'
}
// workaround for https://issues.jenkins-ci.org/browse/JENKINS-55889
junit(testResults: 'eclipse/**/surefire-reports/*.xml', allowEmptyResults: true)
@@ -70,6 +71,18 @@ def generateStages(String os, def mvnVersion, def javaVersion) {
}
}
+def buildSignedP2Repository( def mvnVersion, def javaVersion ) {
+ node('pkcs11') {
+ stage(' Build Signed P2 Repository') {
+ checkout scm
+ withMaven(maven: mvnVersion, jdk: javaVersion, mavenLocalRepo: '.repository', options: [artifactsPublisher(disabled: true)]) {
+ timeout(20) {
+ runCmd 'mvn -f eclipse/p2update clean verify'
+ }
+ }
+ }
+ }
+}
def runCmd(def cmd) {
if (isUnix() ) {
sh cmd
diff --git a/eclipse/p2update/pom.xml b/eclipse/p2update/pom.xml
index 7a689260..000c0d85 100644
--- a/eclipse/p2update/pom.xml
+++ b/eclipse/p2update/pom.xml
@@ -60,66 +60,31 @@
<build>
<plugins>
<plugin>
- <groupId>net.jsign</groupId>
- <artifactId>jsign-maven-plugin</artifactId>
- <version>4.2</version>
- <executions>
- <execution>
- <goals>
- <goal>sign</goal>
- </goals>
- <configuration>
- <fileSet>
- <directory>target/repository</directory>
- <includes>
- <include>**/org.apache.sling.*.jar</include>
- </includes>
- </fileSet>
- <name>Apache Sling IDE Tooling for Eclipse</name>
- <url>https://sling.apache.org/documentation/development/ide-tooling.html</url>
- <alias>Sling-PMC-cert-2022-09_4f01e1ed-9fde-4f84-a5ac-adf82e114a3b</alias>
- <storepass>${settings.server.digicertoneasf.passphrase}|path</storepass>
- <storetype>DIGICERTONE</storetype>
- </configuration>
- </execution>
- </executions>
- </plugin>
-
- <!--
- This plugin is not yet released. To use this code signing, install the
- pluging locally and then run with the 'codesign' profile. See the Sling IDE
- tooling docs for more instructions
- <plugin>
- <groupId>org.apache.sling</groupId>
- <artifactId>codesign-maven-plugin</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- <executions>
- <execution>
- <id>codesign</id>
- <phase>package</phase>
- <goals>
- <goal>sign</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <applicationName>Apache Sling IDE Tooling for Eclipse</applicationName>
- <applicationVersion>${qualifiedVersion}</applicationVersion>
- <includeProjectArtifact>false</includeProjectArtifact>
- <artifactSets>
- <artifactSet>
- <directory>target/repository/features</directory>
- <include>org.apache.sling.*.jar</include>
- </artifactSet>
- <artifactSet>
- <directory>target/repository/plugins</directory>
- <include>org.apache.sling.*.jar</include>
- </artifactSet>
- </artifactSets>
- <signingService>Java TEST Signing Sha256</signingService>
- </configuration>
- </plugin>
- -->
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jarsigner-plugin</artifactId>
+ <version>3.0.0</version>
+ <executions>
+ <execution>
+ <id>sign</id>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <keystore>NONE</keystore>
+ <alias>Sling-PMC-cert-2022-09_4f01e1ed-9fde-4f84-a5ac-adf82e114a3b</alias>
+ <storepass>none</storepass>
+ <providerClass>sun.security.pkcs11.SunPKCS11</providerClass>
+ <storetype>PKCS11</storetype>
+ <providerArg>${env.PKCS11_CONFIG}</providerArg>
+ <tsa>http://timestamp.digicert.com</tsa>
+ <verbose>true</verbose>
+ <processMainArtifact>false</processMainArtifact>
+ <archiveDirectory>${project.build.directory}/repository</archiveDirectory>
+ </configuration>
+ </plugin>
+
<plugin>
<groupId>org.eclipse.tycho.extras</groupId>
<artifactId>tycho-p2-extras-plugin</artifactId>
diff --git a/eclipse/pom.xml b/eclipse/pom.xml
index 7081f767..bbb9abe0 100644
--- a/eclipse/pom.xml
+++ b/eclipse/pom.xml
@@ -47,7 +47,6 @@
<module>eclipse-sightly-core</module>
<module>eclipse-sightly-ui</module>
<module>sightly-feature</module>
- <module>p2update</module>
<!-- test modules activated per profile -->
</modules>