Record artifact checksums and signatures to stdout

In case of later upload failures, record the SHA2-256 checksum and ASCII-armored OpenPGP signature of each signed artifact to the job's output stream so they can later be used for manual uploading. Change-Id: Ifd136b95357d499e088c5509fa57daf76a246cf4
2020-06-16 14:35:37 +00:00 · 2020-06-16 14:35:37 +00:00 · 7c64b4bdb3
commit 7c64b4bdb3
parent ed3fdf5a8d
1 changed files with 14 additions and 0 deletions
--- a/roles/sign-artifacts/tasks/main.yaml
+++ b/roles/sign-artifacts/tasks/main.yaml
@ -38,3 +38,17 @@
  file:
    path: "{{ gnupg_tmpdir.path }}"
    state: absent
+
+- name: Record checksums
+  command: "sha256sum {{ zj_artifact.path }}"
+  with_items: "{{ artifacts.files }}"
+  loop_control:
+    loop_var: zj_artifact
+  when: artifacts.matched > 0
+
+- name: Record signatures
+  command: "cat {{ zj_artifact.path }}.asc"
+  with_items: "{{ artifacts.files }}"
+  loop_control:
+    loop_var: zj_artifact
+  when: artifacts.matched > 0