From 7c64b4bdb3fa87224e15a8082843e3bf5ad595c4 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Tue, 16 Jun 2020 14:35:37 +0000
Subject: [PATCH] Record artifact checksums and signatures to stdout

In case of later upload failures, record the SHA2-256 checksum and
ASCII-armored OpenPGP signature of each signed artifact to the job's
output stream so they can later be used for manual uploading.

Change-Id: Ifd136b95357d499e088c5509fa57daf76a246cf4
---
 roles/sign-artifacts/tasks/main.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/sign-artifacts/tasks/main.yaml b/roles/sign-artifacts/tasks/main.yaml
index 42d52cf6f..b7dbd80ca 100644
--- a/roles/sign-artifacts/tasks/main.yaml
+++ b/roles/sign-artifacts/tasks/main.yaml
@@ -38,3 +38,17 @@
   file:
     path: "{{ gnupg_tmpdir.path }}"
     state: absent
+
+- name: Record checksums
+  command: "sha256sum {{ zj_artifact.path }}"
+  with_items: "{{ artifacts.files }}"
+  loop_control:
+    loop_var: zj_artifact
+  when: artifacts.matched > 0
+
+- name: Record signatures
+  command: "cat {{ zj_artifact.path }}.asc"
+  with_items: "{{ artifacts.files }}"
+  loop_control:
+    loop_var: zj_artifact
+  when: artifacts.matched > 0