7c64b4bdb3
In case of later upload failures, record the SHA2-256 checksum and ASCII-armored OpenPGP signature of each signed artifact to the job's output stream so they can later be used for manual uploading. Change-Id: Ifd136b95357d499e088c5509fa57daf76a246cf4
55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
- name: Make GPG directory
|
|
tempfile:
|
|
state: directory
|
|
register: gnupg_tmpdir
|
|
|
|
- name: Create GPG private key tempfile
|
|
tempfile:
|
|
state: file
|
|
register: gpg_private_key_tmp
|
|
|
|
- name: Create GPG private key
|
|
copy:
|
|
content: "{{ gpg_key.private }}"
|
|
dest: "{{ gpg_private_key_tmp.path }}"
|
|
mode: 0400
|
|
|
|
- name: Import GPG private key
|
|
command: "gpg --homedir {{ gnupg_tmpdir.path }} --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}"
|
|
|
|
- name: Delete GPG private key
|
|
file:
|
|
path: "{{ gpg_private_key_tmp.path }}"
|
|
state: absent
|
|
|
|
- name: Find files to sign
|
|
find:
|
|
paths: "{{ gpg_sign_path }}"
|
|
register: artifacts
|
|
|
|
- name: Sign artifacts
|
|
command: "gpg --homedir {{ gnupg_tmpdir.path }} --armor --detach-sign {{ zj_artifact.path }}"
|
|
with_items: "{{ artifacts.files }}"
|
|
loop_control:
|
|
loop_var: zj_artifact
|
|
when: artifacts.matched > 0
|
|
|
|
- name: Delete keyring directory
|
|
file:
|
|
path: "{{ gnupg_tmpdir.path }}"
|
|
state: absent
|
|
|
|
- name: Record checksums
|
|
command: "sha256sum {{ zj_artifact.path }}"
|
|
with_items: "{{ artifacts.files }}"
|
|
loop_control:
|
|
loop_var: zj_artifact
|
|
when: artifacts.matched > 0
|
|
|
|
- name: Record signatures
|
|
command: "cat {{ zj_artifact.path }}.asc"
|
|
with_items: "{{ artifacts.files }}"
|
|
loop_control:
|
|
loop_var: zj_artifact
|
|
when: artifacts.matched > 0
|