Open HannesWell opened 1 month ago
In https://github.com/eclipse-cbi/jiro/wiki#required-steps-for-a-pipeline-job it is explained that the keyring has to be imported in the following way to use it with the maven-gpg-plugin:
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) { sh 'gpg --batch --import "${KEYRING}"' sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done' }
But at least when using the tycho-gpg-plugin with the bc signer it can be omitted and the keyring can be passed directly:
tycho-gpg-plugin
withCredentials([ file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING'), string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE') ]) { sh ''' mvn clean verify -Dtycho.pgp.signer=bc -Dtycho.pgp.signer.bc.secretKeys="${KEYRING}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" -Dgpg.keyname="<your-keyname>" ''' }
See also
I think it's worth to mention that at least when using Tycho one can save the first step.
In https://github.com/eclipse-cbi/jiro/wiki#required-steps-for-a-pipeline-job it is explained that the keyring has to be imported in the following way to use it with the maven-gpg-plugin:
But at least when using the
tycho-gpg-pluginwith the bc signer it can be omitted and the keyring can be passed directly:See also
I think it's worth to mention that at least when using Tycho one can save the first step.