Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a post build stage #739

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Add a post build stage #739

wants to merge 3 commits into from

Conversation

sophia-guo
Copy link
Contributor

@sophia-guo sophia-guo commented Jun 26, 2023
edited
Loading

Add sbom sign job in post build stage

Close #610

Depends on adoptium/temurin-build#3404

Signed-off-by: Sophia Guo [email protected]

@github-actions
Copy link

Thank you for creating a pull request!

Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work).

Code Quality and Contributing Guidelines

If you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before.

Tests

Github actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post run tests on this PR.
If you are not an admin, please ask for one's attention in #infrastructure on Slack or ping one here.
To run full set of tests, use "run tests"; a subset of tests on specific jdk version, use "run tests quick 11,20"

@sophia-guo sophia-guo marked this pull request as draft June 26, 2023 12:39
andrew-m-leonard
andrew-m-leonard reviewed Jun 27, 2023
View reviewed changes
tools/post-build/Jenkinsfile Outdated Show resolved Hide resolved
tools/post-build/Jenkinsfile Outdated
sh label: 'build-sign-sbom', script: '''
JAVA_HOME=/usr/lib/jvm/jdk-17 ant clean
JAVA_HOME=/usr/lib/jvm/jdk-17 ant build-sign-sbom
openssl genpkey -algorithm RSA -pass pass:test -outform PEM -out testPrivateFile -pkeyopt rsa_keygen_bits:2048
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So using a temporary generated key is fine for testing, but will need to use a secure GPG or similar Jenkins stored key ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's for testing. Any final decision like what should we use for signing? @andrew-m-leonard

@sophia-guo sophia-guo self-assigned this Jul 27, 2023
github-actions[bot]
github-actions bot previously requested changes Jul 28, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.

If this pull request needs to be merged during the release cycle then please comment /merge and a PMC member will be able to remove the block.

If the code freeze is over you can remove this block by commenting /thaw.

@karianna
Copy link
Contributor

karianna commented Aug 1, 2023

/thaw

@github-actions github-actions bot dismissed their stale review August 1, 2023 04:18

Pull Request unblocked - code freeze is over.

@sophia-guo
Add a post build stage
e1d4410 
Add sbom sign job in post build stage

Signed-off-by: Sophia Guo <[email protected]>
@sophia-guo
Update to master temurin-build
d39bbf4 
Signed-off-by: Sophia Guo <[email protected]>
@sophia-guo
Minor update
5e3df5b 
Signed-off-by: Sophia Guo <[email protected]>
smlambert
smlambert reviewed Jan 8, 2024
View reviewed changes
Copy link
Contributor

@smlambert smlambert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is still in Draft, so I didn't review it yet. Is it ready for review and/or is in plan to bring in ahead of Jan release?

@sophia-guo sophia-guo mentioned this pull request Feb 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrew-m-leonard andrew-m-leonard andrew-m-leonard left review comments

@smlambert smlambert smlambert left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@sophia-guo sophia-guo

Labels
jenkins-pipeline
Projects
2024 1Q Adoptium Plan
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EPIC: Add a Post-Build job and Sign-SBOM job
4 participants
@sophia-guo @karianna @smlambert @andrew-m-leonard