Sign jar from the gradle task instead of the CI

deltacv · Nov 20, 2024 · 1e8bd25 · 1e8bd25
1 parent cc258a6
commit 1e8bd25
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,17 +25,13 @@ jobs:
       if: ${{ startsWith(github.ref, 'refs/tags/v') }}
 
     - name: Build dev shadow jar with Gradle
+      env:
+        DELTACV_PLUGINSIGNING_PRIVATE: ${{ secrets.DELTACV_PLUGINSIGNING_PRIVATE }}
       run: |
         SHA_SHORT="$(git rev-parse --short HEAD)"
         ./gradlew -Phash=$SHA_SHORT shadowJar -x test
       if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
 
-    - name: Sign jar files
-      env:
-        DELTACV_PLUGINSIGNING_PRIVATE: ${{ secrets.DELTACV_PLUGINSIGNING_PRIVATE }}
-      run: |
-        for i in EOCVSimPlugin/build/libs/*.jar; do java -classpath "tools/Common.jar" io.github.deltacv.eocvsim.plugin.security.PluginSigningTool --plugin=$i --authority=deltacv --key=$DELTACV_PLUGINSIGNING_PRIVATE; done
-
     - uses: pyTooling/Actions/releaser@r0
       with:
         token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/EOCVSimPlugin/build.gradle b/EOCVSimPlugin/build.gradle
@@ -11,6 +11,26 @@ tasks.register('sourcesJar', Jar) {
     archiveClassifier = "sources"
 }
 
+tasks.matching { it.name in ['jar', 'shadowJar'] }.configureEach {
+    doLast {
+        def script = System.getProperty('os.name').toLowerCase().contains('win') ? 'sign_output.bat' : 'sign_output.sh'
+        def scriptPath = new File(rootDir, script).absolutePath
+        println "Running signing script: $scriptPath"
+
+        // Get the key from an environment variable
+        def signingKey = System.getenv('DELTACV_PLUGINSIGNING_PRIVATE')
+        if (!signingKey) {
+            println("Environment variable 'DELTACV_PLUGINSIGNING_PRIVATE' is not set.")
+            return
+        }
+
+        // Execute the script with the key
+        project.exec {
+            commandLine scriptPath, rootDir.absolutePath, signingKey
+        }.assertNormalExitValue()
+    }
+}
+
 publishing {
     publications {
         mavenJava(MavenPublication) {

diff --git a/tools/sign_output.bat b/tools/sign_output.bat
@@ -0,0 +1,16 @@
+@echo off
+setlocal enabledelayedexpansion
+
+if "%1"=="" (
+    echo Error: The path to the root project is required as the first argument.
+    exit /b 1
+)
+
+if "%2"=="" (
+    echo Error: The signing key is required as the second argument.
+    exit /b 1
+)
+
+for %%i in (EOCVSimPlugin\build\libs\*.jar) do (
+    java -classpath "%~1\tools\Common.jar" io.github.deltacv.eocvsim.plugin.security.PluginSigningTool --plugin=%%i --authority=deltacv --key=%2
+)
diff --git a/tools/sign_output.sh b/tools/sign_output.sh
@@ -0,0 +1,14 @@
+# Check if required arguments are provided
+if [ -z "$1" ]; then
+  echo "Error: The path to the root project is required as the first argument."
+  exit 1
+fi
+
+if [ -z "$2" ]; then
+  echo "Error: The signing key is required as the second argument."
+  exit 1
+fi
+
+for i in EOCVSimPlugin/build/libs/*.jar; do
+  java -classpath "$1/tools/Common.jar" io.github.deltacv.eocvsim.plugin.security.PluginSigningTool --plugin=$i --authority=deltacv --key=$2
+done