diff --git a/README.md b/README.md index e00bdb921..3d1fd5645 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,9 @@ lib = library(identifier: 'jenkins@', retriever: modernSCM([ | [standardReleasePipelineWithGenericTrigger.groovy](./vars/standardReleasePipelineWithGenericTrigger.groovy) | A standard release pipeline for OpenSearch projects including generic triggers. A tag or a draft release can be used as a trigger using this library. The defaults are all set to trigger via a draft release. If the release is successful, the release can be published by using right params.. Check how to use the [default](./tests/jenkins/jobs/StandardReleasePipelineWithGenericTriggers_Jenkinsfile) in your workflow and how to [overide](./tests/jenkins/jobs/StandardReleasePipelineWithGenericTriggersTag_Jenkinsfile) values. | | [publishToNpm.groovy](./vars/publishToNpm.groovy) | A library to publish artifacts to [NPM registry](https://www.npmjs.com/) under @opensearch-project namespace. You can use [PublishToNpmLibTester](./tests/jenkins/lib-testers/PublishToNpmLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToNpm_Jenkinsfile). | | [publishToPyPi.groovy](./vars/publishToPyPi.groovy) | A library to publish artifacts to [PyPi registry](https://pypi.org/) with [OpenSearch](https://pypi.org/user/OpenSearch/) as the maintainer. This library takes care of signing the artifacts before publishing. You can use [PublishToPyPiLibTester](./tests/jenkins/lib-testers/PublishToPyPiLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToPyPi_Jenkinsfile). | -| [publishToRubyGems.groovy](./vars/publishToRubyGems.groovy) | A library to publish gems to [rubygems.org](https://rubygems.org/) with [opensearchproject](https://rubygems.org/profiles/opensearchproject) as the owner. Please note that this library expects the gems provided to be signed. You can use [PublishToRubyGemsLibTester](./tests/jenkins/lib-testers/PublishToRubyGemsLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToRubyGems_JenkinsFile). | +| [publishToRubyGems.groovy](./vars/publishToRubyGems.groovy) | A library to publish gems to [rubygems.org](https://rubygems.org/) with [opensearchproject](https://rubygems.org/profiles/opensearchproject) as the owner. Please note that this library expects the gems to be pre-signed. You can use [PublishToRubyGemsLibTester](./tests/jenkins/lib-testers/PublishToRubyGemsLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToRubyGems_JenkinsFile). | | [publishToMaven.groovy](./vars/publishToMaven.groovy) | A library to sign and deploy opensearch maven artifacts to sonatype staging repository, it also has an optional parameter `autoPublish` to auto-release artifacts from staging repo to prod without manual intervention. You can use [PublishToMavenLibTester](./tests/jenkins/lib-testers/PublishToMavenLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToMaven_JenkinsFile). | - +| [publishToNuget.groovy](./vars/publishToNuget.groovy) | A library to build, sign and publish dotnet artifacts to [Nuget Gallery](https://www.nuget.org/). Please check if the [default docker](https://github.com/opensearch-project/opensearch-build/blob/main/docker/ci/dockerfiles/current/release.centos.clients.x64.arm64.dockerfile) file contains the required dotnet sdk. You can use [PublishToNugetLibTester](./tests/jenkins/lib-testers/PublishToNugetLibTester.groovy) to add tests in your repository. See how to use the lib in your [jenkinsFile](./tests/jenkins/jobs/PublishToNuget_Jenkinsfile). ## Contributing diff --git a/tests/jenkins/TestPromoteLinuxArtifacts.groovy b/tests/jenkins/TestPromoteLinuxArtifacts.groovy index 5278c6658..6d087fc8b 100644 --- a/tests/jenkins/TestPromoteLinuxArtifacts.groovy +++ b/tests/jenkins/TestPromoteLinuxArtifacts.groovy @@ -41,6 +41,7 @@ class TestPromoteLinuxArtifacts extends BuildPipelineTest { binding.setVariable('DISTRIBUTION_PLATFORM', 'linux') binding.setVariable('DISTRIBUTION_ARCHITECTURE', 'x64') binding.setVariable('WORKSPACE', 'tests/jenkins') + helper.addFileExistsMock('tests/jenkins/sign.sh', true) binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') def configs = ["role": "dummy_role", "external_id": "dummy_ID", diff --git a/tests/jenkins/TestPromoteWindowsArtifacts.groovy b/tests/jenkins/TestPromoteWindowsArtifacts.groovy index 7e292f831..8cfc2290b 100644 --- a/tests/jenkins/TestPromoteWindowsArtifacts.groovy +++ b/tests/jenkins/TestPromoteWindowsArtifacts.groovy @@ -33,6 +33,7 @@ class TestPromoteWindowsArtifacts extends BuildPipelineTest { binding.setVariable('DISTRIBUTION_ARCHITECTURE', 'x64') binding.setVariable('DISTRIBUTION_NAME', 'zip') binding.setVariable('WORKSPACE', 'tests/jenkins') + helper.addFileExistsMock('tests/jenkins/sign.sh', true) binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') def configs = ["role": "dummy_role", "external_id": "dummy_ID", diff --git a/tests/jenkins/TestPromoteYumRepos.groovy b/tests/jenkins/TestPromoteYumRepos.groovy index 743c534db..47222167f 100644 --- a/tests/jenkins/TestPromoteYumRepos.groovy +++ b/tests/jenkins/TestPromoteYumRepos.groovy @@ -27,6 +27,7 @@ class TestPromoteYumRepos extends BuildPipelineTest { "unsigned_bucket": "dummy_unsigned_bucket", "signed_bucket": "dummy_signed_bucket"] binding.setVariable('configs', configs) + helper.addFileExistsMock('/tmp/workspace/sign.sh', true) helper.registerAllowedMethod("readJSON", [Map.class], {c -> configs}) helper.registerAllowedMethod("git", [Map]) helper.registerAllowedMethod("withCredentials", [Map, Closure], { args, closure -> diff --git a/tests/jenkins/TestPublishToNuget.groovy b/tests/jenkins/TestPublishToNuget.groovy new file mode 100644 index 000000000..06228ae36 --- /dev/null +++ b/tests/jenkins/TestPublishToNuget.groovy @@ -0,0 +1,72 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +package jenkins.tests + +import jenkins.tests.BuildPipelineTest +import static com.lesfurets.jenkins.unit.MethodCall.callArgsToString +import static org.hamcrest.CoreMatchers.hasItem +import static org.hamcrest.CoreMatchers.hasItems +import static org.hamcrest.MatcherAssert.assertThat +import org.junit.Before +import org.junit.Test + +class TestPublishToNuget extends BuildPipelineTest { + @Override + @Before + void setUp() { + + this.registerLibTester(new PublishToNugetLibTester( + 'https://github.com/opensearch-project/opensearch-net', + '1.2.0', + 'net-api-key', + 'test-solution-file.sln')) + super.setUp() + } + + @Test + public void test() { + super.testPipeline("tests/jenkins/jobs/PublishToNuget_Jenkinsfile") + } + + @Test + void 'verify build command'(){ + runScript('tests/jenkins/jobs/PublishToNuget_Jenkinsfile') + + def buildCommands = getShellCommands('build') + assertThat(buildCommands, hasItem('\n dotnet build /tmp/workspace/test-solution-file.sln --configuration Release\n find src -name OpenSearch*.dll>/tmp/workspace/dlls.txt\n ')) + } + + @Test + void 'verify_pack_command'(){ + runScript('tests/jenkins/jobs/PublishToNuget_Jenkinsfile') + def packCommand = getShellCommands('pack') + assertThat(packCommand, hasItem('\n dotnet pack /tmp/workspace/test-solution-file.sln --configuration Release --no-build\n for package in `find src -name OpenSearch*.nupkg`\n do\n dotnet nuget push $package --api-key API_KEY --source https://api.nuget.org/v3/index.json\n done\n ')) + } + + @Test + void 'verify_signer_call'(){ + runScript('tests/jenkins/jobs/PublishToNuget_Jenkinsfile') + def signcommand = getShellCommands('sign.sh') + assertThat(signcommand, hasItems('\n #!/bin/bash\n set +x\n export ROLE=SIGNER_WINDOWS_ROLE\n export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET\n export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER\n export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER\n\n /tmp/workspace/opensearch-build/sign.sh one.dll --platform windows --overwrite \n ', + '\n #!/bin/bash\n set +x\n export ROLE=SIGNER_WINDOWS_ROLE\n export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET\n export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER\n export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER\n\n /tmp/workspace/opensearch-build/sign.sh two.dll --platform windows --overwrite \n ', + '\n #!/bin/bash\n set +x\n export ROLE=SIGNER_WINDOWS_ROLE\n export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID\n export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET\n export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET\n export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER\n export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER\n\n /tmp/workspace/opensearch-build/sign.sh three.dll --platform windows --overwrite \n ')) + } + + def getShellCommands(searchString) { + def shCommands = helper.callStack.findAll { call -> + call.methodName == 'sh' + }.collect { call -> + callArgsToString(call) + }.findAll { command -> + command.contains(searchString) + } + return shCommands + } +} diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt index 6a5527624..d8aabf1b3 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt index 2d52e2f74..8199c3e36 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_Jenkinsfile_Windows.txt.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt index bf7f907aa..b979a1e0d 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt index b362cb170..84623bb25 100644 --- a/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifactsQualifier_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt index 5d196ccd7..6fb474636 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile.txt @@ -39,7 +39,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/artifacts/tar/vars-build/1.3.0/33/linux/x64/tar/builds/opensearch/core-plugins}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) @@ -68,7 +67,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt index baa5436f7..1645274c4 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_Jenkinsfile_Windows.txt.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt index 3a2e4ff36..381e439bf 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt index ca3dfcf7e..e39f76b37 100644 --- a/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt +++ b/tests/jenkins/jobs/PromoteArtifacts_actions_OpenSearch_Dashboards_Jenkinsfile_Windows.txt.txt @@ -36,7 +36,6 @@ createSignatureFiles.signArtifacts({sigtype=.sig, artifactPath=tests/jenkins/tests/jenkins/file/found.zip}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(tests/jenkins/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt index e223c98bb..f15dfe489 100644 --- a/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PromoteYumRepos_Jenkinsfile.txt @@ -46,7 +46,6 @@ promoteYumRepos.signArtifacts({artifactPath=/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom, sigtype=.sig, platform=linux}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt index 4ffead461..db8759004 100644 --- a/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToMavenManifestYml_Jenkinsfile.txt @@ -203,7 +203,6 @@ fi publishToMaven.signArtifacts({artifactPath=/path/to/signing/manifest.yml, type=maven, platform=linux, sigtype=.asc}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt index c66d587a7..e31c736d9 100644 --- a/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToMaven_Jenkinsfile.txt @@ -203,7 +203,6 @@ fi publishToMaven.signArtifacts({artifactPath=/path/to/signing, type=maven, platform=linux, sigtype=.asc}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PublishToNuget_Jenkinsfile b/tests/jenkins/jobs/PublishToNuget_Jenkinsfile new file mode 100644 index 000000000..3ad1d5c15 --- /dev/null +++ b/tests/jenkins/jobs/PublishToNuget_Jenkinsfile @@ -0,0 +1,26 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +pipeline { + agent none + stages { + stage('publishToNuget') { + steps { + script { + publishToNuget( + repository: 'https://github.com/opensearch-project/opensearch-net', + tag: '1.2.0', + apiKeyCredentialId: 'net-api-key', + solutionFilePath: 'test-solution-file.sln' + ) + } + } + } + } +} diff --git a/tests/jenkins/jobs/PublishToNuget_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToNuget_Jenkinsfile.txt new file mode 100644 index 000000000..bd72853db --- /dev/null +++ b/tests/jenkins/jobs/PublishToNuget_Jenkinsfile.txt @@ -0,0 +1,101 @@ + PublishToNuget_Jenkinsfile.run() + PublishToNuget_Jenkinsfile.pipeline(groovy.lang.Closure) + PublishToNuget_Jenkinsfile.echo(Executing on agent [label:none]) + PublishToNuget_Jenkinsfile.stage(publishToNuget, groovy.lang.Closure) + PublishToNuget_Jenkinsfile.script(groovy.lang.Closure) + PublishToNuget_Jenkinsfile.publishToNuget({repository=https://github.com/opensearch-project/opensearch-net, tag=1.2.0, apiKeyCredentialId=net-api-key, solutionFilePath=test-solution-file.sln}) + publishToNuget.legacySCM(groovy.lang.Closure) + publishToNuget.library({identifier=jenkins@main, retriever=null}) + publishToNuget.checkout({$class=GitSCM, branches=[{name=1.2.0}], userRemoteConfigs=[{url=https://github.com/opensearch-project/opensearch-net}]}) + publishToNuget.sh( + dotnet build /tmp/workspace/test-solution-file.sln --configuration Release + find src -name OpenSearch*.dll>/tmp/workspace/dlls.txt + ) + publishToNuget.readFile({file=/tmp/workspace/dlls.txt}) + publishToNuget.signArtifacts({artifactPath=one.dll , platform=windows, overwrite=true}) + signArtifacts.echo(PGP or Windows Signature Signing) + signArtifacts.fileExists(/tmp/workspace/sign.sh) + signArtifacts.dir(opensearch-build, groovy.lang.Closure) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.string({credentialsId=jenkins-signer-windows-role, variable=SIGNER_WINDOWS_ROLE}) + signArtifacts.string({credentialsId=jenkins-signer-windows-external-id, variable=SIGNER_WINDOWS_EXTERNAL_ID}) + signArtifacts.string({credentialsId=jenkins-signer-windows-unsigned-bucket, variable=SIGNER_WINDOWS_UNSIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-signed-bucket, variable=SIGNER_WINDOWS_SIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-profile-identifier, variable=SIGNER_WINDOWS_PROFILE_IDENTIFIER}) + signArtifacts.string({credentialsId=jenkins-signer-windows-platform-identifier, variable=SIGNER_WINDOWS_PLATFORM_IDENTIFIER}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], SIGNER_WINDOWS_ROLE, SIGNER_WINDOWS_EXTERNAL_ID, SIGNER_WINDOWS_UNSIGNED_BUCKET, SIGNER_WINDOWS_SIGNED_BUCKET, SIGNER_WINDOWS_PROFILE_IDENTIFIER, SIGNER_WINDOWS_PLATFORM_IDENTIFIER], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=SIGNER_WINDOWS_ROLE + export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID + export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET + export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET + export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER + export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER + + /tmp/workspace/opensearch-build/sign.sh one.dll --platform windows --overwrite + ) + publishToNuget.signArtifacts({artifactPath= two.dll , platform=windows, overwrite=true}) + signArtifacts.echo(PGP or Windows Signature Signing) + signArtifacts.fileExists(/tmp/workspace/sign.sh) + signArtifacts.dir(opensearch-build, groovy.lang.Closure) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.string({credentialsId=jenkins-signer-windows-role, variable=SIGNER_WINDOWS_ROLE}) + signArtifacts.string({credentialsId=jenkins-signer-windows-external-id, variable=SIGNER_WINDOWS_EXTERNAL_ID}) + signArtifacts.string({credentialsId=jenkins-signer-windows-unsigned-bucket, variable=SIGNER_WINDOWS_UNSIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-signed-bucket, variable=SIGNER_WINDOWS_SIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-profile-identifier, variable=SIGNER_WINDOWS_PROFILE_IDENTIFIER}) + signArtifacts.string({credentialsId=jenkins-signer-windows-platform-identifier, variable=SIGNER_WINDOWS_PLATFORM_IDENTIFIER}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], SIGNER_WINDOWS_ROLE, SIGNER_WINDOWS_EXTERNAL_ID, SIGNER_WINDOWS_UNSIGNED_BUCKET, SIGNER_WINDOWS_SIGNED_BUCKET, SIGNER_WINDOWS_PROFILE_IDENTIFIER, SIGNER_WINDOWS_PLATFORM_IDENTIFIER], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=SIGNER_WINDOWS_ROLE + export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID + export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET + export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET + export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER + export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER + + /tmp/workspace/opensearch-build/sign.sh two.dll --platform windows --overwrite + ) + publishToNuget.signArtifacts({artifactPath= three.dll, platform=windows, overwrite=true}) + signArtifacts.echo(PGP or Windows Signature Signing) + signArtifacts.fileExists(/tmp/workspace/sign.sh) + signArtifacts.dir(opensearch-build, groovy.lang.Closure) + signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) + signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) + signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) + signArtifacts.string({credentialsId=jenkins-signer-windows-role, variable=SIGNER_WINDOWS_ROLE}) + signArtifacts.string({credentialsId=jenkins-signer-windows-external-id, variable=SIGNER_WINDOWS_EXTERNAL_ID}) + signArtifacts.string({credentialsId=jenkins-signer-windows-unsigned-bucket, variable=SIGNER_WINDOWS_UNSIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-signed-bucket, variable=SIGNER_WINDOWS_SIGNED_BUCKET}) + signArtifacts.string({credentialsId=jenkins-signer-windows-profile-identifier, variable=SIGNER_WINDOWS_PROFILE_IDENTIFIER}) + signArtifacts.string({credentialsId=jenkins-signer-windows-platform-identifier, variable=SIGNER_WINDOWS_PLATFORM_IDENTIFIER}) + signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], SIGNER_WINDOWS_ROLE, SIGNER_WINDOWS_EXTERNAL_ID, SIGNER_WINDOWS_UNSIGNED_BUCKET, SIGNER_WINDOWS_SIGNED_BUCKET, SIGNER_WINDOWS_PROFILE_IDENTIFIER, SIGNER_WINDOWS_PLATFORM_IDENTIFIER], groovy.lang.Closure) + signArtifacts.sh( + #!/bin/bash + set +x + export ROLE=SIGNER_WINDOWS_ROLE + export EXTERNAL_ID=SIGNER_WINDOWS_EXTERNAL_ID + export UNSIGNED_BUCKET=SIGNER_WINDOWS_UNSIGNED_BUCKET + export SIGNED_BUCKET=SIGNER_WINDOWS_SIGNED_BUCKET + export PROFILE_IDENTIFIER=SIGNER_WINDOWS_PROFILE_IDENTIFIER + export PLATFORM_IDENTIFIER=SIGNER_WINDOWS_PLATFORM_IDENTIFIER + + /tmp/workspace/opensearch-build/sign.sh three.dll --platform windows --overwrite + ) + publishToNuget.string({credentialsId=net-api-key, variable=API_KEY}) + publishToNuget.withCredentials([API_KEY], groovy.lang.Closure) + publishToNuget.sh( + dotnet pack /tmp/workspace/test-solution-file.sln --configuration Release --no-build + for package in `find src -name OpenSearch*.nupkg` + do + dotnet nuget push $package --api-key API_KEY --source https://api.nuget.org/v3/index.json + done + ) diff --git a/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt index 0339144fb..fad69a21a 100644 --- a/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToPyPiWithDir_Jenkinsfile.txt @@ -9,7 +9,6 @@ publishToPyPi.signArtifacts({artifactPath=/tmp/workspace/test, sigtype=.asc, platform=linux}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt index e8c9b141b..2adfd5df5 100644 --- a/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt +++ b/tests/jenkins/jobs/PublishToPyPi_Jenkinsfile.txt @@ -9,7 +9,6 @@ publishToPyPi.signArtifacts({artifactPath=/tmp/workspace/dist, sigtype=.asc, platform=linux}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) diff --git a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt index d6c0911e0..13b178810 100644 --- a/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt +++ b/tests/jenkins/jobs/SignArtifacts_Jenkinsfile.txt @@ -6,7 +6,6 @@ SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/artifacts, sigtype=.sig, platform=linux}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) @@ -107,7 +106,6 @@ SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/file.yml, platform=linux, type=maven}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) @@ -128,7 +126,6 @@ SignArtifacts_Jenkinsfile.signArtifacts({artifactPath=/tmp/workspace/the_msi.msi, platform=windows, overwrite=true}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) - signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-windows-role, variable=SIGNER_WINDOWS_ROLE}) diff --git a/tests/jenkins/lib-testers/PublishToMavenLibTester.groovy b/tests/jenkins/lib-testers/PublishToMavenLibTester.groovy index 19b9827c5..8d2651053 100644 --- a/tests/jenkins/lib-testers/PublishToMavenLibTester.groovy +++ b/tests/jenkins/lib-testers/PublishToMavenLibTester.groovy @@ -28,6 +28,7 @@ class PublishToMavenLibTester extends LibFunctionTester { binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') binding.setVariable('WORKSPACE', 'workspace') helper.registerAllowedMethod('git', [Map]) + helper.addFileExistsMock('workspace/sign.sh', true) helper.registerAllowedMethod('withCredentials', [Map, Closure], { args, closure -> closure.delegate = delegate return helper.callClosure(closure) diff --git a/tests/jenkins/lib-testers/PublishToNugetLibTester.groovy b/tests/jenkins/lib-testers/PublishToNugetLibTester.groovy new file mode 100644 index 000000000..07b90356b --- /dev/null +++ b/tests/jenkins/lib-testers/PublishToNugetLibTester.groovy @@ -0,0 +1,54 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ +import static org.hamcrest.CoreMatchers.notNullValue +import static org.hamcrest.MatcherAssert.assertThat + +class PublishToNugetLibTester extends LibFunctionTester { + + private String repository + private String tag + private String apiKeyCredentialId + private String solutionFilePath + + public PublishToNugetLibTester(repository, tag, apiKeyCredentialId, solutionFilePath) { + this.repository = repository + this.tag = tag + this.apiKeyCredentialId = apiKeyCredentialId + this.solutionFilePath = solutionFilePath + } + + void configure(helper, binding){ + helper.registerAllowedMethod("checkout", [Map], {}) + binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') + helper.registerAllowedMethod('git', [Map]) + helper.addFileExistsMock('/tmp/workspace/sign.sh', false) + helper.addReadFileMock('/tmp/workspace/dlls.txt', 'one.dll \n two.dll \n three.dll') + helper.registerAllowedMethod("withCredentials", [Map, Closure], { args, closure -> + closure.delegate = delegate + return helper.callClosure(closure) + }) + } + void parameterInvariantsAssertions(call){ + assertThat(call.args.repository.first(), notNullValue()) + assertThat(call.args.tag.first(), notNullValue()) + assertThat(call.args.apiKeyCredentialId.first(), notNullValue()) + assertThat(call.args.solutionFilePath.first(), notNullValue()) + } + + boolean expectedParametersMatcher(call) { + return call.args.repository.first().toString().equals(this.repository) + && call.args.tag.first().toString().equals(this.tag) + && call.args.apiKeyCredentialId.first().toString().equals(this.apiKeyCredentialId) + && call.args.solutionFilePath.first().toString().equals(this.solutionFilePath) + } + + String libFunctionName() { + return 'publishToNuget' + } +} diff --git a/tests/jenkins/lib-testers/PublishToPyPiLibTester.groovy b/tests/jenkins/lib-testers/PublishToPyPiLibTester.groovy index 6553477ab..a9c1ca6c6 100644 --- a/tests/jenkins/lib-testers/PublishToPyPiLibTester.groovy +++ b/tests/jenkins/lib-testers/PublishToPyPiLibTester.groovy @@ -26,6 +26,7 @@ class PublishToPyPiLibTester extends LibFunctionTester { void configure(helper, binding){ binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') helper.registerAllowedMethod("git", [Map]) + helper.addFileExistsMock('/tmp/workspace/sign.sh', true) helper.registerAllowedMethod("withCredentials", [Map]) } void parameterInvariantsAssertions(call){ diff --git a/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy b/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy index 10071d388..5f2454065 100644 --- a/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy +++ b/tests/jenkins/lib-testers/SignArtifactsLibTester.groovy @@ -39,6 +39,7 @@ class SignArtifactsLibTester extends LibFunctionTester { void configure(helper, binding) { binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name') helper.registerAllowedMethod('git', [Map]) + helper.addFileExistsMock('/tmp/workspace/sign.sh', true) helper.registerAllowedMethod('withCredentials', [Map, Closure], { args, closure -> closure.delegate = delegate return helper.callClosure(closure) diff --git a/vars/publishToNuget.groovy b/vars/publishToNuget.groovy new file mode 100644 index 000000000..dfaa01dfd --- /dev/null +++ b/vars/publishToNuget.groovy @@ -0,0 +1,43 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +/** Library to publish artifacts to Nuget +@param Map args = [:] args A map of the following parameters +@param args.repository - Repository to build the nupkg packages +@param args.tag - Tag reference to be used to publish the artifact +@param args.apiKeyCredentialId - Jenkins Credential ID for API key +@param args.solutionFilePath - Solution File path used to build artifacts +*/ + + +void call(Map args = [:]) { + lib = library(identifier: 'jenkins@main', retriever: legacySCM(scm)) + checkout([$class: 'GitSCM', branches: [[name: "${args.tag}" ]], userRemoteConfigs: [[url: "${args.repository}" ]]]) + sh """ + dotnet build ${WORKSPACE}/${args.solutionFilePath} --configuration Release + find src -name OpenSearch*.dll>${WORKSPACE}/dlls.txt + """ + dlls = readFile(file: "${WORKSPACE}/dlls.txt").readLines() + dlls.each { item -> + signArtifacts( + artifactPath: item, + platform: 'windows', + overwrite: true + ) + } + withCredentials([string(credentialsId: "${args.apiKeyCredentialId}", variable: 'API_KEY')]) { + sh """ + dotnet pack ${WORKSPACE}/${args.solutionFilePath} --configuration Release --no-build + for package in `find src -name OpenSearch*.nupkg` + do + dotnet nuget push \$package --api-key ${API_KEY} --source https://api.nuget.org/v3/index.json + done + """ + } +} diff --git a/vars/signArtifacts.groovy b/vars/signArtifacts.groovy index 2740c37a0..14b9e5ea4 100644 --- a/vars/signArtifacts.groovy +++ b/vars/signArtifacts.groovy @@ -100,10 +100,14 @@ void call(Map args = [:]) { } } else { + String workdir = "${WORKSPACE}" echo 'PGP or Windows Signature Signing' if (!fileExists("$WORKSPACE/sign.sh")) { - git url: 'https://github.com/opensearch-project/opensearch-build.git', branch: 'main' + dir('opensearch-build') { + git url: 'https://github.com/opensearch-project/opensearch-build.git', branch: 'main' + workdir = "${WORKSPACE}/opensearch-build" + } } importPGPKey() @@ -130,7 +134,7 @@ void call(Map args = [:]) { export PROFILE_IDENTIFIER=$SIGNER_WINDOWS_PROFILE_IDENTIFIER export PLATFORM_IDENTIFIER=$SIGNER_WINDOWS_PLATFORM_IDENTIFIER - $WORKSPACE/sign.sh ${arguments} + ${workdir}/sign.sh ${arguments} """ } } @@ -148,7 +152,7 @@ void call(Map args = [:]) { export UNSIGNED_BUCKET=$SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=$SIGNER_CLIENT_SIGNED_BUCKET - $WORKSPACE/sign.sh ${arguments} + ${workdir}/sign.sh ${arguments} """ } }