Commit d47491fb authored by Denis Konovalyenko's avatar Denis Konovalyenko

The encrypted signing key used.

parent 61d9dea3
...@@ -36,7 +36,7 @@ variables: ...@@ -36,7 +36,7 @@ variables:
MAVEN_IMAGE: "maven:3.5.4-jdk-8" MAVEN_IMAGE: "maven:3.5.4-jdk-8"
BASH_CURL_IMAGE: "cosmintitei/bash-curl:latest" BASH_CURL_IMAGE: "cosmintitei/bash-curl:latest"
MAVEN_CLI_OPTS: "--settings ${CI_GITLAB_PATH}/.m2/settings.xml --batch-mode --errors --show-version" MAVEN_CLI_OPTS: "--settings ${CI_GITLAB_PATH}/.m2/settings.xml --batch-mode --errors --show-version"
# OPENSSL_CLI_OPTS: "enc aes-256-cbc -K ${OPENSSL_ENC_KEY} -iv ${OPENSSL_ENC_IV}" OPENSSL_CLI_OPTS: "enc -aes-256-cbc -K ${OPENSSL_ENC_KEY} -iv ${OPENSSL_ENC_IV}"
GPG_CONF: ".gnupg/gpg.conf" GPG_CONF: ".gnupg/gpg.conf"
GPG_AGENT_CONF: ".gnupg/gpg-agent.conf" GPG_AGENT_CONF: ".gnupg/gpg-agent.conf"
# TODO: adjust the line below to refer to the appropriate Okapi project ID. # TODO: adjust the line below to refer to the appropriate Okapi project ID.
...@@ -65,10 +65,8 @@ verification: ...@@ -65,10 +65,8 @@ verification:
- ${HOME}/target/ - ${HOME}/target/
policy: pull policy: pull
script: script:
# TODO: make a decision on whether we are going to push to the repo the encrypted gpg key and decrypt it before importing. - openssl ${OPENSSL_CLI_OPTS} -d -in ${CI_GITLAB_PATH}/code-signing-key.asc.enc -out ${CI_GITLAB_PATH}/code-signing-key.asc
# - openssl ${OPENSSL_CLI_OPTS} -d -in ${CI_GITLAB_PATH}/code-signing-key.asc.enc -out ${CI_GITLAB_PATH}/code-signing-key.asc - gpg --batch --import ${CI_GITLAB_PATH}/code-signing-key.asc
# - gpg --fast-import ${CI_GITLAB_PATH}/code-signing-key.asc
- echo "${GPG_KEY}" | gpg --batch --armor --import
- echo "use-agent" > ${HOME}/{GPG_CONF} - echo "use-agent" > ${HOME}/{GPG_CONF}
- echo "pinentry-mode loopback" >> ${HOME}/${GPG_CONF} - echo "pinentry-mode loopback" >> ${HOME}/${GPG_CONF}
- echo "allow-loopback-pinentry" > ${HOME}/${GPG_AGENT_CONF} - echo "allow-loopback-pinentry" > ${HOME}/${GPG_AGENT_CONF}
......
...@@ -99,6 +99,8 @@ The following secret variables have to be declared under ...@@ -99,6 +99,8 @@ The following secret variables have to be declared under
`MAVEN_REPO_PASS`: sonatype user's password `MAVEN_REPO_PASS`: sonatype user's password
`GPG_KEY`: the key for code signing (base64-encoded) `OPENSSL_ENC_KEY`: the OpenSSL key for decoding the code signing key
`OPENSSL_ENC_IV`: the OpenSSL initialisation vector for decoding the code signing key
`GPG_PASSPHRASE`: the pass-phrase for the code signing key `GPG_PASSPHRASE`: the pass-phrase for the code signing key
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment