github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-27 09:00:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Build] Setup artifact signing for maven aggregation content (#130179)

Browse source 
Maven central expects signed artifacts when publishing
This commit is contained in:
Rene Groeschke 2025-06-27 14:24:10 +02:00 committed by GitHub
parent 2d38751fe7
commit 599560234f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.buildkite/hooks/pre-command
View file

@ -64,6 +64,14 @@ if [[ "${USE_LUCENE_SNAPSHOT_CREDS:-}" == "true" ]]; then
unset data
fi
if [[ "${USE_MAVEN_GPG:-}" == "true" ]]; then
vault_path="kv/ci-shared/release-eng/team-release-secrets/es-delivery/gpg"
ORG_GRADLE_PROJECT_signingKey=$(vault kv get --field="private_key" $vault_path)
ORG_GRADLE_PROJECT_signingPassword=$(vault kv get --field="passphase" $vault_path)
export ORG_GRADLE_PROJECT_signingKey
export ORG_GRADLE_PROJECT_signingPassword
fi
if [[ "${USE_DRA_CREDENTIALS:-}" == "true" ]]; then
DRA_VAULT_ROLE_ID_SECRET=$(vault read -field=role-id secret/ci/elastic-elasticsearch/legacy-vault-credentials)
export DRA_VAULT_ROLE_ID_SECRET

1
.buildkite/pipelines/dra-workflow.yml
View file

@ -2,6 +2,7 @@ steps:
- command: .buildkite/scripts/dra-workflow.sh
env:
USE_DRA_CREDENTIALS: "true"
USE_MAVEN_GPG: "true"
USE_PROD_DOCKER_CREDENTIALS: "true"
agents:
provider: gcp

13
build-conventions/src/main/java/org/elasticsearch/gradle/internal/conventions/PublishPlugin.java
View file

@ -10,12 +10,11 @@
package org.elasticsearch.gradle.internal.conventions;
import groovy.util.Node;
import nmcp.NmcpPlugin;
import com.github.jengelman.gradle.plugins.shadow.ShadowExtension;
import com.github.jengelman.gradle.plugins.shadow.ShadowPlugin;
import nmcp.NmcpPlugin;
import org.elasticsearch.gradle.internal.conventions.info.GitInfo;
import org.elasticsearch.gradle.internal.conventions.precommit.PomValidationPrecommitPlugin;
import org.elasticsearch.gradle.internal.conventions.util.Util;
@ -41,6 +40,8 @@ import org.gradle.api.tasks.SourceSet;
import org.gradle.api.tasks.bundling.Jar;
import org.gradle.initialization.layout.BuildLayout;
import org.gradle.language.base.plugins.LifecycleBasePlugin;
import org.gradle.plugins.signing.SigningExtension;
import org.gradle.plugins.signing.SigningPlugin;
import org.w3c.dom.Element;
import java.io.File;
@ -69,6 +70,7 @@ public class PublishPlugin implements Plugin<Project> {
project.getPluginManager().apply(PomValidationPrecommitPlugin.class);
project.getPluginManager().apply(LicensingPlugin.class);
project.getPluginManager().apply(NmcpPlugin.class);
project.getPluginManager().apply(SigningPlugin.class);
configureJavadocJar(project);
configureSourcesJar(project);
configurePomGeneration(project);
@ -79,6 +81,13 @@ public class PublishPlugin implements Plugin<Project> {
private void configurePublications(Project project) {
var publishingExtension = project.getExtensions().getByType(PublishingExtension.class);
var publication = publishingExtension.getPublications().create("elastic", MavenPublication.class);
Provider<String> signingKey = project.getProviders().gradleProperty("signingKey");
if (signingKey.isPresent()) {
SigningExtension signing = project.getExtensions().getByType(SigningExtension.class);
signing.useInMemoryPgpKeys(signingKey.get(), project.getProviders().gradleProperty("signingPassword").get());
signing.sign(publication);
}
project.afterEvaluate(project1 -> {
if (project1.getPlugins().hasPlugin(ShadowPlugin.class)) {
configureWithShadowPlugin(project1, publication);