forked from ing-bank/baker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-release.yaml
66 lines (56 loc) · 1.86 KB
/
azure-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
trigger:
batch: true
branches:
include:
- master
pool:
vmImage: 'ubuntu-latest'
variables:
- group: SonaTypeCredentials
- group: gpg key
- group: github_token
steps:
- task: DownloadSecureFile@1
name: pubring
inputs:
secureFile: pubring.asc
- task: DownloadSecureFile@1
name: secring
inputs:
secureFile: secring.asc
- task: Bash@3
displayName: 'Build, sign and publish'
inputs:
targetType: 'inline'
script: |
export SourceBranchName=`echo "$(Build.SourceBranch)" | cut -b 12-` # cuts the first 12 characters, namely "refs/heads/"
echo "Will build on branch $SourceBranchName."
echo $(tty)
ls -la $(pubring.secureFilePath)
ls -la $(secring.secureFilePath)
mkdir ~/.gnupg
chmod -R 700 ~/.gnupg
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
gpg --import $(pubring.secureFilePath)
gpg --batch --import $(secring.secureFilePath)
gpg --version
gpg --list-keys
gpg --list-secret-keys
git checkout "$SourceBranchName"
git config --global user.email "bakery-release@github.com"
git config --global user.name "baker release pipeline"
git remote set-url origin "https://${GIT_AUTH_USER}:${GIT_AUTH_TOKEN}@github.com/ing-bank/baker"
sbt -Divy.home=${IVY_HOME} -Dsbt.ivy.home=${IVY_HOME} "release cross with-defaults"
rm -rf $(pubring.secureFilePath)
rm -rf $(secring.secureFilePath)
rm -rf ~/.gnupg
env:
# secrets must be extracted explicitly
USERNAME: $(username)
PASSWORD: $(password)
# passphrase will be passed to sbt plugin from here
PGP_PASSPHRASE: $(gpg key)
# neeeded for gpg to work on headless azure agents
GPG_TTY: /dev/pts/0
GIT_AUTH_USER: $(github_user)
GIT_AUTH_TOKEN: $(github_token)