Skip to content

Commit

Permalink
Improve mac signing (#810)
Browse files Browse the repository at this point in the history
  • Loading branch information
steelhead31 authored Sep 12, 2023
1 parent 6d6d7cd commit 56ec107
Showing 1 changed file with 48 additions and 12 deletions.
60 changes: 48 additions & 12 deletions pipelines/build/common/openjdk_build_pipeline.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,7 @@ class Build {

// Use BUILD_REF override if specified
vendorTestBranches = buildConfig.BUILD_REF ?: vendorTestBranches

try {
context.println 'Running smoke test'
context.stage('smoke test') {
Expand Down Expand Up @@ -332,10 +332,10 @@ class Build {
context.string(name: 'VENDOR_TEST_REPOS', value: vendorTestRepos),
context.string(name: 'VENDOR_TEST_BRANCHES', value: vendorTestBranches),
context.string(name: 'TIME_LIMIT', value: '1')
]
]
currentBuild.result = testJob.getResult()
return testJob.getResult()

}
} catch (Exception e) {
context.println "Failed to execute test: ${e.message}"
Expand All @@ -351,7 +351,7 @@ class Build {
def jdkBranch = getJDKBranch()
def jdkRepo = getJDKRepo()
def openj9Branch = (buildConfig.SCM_REF && buildConfig.VARIANT == 'openj9') ? buildConfig.SCM_REF : 'master'

List testList = buildConfig.TEST_LIST
List dynamicList = buildConfig.DYNAMIC_LIST
List numMachines = buildConfig.NUM_MACHINES
Expand Down Expand Up @@ -463,7 +463,7 @@ class Build {
wait: true
currentBuild.result = testJob.getResult()
context.node('worker') {
//Copy Taps files from downstream test jobs if files available.
//Copy Taps files from downstream test jobs if files available.
context.sh 'rm -f workspace/target/AQAvitTaps/*.tap'
try {
context.timeout(time: 2, unit: 'HOURS') {
Expand Down Expand Up @@ -543,7 +543,7 @@ class Build {
}
}

targets.each { targetMode, targetTests ->
targets.each { targetMode, targetTests ->
try {
context.println "Remote trigger: ${targetTests}"
remoteTargets["${targetTests}"] = {
Expand Down Expand Up @@ -1524,16 +1524,52 @@ class Build {
echo "Signing JMOD files"
TMP_DIR="${macos_base_path}/"
ENTITLEMENTS="$WORKSPACE/entitlements.plist"
MACSIGNSTRING="Apple Certification Authority"
FILES=$(find "${TMP_DIR}" -perm +111 -type f -o -name '*.dylib' -type f || find "${TMP_DIR}" -perm /111 -type f -o -name '*.dylib' -type f)
for f in $FILES
do
echo "Signing $f using Eclipse Foundation codesign service"
dir=$(dirname "$f")
file=$(basename "$f")
mv "$f" "${dir}/unsigned_${file}"
curl -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign
chmod --reference="${dir}/unsigned_${file}" "$f"
rm -rf "${dir}/unsigned_${file}"
curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign
echo File = "$f"
TESTMACSIGN=$(grep -ic "$MACSIGNSTRING" "$f")
echo Sign Result = "$TESTMACSIGN"
if [ "$TESTMACSIGN" -gt 0 ]
then
echo "Code Signed For File $f"
chmod --reference="${dir}/unsigned_${file}" "$f"
rm -rf "${dir}/unsigned_${file}"
else
max_iterations=20
iteration=1
success=false
echo "Code Not Signed For File $f"
while [ $iteration -le $max_iterations ] && [ $success = false ]; do
echo $iteration Of $max_iterations
sleep 1
curl --fail -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign
TESTMACSIGN2=$(grep -ic "$MACSIGNSTRING" "$f")
echo TESTMACSIGN2 = "$TESTMACSIGN2"
if [ "$TESTMACSIGN2" -gt 0 ]
then
echo "$f Signed OK On Attempt $iteration"
chmod --reference="${dir}/unsigned_${file}" "$f"
rm -rf "${dir}/unsigned_${file}"
success=true
else
echo "$f Failed Signing On Attempt $iteration"
success=false
iteration=$((iteration+1))
if [ $iteration -gt $max_iterations ]
then
echo "Errors Encountered During Signing"
exit 1
fi
fi
done
fi
done
'''
// groovylint-enable
Expand Down Expand Up @@ -1710,7 +1746,7 @@ class Build {
}
}

/*
/*
this function should only be used in pr-tester
*/
def updateGithubCommitStatus(STATE, MESSAGE) {
Expand Down Expand Up @@ -1762,7 +1798,7 @@ class Build {
context.println "Executing tests: ${buildConfig.TEST_LIST}"
context.println "Build num: ${env.BUILD_NUMBER}"
context.println "File name: ${filename}"

def enableReproducibleCompare = Boolean.valueOf(buildConfig.ENABLE_REPRODUCIBLE_COMPARE)
def enableTests = Boolean.valueOf(buildConfig.ENABLE_TESTS)
def enableInstallers = Boolean.valueOf(buildConfig.ENABLE_INSTALLERS)
Expand Down Expand Up @@ -1963,7 +1999,7 @@ class Build {
platform = 'x86-64_' + buildConfig.TARGET_OS
} else {
platform = buildConfig.ARCHITECTURE + '_' + buildConfig.TARGET_OS
}
}
if ( !(platform == 'riscv64_linux' || platform =='aarch64_windows') ) {
if ( !(buildConfig.JAVA_TO_BUILD == 'jdk8u' && platform == 's390x_linux') ) {
context.echo "Remote trigger Eclipse Temurin AQA_Test_Pipeline job with ${platform} ${buildConfig.JAVA_TO_BUILD}"
Expand Down

0 comments on commit 56ec107

Please sign in to comment.