[neon/ubuntu-core/Neon/ci_build_iso] debian: add the necessary gpg infra stuff
Carlos De Maine
null at kde.org
Mon Aug 12 13:08:38 BST 2024
Git commit 4f2161b8decbc7d73fef5dd676127ecf20aa787b by Carlos De Maine.
Committed on 12/08/2024 at 12:08.
Pushed by carlosdem into branch 'Neon/ci_build_iso'.
add the necessary gpg infra stuff
M +17 -0 debian/neon-core-image-dangerous-iso.yml
M +27 -0 debian/neon-core-image-signed-iso.yml
https://invent.kde.org/neon/ubuntu-core/-/commit/4f2161b8decbc7d73fef5dd676127ecf20aa787b
diff --git a/debian/neon-core-image-dangerous-iso.yml b/debian/neon-core-image-dangerous-iso.yml
index fa47168..4bdba83 100644
--- a/debian/neon-core-image-dangerous-iso.yml
+++ b/debian/neon-core-image-dangerous-iso.yml
@@ -17,6 +17,23 @@ neon_core_image_dangerous:
- Snap
interruptible: true
script:
+ script:
+ # Prepare the Snap specific GnuPG workspace
+ - rm -rf $HOME/.snap/gnupg/
+ - mkdir -p -m 0700 $HOME/.snap/gnupg/
+ - mkdir -p -m 0700 $HOME/.snap/gnupg/private-keys-v1.d/
+ # export it as a env var so the import commands below work on it...
+ - export GNUPGHOME=$HOME/.snap/gnupg/
+ # feed snap's gpg the required key
+ - echo $SNAP_GPG_PRIVATE_KEY | base64 --decode | gpg --batch --import
+ # make sure the key is trusted
+ - gpg --import-ownertrust <(echo "$SNAP_GPG_OWNER_TRUST")
+ # test the keys
+ - gpg --list-keys
+
+ # remove the task log file from the model signing that was artifacted...
+ - rm -f task.log
+
# get the missing plasma-desktop-session snap from the latest build...
- mkdir workspace/ && cd workspace/
- wget -O Snap_artifacts.zip "https://invent.kde.org/api/v4/projects/neon%2fsnap-packaging%2fplasma-desktop-session/jobs/artifacts/master/download?job=snap_snapcraft_lxd"
diff --git a/debian/neon-core-image-signed-iso.yml b/debian/neon-core-image-signed-iso.yml
index 5dfabf5..b5a8ace 100644
--- a/debian/neon-core-image-signed-iso.yml
+++ b/debian/neon-core-image-signed-iso.yml
@@ -17,6 +17,33 @@ neon_core_image_dangerous:
- Snap
interruptible: true
script:
+ script:
+ # Prepare the Snap specific GnuPG workspace
+ - rm -rf $HOME/.snap/gnupg/
+ - mkdir -p -m 0700 $HOME/.snap/gnupg/
+ - mkdir -p -m 0700 $HOME/.snap/gnupg/private-keys-v1.d/
+ # export it as a env var so the import commands below work on it...
+ - export GNUPGHOME=$HOME/.snap/gnupg/
+ # feed snap's gpg the required key
+ - echo $SNAP_GPG_PRIVATE_KEY | base64 --decode | gpg --batch --import
+ # make sure the key is trusted
+ - gpg --import-ownertrust <(echo "$SNAP_GPG_OWNER_TRUST")
+ # test the keys
+ - gpg --list-keys
+
+ # remove the task log file from the model signing that was artifacted...
+ - rm -f task.log
+ # get the missing plasma-desktop-session snap from the latest build...
+ - mkdir workspace/ && cd workspace/
+ - wget -O Snap_artifacts.zip "https://invent.kde.org/api/v4/projects/neon%2fsnap-packaging%2fplasma-desktop-session/jobs/artifacts/master/download?job=snap_snapcraft_lxd"
+ - unzip -e Snap_artifacts.zip
+ - mv .kde-ci-packages/plasma-desktop-session*.snap $CI_PROJECT_DIR/local-snaps/plasma-desktop-session.snap
+ - cd $CI_PROJECT_DIR
+ # build the image with the project's tooling
+ - echo building kde-neon-core in dangerous mode ...
+ - make dangerous 2>&1 | tee task.log
+
+
# get the missing plasma-desktop-session snap from the latest build...
- mkdir workspace/ && cd workspace/
- wget -O Snap_artifacts.zip "https://invent.kde.org/api/v4/projects/neon%2fsnap-packaging%2fplasma-desktop-session/jobs/artifacts/master/download?job=snap_snapcraft_lxd"
More information about the Neon-commits
mailing list