Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: move signing packages to automation page #105

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci: move signing packages to automation page #105

wants to merge 1 commit into from

Conversation

abhishuraina
Copy link

@abhishuraina abhishuraina commented Jan 7, 2025
edited
Loading

Modify signing packages to SHA-256 and move the signing files from integrations to automations repo.

@abhishuraina abhishuraina requested a review from a team as a code owner January 7, 2025 05:07
@abhishuraina abhishuraina force-pushed the NR-352659-modify-signing-for-packages-to-sha-256 branch 2 times, most recently from 782f352 to 2356e4c Compare January 9, 2025 10:53
@abhishuraina abhishuraina force-pushed the NR-352659-modify-signing-for-packages-to-sha-256 branch from 2356e4c to b1b40c2 Compare January 9, 2025 11:04
paologallinaharbur
paologallinaharbur reviewed Jan 9, 2025
View reviewed changes
build/sign.sh
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have you checked already that all the repos share the same script?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding some context for the scripts:
These are only needed for FIPS. As we need to use Ubuntu 16 for building FIPS packages at this time (it might change with go 1.24), and there is some issue with using goreleaser signing with Ubuntu 16 as it prompts for password and non-interactive doesn't work (multiple tests done for this).

TL;DR
This script will be same for all the OHIs that need the packages to be signed.

paologallinaharbur
paologallinaharbur reviewed Jan 9, 2025
View reviewed changes
build/Dockerfile
@@ -47,5 +47,6 @@ ENV GOFLAGS="-buildvcs=false"
# Since the user does not match the owners of the repo "git rev-parse --is-inside-work-tree" fails and goreleaser does not populate projectName
# https://stackoverflow.com/questions/72978485/git-submodule-update-failed-with-fatal-detected-dubious-ownership-in-repositor
RUN git config --global --add safe.directory '*'
COPY ./sign.sh ./sign_deb.exp ./sign_rpm.exp ./sign_tar.exp /usr/local/bin
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are only copying the files since they are executed already in the makefile? https://github.com/newrelic/nri-redis/pull/212/files#diff-553b9a740f0151f2e959512198dddbdd0d69c398d29583ca0a4e011d5598932e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paologallinaharbur paologallinaharbur paologallinaharbur left review comments

@rajrohanyadav rajrohanyadav rajrohanyadav left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abhishuraina @rajrohanyadav @paologallinaharbur