jenkins-pipeline-shared-libraries/vars/releaseUtils.groovy - incubator-kie-kogito-pipelines - Git at Google

 def gpgImportKeyFromFileWithPassword(String gpgKeyCredentialsId, String gpgKeyPasswordCredentialsId) {
     withCredentials([file(credentialsId: gpgKeyCredentialsId, variable: 'SIGNING_KEY')]) {
         withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId, variable: 'SIGNING_KEY_PASSWORD')]) {
             // copy the key to singkey.gpg file in *plain text* so we can import it
             sh """
                 cat $SIGNING_KEY > $WORKSPACE/signkey.gpg
                 # Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals.
                 gpg --list-keys
                 gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg
                 rm $WORKSPACE/signkey.gpg
             """
         }
     }
 }

 def gpgImportKeyFromStringWithoutPassword(String gpgKeyCredentialsId) {
     withCredentials([file(credentialsId: gpgKeyCredentialsId, variable: 'SIGNING_KEY')]) {
         sh """
             gpg --list-keys
             gpg --batch --pinentry-mode=loopback --import $SIGNING_KEY
         """
     }
 }

 def gpgSignFileDetachedSignatureWithPassword(String file, String signatureTarget, String gpgKeyPasswordCredentialsId) {
     withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId, variable: 'SIGNING_KEY_PASSWORD')]) {
         sh "gpg --batch --sign --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --output ${signatureTarget} --detach-sig ${file}"
     }
 }

 def gpgSignFileDetachedSignatureWithoutPassword(String file, String signatureTarget) {
     sh """
     gpg --batch --sign --pinentry-mode=loopback --output ${signatureTarget} --detach-sig ${file}
     shasum -a 512 ${file} > ${file}.sha512
     """
 }

 boolean gpgIsValidDetachedSignature(String file, String signature) {
     return sh(returnStatus: true, script: "gpg --batch --verify ${signature} ${file}") == 0
 }

 def svnUploadFileToRepository(String svnRepository, String svnCredentialsId, String releaseVersion, String... files) {
     withCredentials([usernamePassword(credentialsId: svnCredentialsId, usernameVariable: 'ASF_USERNAME', passwordVariable: 'ASF_PASSWORD')]) {
         sh "svn co --depth=empty ${svnRepository}/${releaseVersion} svn-kie"
         for (file in files) {
             sh "cp ${file} svn-kie"
         }
         sh """
         cd svn-kie
         svn add . --force
         svn ci --non-interactive --no-auth-cache --username ${ASF_USERNAME} --password '${ASF_PASSWORD}' -m "Apache KIE ${releaseVersion} artifacts"
         rm -rf svn-kie
         """
     }
 }
	def gpgImportKeyFromFileWithPassword(String gpgKeyCredentialsId, String gpgKeyPasswordCredentialsId) {
	withCredentials([file(credentialsId: gpgKeyCredentialsId, variable: 'SIGNING_KEY')]) {
	withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId, variable: 'SIGNING_KEY_PASSWORD')]) {
	// copy the key to singkey.gpg file in plain text so we can import it
	sh """
	cat $SIGNING_KEY > $WORKSPACE/signkey.gpg
	# Please do not remove list keys command. When gpg is run for the first time, it may initialize some internals.
	gpg --list-keys
	gpg --batch --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg
	rm $WORKSPACE/signkey.gpg
	"""
	}
	}
	}

	def gpgImportKeyFromStringWithoutPassword(String gpgKeyCredentialsId) {
	withCredentials([file(credentialsId: gpgKeyCredentialsId, variable: 'SIGNING_KEY')]) {
	sh """
	gpg --list-keys
	gpg --batch --pinentry-mode=loopback --import $SIGNING_KEY
	"""
	}
	}

	def gpgSignFileDetachedSignatureWithPassword(String file, String signatureTarget, String gpgKeyPasswordCredentialsId) {
	withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId, variable: 'SIGNING_KEY_PASSWORD')]) {
	sh "gpg --batch --sign --pinentry-mode=loopback --passphrase \"${SIGNING_KEY_PASSWORD}\" --output ${signatureTarget} --detach-sig ${file}"
	}
	}

	def gpgSignFileDetachedSignatureWithoutPassword(String file, String signatureTarget) {
	sh """
	gpg --batch --sign --pinentry-mode=loopback --output ${signatureTarget} --detach-sig ${file}
	shasum -a 512 ${file} > ${file}.sha512
	"""
	}

	boolean gpgIsValidDetachedSignature(String file, String signature) {
	return sh(returnStatus: true, script: "gpg --batch --verify ${signature} ${file}") == 0
	}

	def svnUploadFileToRepository(String svnRepository, String svnCredentialsId, String releaseVersion, String... files) {
	withCredentials([usernamePassword(credentialsId: svnCredentialsId, usernameVariable: 'ASF_USERNAME', passwordVariable: 'ASF_PASSWORD')]) {
	sh "svn co --depth=empty ${svnRepository}/${releaseVersion} svn-kie"
	for (file in files) {
	sh "cp ${file} svn-kie"
	}
	sh """
	cd svn-kie
	svn add . --force
	svn ci --non-interactive --no-auth-cache --username ${ASF_USERNAME} --password '${ASF_PASSWORD}' -m "Apache KIE ${releaseVersion} artifacts"
	rm -rf svn-kie
	"""
	}
	}