sign-standalone-artifacts.run() sign-standalone-artifacts.modernSCM({$class=GitSCMSource, remote=https://github.com/opensearch-project/opensearch-build-libraries.git}) sign-standalone-artifacts.library({identifier=jenkins@1.0.4, retriever=null}) sign-standalone-artifacts.pipeline(groovy.lang.Closure) sign-standalone-artifacts.credentials(jenkins-artifact-bucket-name) sign-standalone-artifacts.echo(Executing on agent [docker:[alwaysPull:true, args:, containerPerStageRoot:false, label:Jenkins-Agent-AL2-X64-C54xlarge-Docker-Host, image:opensearchstaging/ci-runner:ci-runner-rockylinux8-opensearch-build-v3, reuseNode:false, registryUrl:https://public.ecr.aws/, stages:[:]]]) sign-standalone-artifacts.stage(sign, groovy.lang.Closure) sign-standalone-artifacts.script(groovy.lang.Closure) sign-standalone-artifacts.sh(mkdir /tmp/workspace/artifacts) sign-standalone-artifacts.sh( set +x set -e STATUS_CODES=`curl -IL https://www.dummy.com/dummy_1_artifact.tar.gz 2>&1 | grep -Eo "HTTP/[12] [0-9]+" | grep -Eo '[0-9][0-9][0-9]' | sort | uniq` for resp_code in $STATUS_CODES; do if echo $resp_code | grep -qEo '[45][0-9][0-9]'; then echo "Error url with error response code $resp_code, exit 1" exit 1 fi done echo "No error detected, valid response $resp_code, downloading https://www.dummy.com/dummy_1_artifact.tar.gz" curl -SL https://www.dummy.com/dummy_1_artifact.tar.gz -o /tmp/workspace/artifacts/dummy_1_artifact.tar.gz ) sign-standalone-artifacts.sh( set +x set -e STATUS_CODES=`curl -IL https://www.dummy.com/dummy_2_artifact.tar.gz 2>&1 | grep -Eo "HTTP/[12] [0-9]+" | grep -Eo '[0-9][0-9][0-9]' | sort | uniq` for resp_code in $STATUS_CODES; do if echo $resp_code | grep -qEo '[45][0-9][0-9]'; then echo "Error url with error response code $resp_code, exit 1" exit 1 fi done echo "No error detected, valid response $resp_code, downloading https://www.dummy.com/dummy_2_artifact.tar.gz" curl -SL https://www.dummy.com/dummy_2_artifact.tar.gz -o /tmp/workspace/artifacts/dummy_2_artifact.tar.gz ) sign-standalone-artifacts.signArtifacts({artifactPath=/tmp/workspace/artifacts, sigtype=.sig, platform=linux}) signArtifacts.echo(PGP or Windows Signature Signing) signArtifacts.fileExists(/tmp/workspace/sign.sh) signArtifacts.git({url=https://github.com/opensearch-project/opensearch-build.git, branch=main}) signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -) signArtifacts.usernamePassword({credentialsId=github_bot_token_name, usernameVariable=GITHUB_USER, passwordVariable=GITHUB_TOKEN}) signArtifacts.string({credentialsId=jenkins-signer-client-role, variable=SIGNER_CLIENT_ROLE}) signArtifacts.string({credentialsId=jenkins-signer-client-external-id, variable=SIGNER_CLIENT_EXTERNAL_ID}) signArtifacts.string({credentialsId=jenkins-signer-client-unsigned-bucket, variable=SIGNER_CLIENT_UNSIGNED_BUCKET}) signArtifacts.string({credentialsId=jenkins-signer-client-signed-bucket, variable=SIGNER_CLIENT_SIGNED_BUCKET}) signArtifacts.withCredentials([[GITHUB_USER, GITHUB_TOKEN], SIGNER_CLIENT_ROLE, SIGNER_CLIENT_EXTERNAL_ID, SIGNER_CLIENT_UNSIGNED_BUCKET, SIGNER_CLIENT_SIGNED_BUCKET], groovy.lang.Closure) signArtifacts.sh( #!/bin/bash set +x export ROLE=SIGNER_CLIENT_ROLE export EXTERNAL_ID=SIGNER_CLIENT_EXTERNAL_ID export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET /tmp/workspace/sign.sh /tmp/workspace/artifacts --sigtype=.sig --platform=linux ) sign-standalone-artifacts.uploadToS3({sourcePath=/tmp/workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) uploadToS3.string({credentialsId=jenkins-aws-account-public, variable=AWS_ACCOUNT_PUBLIC}) uploadToS3.withCredentials([AWS_ACCOUNT_PUBLIC], groovy.lang.Closure) uploadToS3.withAWS({role=opensearch-bundle, roleAccount=AWS_ACCOUNT_PUBLIC, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure) uploadToS3.s3Upload({file=/tmp/workspace/artifacts, bucket=dummy_bucket_name, path=sign_artifacts_job/dummy/upload/path/20/dist/signed}) sign-standalone-artifacts.printArtifactDownloadUrlsForStaging({artifactFileNames=[dummy_1_artifact.tar.gz, dummy_1_artifact.tar.gz.sig, dummy_2_artifact.tar.gz, dummy_2_artifact.tar.gz.sig], uploadPath=sign_artifacts_job/dummy/upload/path/20/dist/signed}) printArtifactDownloadUrlsForStaging.echo(File dummy_1_artifact.tar.gz can be accessed using the url - https://ci.opensearch.org/ci/dbc/sign_artifacts_job/dummy/upload/path/20/dist/signed/dummy_1_artifact.tar.gz) printArtifactDownloadUrlsForStaging.echo(File dummy_1_artifact.tar.gz.sig can be accessed using the url - https://ci.opensearch.org/ci/dbc/sign_artifacts_job/dummy/upload/path/20/dist/signed/dummy_1_artifact.tar.gz.sig) printArtifactDownloadUrlsForStaging.echo(File dummy_2_artifact.tar.gz can be accessed using the url - https://ci.opensearch.org/ci/dbc/sign_artifacts_job/dummy/upload/path/20/dist/signed/dummy_2_artifact.tar.gz) printArtifactDownloadUrlsForStaging.echo(File dummy_2_artifact.tar.gz.sig can be accessed using the url - https://ci.opensearch.org/ci/dbc/sign_artifacts_job/dummy/upload/path/20/dist/signed/dummy_2_artifact.tar.gz.sig) sign-standalone-artifacts.script(groovy.lang.Closure) sign-standalone-artifacts.postCleanup() postCleanup.cleanWs({disableDeferredWipeout=true, deleteDirs=true})