diff options
| author | Steve Dower <steve.dower@python.org> | 2022-03-23 23:36:26 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-23 23:36:26 (GMT) |
| commit | 366c54633e7d6a4ce94c3f0f80c2abf82a869e15 (patch) | |
| tree | 0bdae8a618228c1f761eed79ebb29faf23a36bd2 | |
| parent | ff619c7dfe8dcb0e4c8dc655abc3acc7dc586d0d (diff) | |
| download | cpython-366c54633e7d6a4ce94c3f0f80c2abf82a869e15.zip cpython-366c54633e7d6a4ce94c3f0f80c2abf82a869e15.tar.gz cpython-366c54633e7d6a4ce94c3f0f80c2abf82a869e15.tar.bz2 | |
Fix GPG signing in Windows release build (GH-32089)
| -rw-r--r-- | .azure-pipelines/windows-release/gpg-sign.yml | 31 | ||||
| -rw-r--r-- | .azure-pipelines/windows-release/stage-publish-pythonorg.yml | 36 |
2 files changed, 26 insertions, 41 deletions
diff --git a/.azure-pipelines/windows-release/gpg-sign.yml b/.azure-pipelines/windows-release/gpg-sign.yml deleted file mode 100644 index 04206d2..0000000 --- a/.azure-pipelines/windows-release/gpg-sign.yml +++ /dev/null @@ -1,31 +0,0 @@ -parameters: - GPGKeyFile: $(GPGKey) - GPGPassphrase: $(GPGPassphrase) - Files: '*' - WorkingDirectory: $(Build.BinariesDirectory) - Condition: succeeded() - -steps: -- task: DownloadSecureFile@1 - name: gpgkey - inputs: - secureFile: ${{ parameters.GPGKeyFile }} - condition: ${{ parameters.Condition }} - displayName: 'Download GPG key' - -- powershell: | - git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg" - gpg/gpg2.exe --import "$(gpgkey.secureFilePath)" - (gci -File ${{ parameters.Files }}).FullName | %{ - gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_ - "Made signature for $_" - } - condition: ${{ parameters.Condition }} - displayName: 'Generate GPG signatures' - workingDirectory: ${{ parameters.WorkingDirectory }} - -- powershell: | - $p = gps "gpg-agent" -EA 0 - if ($p) { $p.Kill() } - displayName: 'Kill GPG agent' - condition: true diff --git a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml index ee50e4e..e8f12b6 100644 --- a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml +++ b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml @@ -84,16 +84,32 @@ jobs: condition: and(succeeded(), ne(variables['PublishARM64'], 'true')) - - template: ./gpg-sign.yml - parameters: - GPGKeyFile: 'python-signing.key' - Files: 'msi\*\*, embed\*.zip' - - - template: ./gpg-sign.yml - parameters: - GPGKeyFile: 'python-signing.key' - Files: 'doc\htmlhelp\*.chm' - Condition: and(succeeded(), eq(variables['DoCHM'], 'true')) + - task: DownloadSecureFile@1 + name: gpgkey + inputs: + secureFile: 'python-signing.key' + displayName: 'Download GPG key' + + - powershell: | + git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg" + gpg/gpg2.exe --import "$(gpgkey.secureFilePath)" + $files = gci -File "msi\*\*", "embed\*.zip" + if ("$(DoCHM)" -ieq "true") { + $files = $files + (gci -File "doc\htmlhelp\*.chm") + } + $files.FullName | %{ + gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_ + "Made signature for $_" + } + displayName: 'Generate GPG signatures' + workingDirectory: $(Build.BinariesDirectory) + + - powershell: | + $p = gps "gpg-agent" -EA 0 + if ($p) { $p.Kill() } + displayName: 'Kill GPG agent' + condition: true + - powershell: > $(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1 |