SignReleaseBundle

The SignReleaseBundle native step signs a Release Bundle in preparation for distributing it to Edge nodes.

YAML Schema

The YAML schema for SignReleaseBundle native step is as follows:

SignReleaseBundle

pipelines:
  - name:   <string>
    steps:
      - name: <string>
        type: SignReleaseBundle
        configuration:
                  #inherits all the tags from bash
          inputResources:
            - name:            <release bundle to sign>  # required
                  trigger: false
          outputResources:
            - name:            <signed release bundle>  # required

        execution:
          onStart:
            - echo "Preparing for work..."
          onSuccess:
            - echo "Job well done!"
          onFailure:
            - echo "uh oh, something went wrong"
          onComplete: #always
            - echo "Cleaning up some stuff"

Tag	Description of usage	Required/Optional
`inputResources`	Must specify a ReleaseBundleresource whose `name` and `version` properties identify the release bundle to be signed.	Required
`outputResources`	Must specify a ReleaseBundleresource. This ReleaseBundle is updated with the `name` and `version` properties of the input ReleaseBundle, and sets the `isSigned` property to true.	Required

Tags derived from Bash

All native steps derive from the Bash step. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well that support the step's particular function. So it's important to be familiar with the Bash step definition, since it's the core of the definition of all other steps.

GPG Signing Key Passphrase

When your Distribution release bundle GPG signing keyis passphrase protected, remember to provide the GPG Signing Key Passphrase when creating/updating your Distribution Integration.GPG Signing

execution

Declares collections of shell command sequences to perform for pre- and post-execution phases:

Tag	Description of usage	Required/Optional
`onStart`	Commands to execute in advance of the native operation	Optional
`onSuccess`	Commands to execute on successful completion	Optional
`onFailure`	Commands to execute on failed completion	Optional
`onComplete`	Commands to execute on any completion	Optional

The actions performed for the onExecute phase are inherent to this step type and may not be overridden.

Examples

The following example shows how to configure a SignReleaseBundle step.

Sign a Release Bundle

Signs a ReleaseBundle provided as an input.

This example requires an Artifactory Integration and a Distribution Integration.
The Pipelines DSL for this example is available in this repository in the JFrog GitHub account.

SignReleaseBundle

template: true   # required for local templates
valuesFilePath: ./values.yml

resources:
  # Build info of first build to bundle
  - name: gosvc_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.myArtifactoryIntegration }}
      buildName: svc_build
      buildNumber: 1

  # Build info of second build to bundle
  - name: appl_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.demoArtifactoryIntegration }}
      buildName: backend_build
      buildNumber: 1

  # Release bundle
  - name: release_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Signed version of the same release bundle
  - name: signed_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Distribution rules
  - name: distribution_rules
    type: DistributionRule
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      serviceName: "*"
      siteName: "*"
      cityName: "*"
      countryCodes:
        - "CN"
        - "GB"

pipelines:
  - name: demo_release_mgmt
    steps:
      - name: bundle
        type: CreateReleaseBundle
        configuration:
          releaseBundleName: demo_rb
          releaseBundleVersion: v1.0.${run_number}
          dryRun: false
          sign: false
          description: "some random test description"
          inputResources:
            - name: gosvc_promoted_build_info
              trigger: true
            - name: appl_promoted_build_info
              trigger: true
          outputResources:
            - name: release_bundle
          releaseNotes:
            syntax: markdown
            content: |
              ## Heading
                * Bullet
                * Points
            
      - name: sign
        type: SignReleaseBundle
        configuration:
          inputResources:
            - name: release_bundle
          outputResources:
            - name: signed_bundle

      - name: distribute
        type: DistributeReleaseBundle
        configuration:
          dryRun: false
          inputResources:
            - name: signed_bundle
            - name: distribution_rules

How it Works

When you use the SignReleaseBundle native step in a pipeline, it performs the following functions in the background:

curl $distUrl/api/v1/release_bundle/$releaseBundleName/$releaseBundleVersion/sign (sign the release bundle)
write_output (update the output ReleaseBundle resource)