SignReleaseBundle

JFrog Pipelines Documentation

ft:sourceType
Paligo

The SignReleaseBundle native step signs a Release Bundle in preparation for distributing it to Edge nodes.

YAML Schema

The YAML schema for SignReleaseBundle native step is as follows:

SignReleaseBundle

pipelines:
  - name:   <string>
    steps:
      - name: <string>
        type: SignReleaseBundle
        configuration:
                  #inherits all the tags from bash
          inputResources:
            - name:            <release bundle to sign>  # required
                  trigger: false
          outputResources:
            - name:            <signed release bundle>  # required

        execution:
          onStart:
            - echo "Preparing for work..."
          onSuccess:
            - echo "Job well done!"
          onFailure:
            - echo "uh oh, something went wrong"
          onComplete: #always
            - echo "Cleaning up some stuff"
Tags
name

An alphanumeric string (underscores are permitted) that identifies the step.

type

Must be SignReleaseBundle for this step type.

configuration

Specifies all configuration selections for the step's execution environment. This step inherits the Bash/ PowerShell step configuration tags, including these pertinenttags:

Tag

Description of usage

Required/Optional

inputResources

Must specify a ReleaseBundleresource whose name and version properties identify the release bundle to be signed.

Required

outputResources

Must specify a ReleaseBundleresource. This ReleaseBundle is updated with the name and version properties of the input ReleaseBundle, and sets the isSigned property to true.

Required

There is no additional configuration required.

Tags derived from Bash

All native steps derive from the Bash step. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well that support the step's particular function. So it's important to be familiar with the Bash step definition, since it's the core of the definition of all other steps.

GPG Signing Key Passphrase

When your Distribution release bundle GPG signing keyis passphrase protected, remember to provide the GPG Signing Key Passphrase when creating/updating your Distribution Integration.GPG Signing

execution

Declares collections of shell command sequences to perform for pre- and post-execution phases:

Tag

Description of usage

Required/Optional

onStart

Commands to execute in advance of the native operation

Optional

onSuccess

Commands to execute on successful completion

Optional

onFailure

Commands to execute on failed completion

Optional

onComplete

Commands to execute on any completion

Optional

The actions performed for the onExecute phase are inherent to this step type and may not be overridden.

Examples

The following example shows how to configure a SignReleaseBundle step.

Sign a Release Bundle

Signs a ReleaseBundle provided as an input.

SignReleaseBundle

template: true   # required for local templates
valuesFilePath: ./values.yml

resources:
  # Build info of first build to bundle
  - name: gosvc_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.myArtifactoryIntegration }}
      buildName: svc_build
      buildNumber: 1

  # Build info of second build to bundle
  - name: appl_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.demoArtifactoryIntegration }}
      buildName: backend_build
      buildNumber: 1

  # Release bundle
  - name: release_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Signed version of the same release bundle
  - name: signed_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Distribution rules
  - name: distribution_rules
    type: DistributionRule
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      serviceName: "*"
      siteName: "*"
      cityName: "*"
      countryCodes:
        - "CN"
        - "GB"

pipelines:
  - name: demo_release_mgmt
    steps:
      - name: bundle
        type: CreateReleaseBundle
        configuration:
          releaseBundleName: demo_rb
          releaseBundleVersion: v1.0.${run_number}
          dryRun: false
          sign: false
          description: "some random test description"
          inputResources:
            - name: gosvc_promoted_build_info
              trigger: true
            - name: appl_promoted_build_info
              trigger: true
          outputResources:
            - name: release_bundle
          releaseNotes:
            syntax: markdown
            content: |
              ## Heading
                * Bullet
                * Points
            
      - name: sign
        type: SignReleaseBundle
        configuration:
          inputResources:
            - name: release_bundle
          outputResources:
            - name: signed_bundle

      - name: distribute
        type: DistributeReleaseBundle
        configuration:
          dryRun: false
          inputResources:
            - name: signed_bundle
            - name: distribution_rules
How it Works

When you use the SignReleaseBundle native step in a pipeline, it performs the following functions in the background:

  • curl $distUrl/api/v1/release_bundle/$releaseBundleName/$releaseBundleVersion/sign (sign the release bundle)

  • write_output (update the output ReleaseBundle resource)