The SignReleaseBundle native step signs a Release Bundle in preparation for distributing it to Edge nodes.
YAML Schema
The YAML schema for SignReleaseBundle native step is as follows:
SignReleaseBundle
pipelines: - name: <string> steps: - name: <string> type: SignReleaseBundle configuration: #inherits all the tags from bash inputResources: - name: <release bundle to sign> # required trigger: false outputResources: - name: <signed release bundle> # required execution: onStart: - echo "Preparing for work..." onSuccess: - echo "Job well done!" onFailure: - echo "uh oh, something went wrong" onComplete: #always - echo "Cleaning up some stuff"
Tags
name
An alphanumeric string (underscores are permitted) that identifies the step.
type
Must be SignReleaseBundle
for this step type.
configuration
Specifies all configuration selections for the step's execution environment. This step inherits the Bash/ PowerShell step configuration tags, including these pertinenttags:
Tag | Description of usage | Required/Optional |
---|---|---|
| Must specify a ReleaseBundleresource whose | Required |
| Must specify a ReleaseBundleresource. This ReleaseBundle is updated with the | Required |
There is no additional configuration required.
Tags derived from Bash
All native steps derive from the Bash step. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well that support the step's particular function. So it's important to be familiar with the Bash step definition, since it's the core of the definition of all other steps.
GPG Signing Key Passphrase
When your Distribution release bundle GPG signing keyis passphrase protected, remember to provide the GPG Signing Key Passphrase when creating/updating your Distribution Integration.
execution
Declares collections of shell command sequences to perform for pre- and post-execution phases:
Tag | Description of usage | Required/Optional |
---|---|---|
| Commands to execute in advance of the native operation | Optional |
| Commands to execute on successful completion | Optional |
| Commands to execute on failed completion | Optional |
| Commands to execute on any completion | Optional |
The actions performed for the onExecute
phase are inherent to this step type and may not be overridden.
Examples
The following example shows how to configure a SignReleaseBundle step.
Sign a Release Bundle
Signs a ReleaseBundle provided as an input.
This example requires an Artifactory Integration and a Distribution Integration.
The Pipelines DSL for this example is available in this repository in the JFrog GitHub account.
SignReleaseBundle
template: true # required for local templates valuesFilePath: ./values.yml resources: # Build info of first build to bundle - name: gosvc_promoted_build_info type: BuildInfo configuration: sourceArtifactory: {{ .Values.myArtifactoryIntegration }} buildName: svc_build buildNumber: 1 # Build info of second build to bundle - name: appl_promoted_build_info type: BuildInfo configuration: sourceArtifactory: {{ .Values.demoArtifactoryIntegration }} buildName: backend_build buildNumber: 1 # Release bundle - name: release_bundle type: ReleaseBundle configuration: sourceDistribution: {{ .Values.distributionIntegration }} name: demo_rb version: v1.0.0 # Signed version of the same release bundle - name: signed_bundle type: ReleaseBundle configuration: sourceDistribution: {{ .Values.distributionIntegration }} name: demo_rb version: v1.0.0 # Distribution rules - name: distribution_rules type: DistributionRule configuration: sourceDistribution: {{ .Values.distributionIntegration }} serviceName: "*" siteName: "*" cityName: "*" countryCodes: - "CN" - "GB" pipelines: - name: demo_release_mgmt steps: - name: bundle type: CreateReleaseBundle configuration: releaseBundleName: demo_rb releaseBundleVersion: v1.0.${run_number} dryRun: false sign: false description: "some random test description" inputResources: - name: gosvc_promoted_build_info trigger: true - name: appl_promoted_build_info trigger: true outputResources: - name: release_bundle releaseNotes: syntax: markdown content: | ## Heading * Bullet * Points - name: sign type: SignReleaseBundle configuration: inputResources: - name: release_bundle outputResources: - name: signed_bundle - name: distribute type: DistributeReleaseBundle configuration: dryRun: false inputResources: - name: signed_bundle - name: distribution_rules
How it Works
When you use the SignReleaseBundle native step in a pipeline, it performs the following functions in the background:
curl $distUrl/api/v1/release_bundle/$releaseBundleName/$releaseBundleVersion/sign (sign the release bundle)
write_output (update the output ReleaseBundle resource)