diff --git a/.github/workflows/build-validation.yml b/.github/workflows/build-validation.yml index 28eeda4b..7659f586 100644 --- a/.github/workflows/build-validation.yml +++ b/.github/workflows/build-validation.yml @@ -131,7 +131,7 @@ jobs: uses: gradle/gradle-build-action@v2 - name: Publish to local - run: ./gradlew publishToMavenLocal + run: ./gradlew publishToMavenLocal -PskipSigning - name: Build azure functions sample run: ./gradlew azureFunctionsPackage @@ -170,7 +170,7 @@ jobs: uses: gradle/gradle-build-action@v2 - name: Publish to local - run: ./gradlew publishToMavenLocal + run: ./gradlew publishToMavenLocal -PskipSigning - name: Build azure functions sample run: ./gradlew azureFunctionsPackage diff --git a/azurefunctions/build.gradle b/azurefunctions/build.gradle index f24c3ec4..4a3eeac7 100644 --- a/azurefunctions/build.gradle +++ b/azurefunctions/build.gradle @@ -77,10 +77,10 @@ publishing { } } -// TODO: manual signing temporarily disabled, in favor of 1ES signing utils -//signing { -// sign publishing.publications.mavenJava -//} +signing { + required = !project.hasProperty("skipSigning") + sign publishing.publications.mavenJava +} java { withSourcesJar() diff --git a/azuremanaged/build.gradle b/azuremanaged/build.gradle index 697664e9..5343b3bd 100644 --- a/azuremanaged/build.gradle +++ b/azuremanaged/build.gradle @@ -110,6 +110,11 @@ publishing { } } +signing { + required = !project.hasProperty("skipSigning") + sign publishing.publications.mavenJava +} + java { withSourcesJar() withJavadocJar() diff --git a/client/build.gradle b/client/build.gradle index 3c270bb1..937d2ba1 100644 --- a/client/build.gradle +++ b/client/build.gradle @@ -173,10 +173,10 @@ publishing { } } -// TODO: manual signing temporarily disabled, in favor of 1ES signing -//signing { -// sign publishing.publications.mavenJava -//} +signing { + required = !project.hasProperty("skipSigning") + sign publishing.publications.mavenJava +} java { withSourcesJar() diff --git a/eng/templates/build.yml b/eng/templates/build.yml index 9919c6d2..42550475 100644 --- a/eng/templates/build.yml +++ b/eng/templates/build.yml @@ -8,7 +8,6 @@ jobs: artifact: drop sbomBuildDropPath: $(System.DefaultWorkingDirectory) sbomPackageName: 'Durable Task / Durable Functions Java SBOM' - steps: - checkout: self @@ -25,9 +24,15 @@ jobs: jdkArchitectureOption: 'x64' publishJUnitResults: false tasks: clean assemble - displayName: Assemble durabletask-client and durabletask-azure-functions + displayName: Assemble durabletask-client and durabletask-azure-functions and durabletask-azuremanaged + + # the secring.gpg file is required to sign the artifacts, it's generated from GnuPG, and it's stored in the library of the durabletaskframework ADO + - task: DownloadSecureFile@1 + name: gpgSecretFile + displayName: 'Download GPG secret file' + inputs: + secureFile: 'secring.gpg' - # TODO: add 1ES-level signing - task: Gradle@3 inputs: workingDirectory: '' @@ -37,7 +42,8 @@ jobs: jdkVersionOption: 1.11 jdkArchitectureOption: 'x64' tasks: publish - displayName: Publish durabletask-client and durabletask-azure-functions + options: '-Psigning.keyId=$(gpgSignKey) -Psigning.password=$(gpgSignPassword) -Psigning.secretKeyRingFile=$(gpgSecretFile.secureFilePath)' + displayName: Publish durabletask-client and durabletask-azure-functions and durabletask-azuremanaged - task: CopyFiles@2 displayName: 'Copy publish file to Artifact Staging Directory'