Build: Allow for file based deploy, sign packages

This allows for a local file based deploy without needed nexus auth information. Also signing of packages has been added, either via gradle.properties or using system properties as a fallback. The property build.repository allows to configure another endpoint if no snapshot build is done. Fix creation of .asc file for tar.gz distribution Closes #17405
2016-04-15 17:13:12 +02:00 · 2016-04-15 17:13:12 +02:00 · 95579ca95a
parent b5a58ece41
commit 95579ca95a
3 changed files with 40 additions and 10 deletions
--- a/build.gradle
+++ b/build.gradle
@ -18,6 +18,8 @@
 */

 import com.bmuschko.gradle.nexus.NexusPlugin
+import org.eclipse.jgit.lib.Repository
+import org.eclipse.jgit.lib.RepositoryBuilder
 import org.gradle.plugins.ide.eclipse.model.SourceFolder

 // common maven publishing configuration
@ -50,11 +52,26 @@ subprojects {
      javadoc = true
      tests = false
    }
+    nexus {
+      Repository repo = new RepositoryBuilder().findGitDir(new File('.')).build()
+      String shortHash = repo.resolve('HEAD')?.name?.substring(0,7)
+      String buildSnapshot = System.getProperty('build.snapshot', 'true')
+      if (buildSnapshot == 'false') {
+        repositoryUrl = project.hasProperty('build.repository') ? project.property('build.repository') : "file://${System.getenv('HOME')}/elasticsearch-releases/${version}-${shortHash}/"
+      }
+    }
    // we have our own username/password prompts so that they only happen once
-    // TODO: add gpg signing prompts
+    // TODO: add gpg signing prompts, which is tricky, as the buildDeb/buildRpm tasks are executed before this code block
    project.gradle.taskGraph.whenReady { taskGraph ->
      if (taskGraph.allTasks.any { it.name == 'uploadArchives' }) {
        Console console = System.console()
+        // no need for username/password on local deploy
+        if (project.nexus.repositoryUrl.startsWith('file://')) {
+          project.rootProject.allprojects.each {
+            it.ext.nexusUsername = 'foo'
+            it.ext.nexusPassword = 'bar'
+          }
+        } else {
          if (project.hasProperty('nexusUsername') == false) {
            String nexusUsername = console.readLine('\nNexus username: ')
            project.rootProject.allprojects.each {
@ -71,6 +88,7 @@ subprojects {
      }
    }
  }
+}

 allprojects {
  // injecting groovy property variables into all projects
--- a/distribution/build.gradle
+++ b/distribution/build.gradle
@ -287,6 +287,15 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
      we see it. We'll add it back on to the file name though. */
    version project.version.replace('-SNAPSHOT', '')

+    // signing setup
+    if (project.hasProperty('signing.password') && System.getProperty('build.snapshot', 'true') == 'false') {
+      signingKeyId = project.hasProperty('signing.keyId') ? project.property('signing.keyId') : 'D88E42B4'
+      signingKeyPassphrase = project.property('signing.password')
+      signingKeyRingFile = project.hasProperty('signing.secretKeyRingFile') ?
+                           project.file(project.property('signing.secretKeyRingFile')) :
+                           new File(new File(System.getProperty('user.home'), '.gnupg'), 'secring.gpg')
+    }
+
    String scripts = "${packagingFiles}/scripts"
    preInstall file("${scripts}/preinst")
    postInstall file("${scripts}/postinst")
--- a/distribution/tar/build.gradle
+++ b/distribution/tar/build.gradle
@ -26,5 +26,8 @@ task buildTar(type: Tar) {

 artifacts {
  'default' buildTar
-  archives buildTar
+  project.afterEvaluate {
+    // gradle is broken for extensions that contain a dot, so we must be explicit about the name of the .asc file
+    project.signArchives.singleSignature.type = 'tar.gz.asc'
+  }
 }