mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 21:18:31 +00:00
f64739788b
In order to automatically sign and and upload our debian and RPM packages, this commit incorporates signing into the build process and adds the necessary steps to the release process. In order to do this the pom.xml has been adapted and the RPM and jdeb maven plugins have been updated, so the packages are signed on build. However the repositories need to signed as well. Syncing the repos requires downloading the current repo, adding the new packages and syncing it back. The following environment variables are now required as part of the build * GPG_KEY_ID - the key ID of the key used for signing * GPG_PASSPHRASE - your GPG passphrase * S3_BUCKET_SYNC_TO: S3 bucket to sync new repo into The following environment variables are optional * S3_BUCKET_SYNC_FROM: S3 bucket to get existing packages from * GPG_KEYRING - home of gnupg, defaults to ~/.gnupg The following command line tools are needed * createrepo (creates RPM repositories) * expect (used by the maven rpm plugin) * apt-ftparchive (creates DEB repositories) * gpg (signs packages and repo files) * s3cmd (syncing between the different S3 buckets) The current approach would also work for users who want to run their own repositories, all they need to change are a couple of environment variables. Minor implementation detail: Right now the branch name is used as version for the repositories (like 1.4/1.5/1.6) - if we ever change our branch naming scheme, the script needs to be fixed.