From 679b6d70cad9ddb7b095d542329c55e5d788b043 Mon Sep 17 00:00:00 2001 From: Paul Savoie Date: Mon, 10 Jun 2024 09:55:45 +0200 Subject: [PATCH 1/3] reduces jenkinsfile --- Jenkinsfile.executable.test-signing | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Jenkinsfile.executable.test-signing b/Jenkinsfile.executable.test-signing index 090dfeb..d29b984 100644 --- a/Jenkinsfile.executable.test-signing +++ b/Jenkinsfile.executable.test-signing @@ -1,10 +1,7 @@ pipeline { agent any parameters { - string(name: 'API_URL', defaultValue: 'https://app.signpath.io/api') string(name: 'ORGANIZATION_ID', defaultValue: '') - string(name: 'API_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.ExecutableProject.ApiToken') - string(name: 'TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.TrustedBuildSystemToken') } stages { stage('Build') { @@ -20,10 +17,7 @@ pipeline { stage('Sign with SignPath') { steps { submitSigningRequest( - apiUrl: "${params.API_URL}", organizationId: "${params.ORGANIZATION_ID}", - apiTokenCredentialId: "${params.API_TOKEN_CREDENTIAL_ID}", - trustedBuildSystemTokenCredentialId: "${params.TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID}", projectSlug: "executable", signingPolicySlug: "test-signing", inputArtifactPath: "build-output/unsigned/executable.exe", From f708930c02ad00af95f5bcc0a3415c3c0de21797 Mon Sep 17 00:00:00 2001 From: Paul Savoie Date: Mon, 10 Jun 2024 09:59:24 +0200 Subject: [PATCH 2/3] tests artifactConfigurationSlug --- Jenkinsfile.executable.test-signing | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile.executable.test-signing b/Jenkinsfile.executable.test-signing index d29b984..9d76f6c 100644 --- a/Jenkinsfile.executable.test-signing +++ b/Jenkinsfile.executable.test-signing @@ -20,6 +20,7 @@ pipeline { organizationId: "${params.ORGANIZATION_ID}", projectSlug: "executable", signingPolicySlug: "test-signing", + artifactConfigurationSlug: "initial", inputArtifactPath: "build-output/unsigned/executable.exe", outputArtifactPath: "build-output/signed/executable.exe", waitForCompletion: true, From 51542f20d530651fe9c2a1ea3a73ba9e25788475 Mon Sep 17 00:00:00 2001 From: Paul Savoie Date: Mon, 10 Jun 2024 10:06:46 +0200 Subject: [PATCH 3/3] updates samples --- Jenkinsfile.executable.release-signing | 6 ------ Jenkinsfile.executable.test-signing | 1 - Jenkinsfile.installer.release-signing | 6 ------ Jenkinsfile.installer.test-signing | 2 -- Jenkinsfile.installer.test-signing-curl | 4 ++-- Jenkinsfile.installer.test-signing-pwsh | 5 ++--- Jenkinsfile.installer.test-signing.api_token | 6 ------ README.md | 2 +- 8 files changed, 5 insertions(+), 27 deletions(-) diff --git a/Jenkinsfile.executable.release-signing b/Jenkinsfile.executable.release-signing index 6b3eaed..bd8a327 100644 --- a/Jenkinsfile.executable.release-signing +++ b/Jenkinsfile.executable.release-signing @@ -1,10 +1,7 @@ pipeline { agent any parameters { - string(name: 'API_URL', defaultValue: 'https://app.signpath.io/api') string(name: 'ORGANIZATION_ID', defaultValue: '') - string(name: 'API_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.ExecutableProject.ApiToken') - string(name: 'TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.TrustedBuildSystemToken') } stages { stage('Build') { @@ -21,10 +18,7 @@ pipeline { steps { script { signingRequestId = submitSigningRequest( - apiUrl: "${params.API_URL}", organizationId: "${params.ORGANIZATION_ID}", - apiTokenCredentialId: "${params.API_TOKEN_CREDENTIAL_ID}", - trustedBuildSystemTokenCredentialId: "${params.TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID}", projectSlug: "executable", signingPolicySlug: "release-signing", inputArtifactPath: "build-output/unsigned/executable.exe", diff --git a/Jenkinsfile.executable.test-signing b/Jenkinsfile.executable.test-signing index 9d76f6c..d29b984 100644 --- a/Jenkinsfile.executable.test-signing +++ b/Jenkinsfile.executable.test-signing @@ -20,7 +20,6 @@ pipeline { organizationId: "${params.ORGANIZATION_ID}", projectSlug: "executable", signingPolicySlug: "test-signing", - artifactConfigurationSlug: "initial", inputArtifactPath: "build-output/unsigned/executable.exe", outputArtifactPath: "build-output/signed/executable.exe", waitForCompletion: true, diff --git a/Jenkinsfile.installer.release-signing b/Jenkinsfile.installer.release-signing index a8d2dc3..2276970 100644 --- a/Jenkinsfile.installer.release-signing +++ b/Jenkinsfile.installer.release-signing @@ -1,10 +1,7 @@ pipeline { agent any parameters { - string(name: 'API_URL', defaultValue: 'https://app.signpath.io/api') string(name: 'ORGANIZATION_ID', defaultValue: '') - string(name: 'API_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.InstallerProject.ApiToken') - string(name: 'TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.TrustedBuildSystemToken') } stages { stage('Build') { @@ -21,10 +18,7 @@ pipeline { steps { script { signingRequestId = submitSigningRequest( - apiUrl: "${params.API_URL}", organizationId: "${params.ORGANIZATION_ID}", - apiTokenCredentialId: "${params.API_TOKEN_CREDENTIAL_ID}", - trustedBuildSystemTokenCredentialId: "${params.TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID}", projectSlug: "installer", signingPolicySlug: "release-signing", inputArtifactPath: "build-output/unsigned/installer.msi", diff --git a/Jenkinsfile.installer.test-signing b/Jenkinsfile.installer.test-signing index b3df255..91b64e4 100644 --- a/Jenkinsfile.installer.test-signing +++ b/Jenkinsfile.installer.test-signing @@ -22,8 +22,6 @@ pipeline { submitSigningRequest( apiUrl: "${params.API_URL}", organizationId: "${params.ORGANIZATION_ID}", - apiTokenCredentialId: "${params.API_TOKEN_CREDENTIAL_ID}", - trustedBuildSystemTokenCredentialId: "${params.TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID}", projectSlug: "installer", signingPolicySlug: "test-signing", inputArtifactPath: "build-output/unsigned/installer.msi", diff --git a/Jenkinsfile.installer.test-signing-curl b/Jenkinsfile.installer.test-signing-curl index f612835..081958f 100644 --- a/Jenkinsfile.installer.test-signing-curl +++ b/Jenkinsfile.installer.test-signing-curl @@ -1,7 +1,7 @@ pipeline { agent any environment { - API_TOKEN = credentials('SignPath.InstallerProject.ApiToken') + API_TOKEN = credentials('SignPath.ApiToken') } stages { stage('Build') { @@ -13,7 +13,7 @@ pipeline { steps { script { output = sh(returnStdout: true, script: '''curl -i \\ - -H "Authorization: Bearer ${API_TOKEN}" \\ + -H "Authorization: Bearer ${API_TOKEN}" \\ -F "ProjectSlug=installer" \\ -F "SigningPolicySlug=release-signing" \\ -F "Artifact=@./build-output/unsigned/installer.msi" \\ diff --git a/Jenkinsfile.installer.test-signing-pwsh b/Jenkinsfile.installer.test-signing-pwsh index 9a7aac6..ca1cb90 100644 --- a/Jenkinsfile.installer.test-signing-pwsh +++ b/Jenkinsfile.installer.test-signing-pwsh @@ -1,7 +1,7 @@ pipeline { agent any environment { - API_TOKEN = credentials('SignPath.InstallerProject.ApiToken') + API_TOKEN = credentials('SignPath.ApiToken') } stages { stage('Build') { @@ -12,8 +12,7 @@ pipeline { stage('Sign with SignPath') { steps { pwsh '''Submit-SigningRequest ` - -ApiUrl "${env:API_URL}", ` - -ApiToken "${env:API_TOKEN}" ` + -ApiToken "${env:API_TOKEN}" ` -OrganizationId "${env:ORGANIZATION_ID}" ` -ProjectSlug "installer" ` -SigningPolicySlug "test-signing" ` diff --git a/Jenkinsfile.installer.test-signing.api_token b/Jenkinsfile.installer.test-signing.api_token index 75ace3c..787297d 100644 --- a/Jenkinsfile.installer.test-signing.api_token +++ b/Jenkinsfile.installer.test-signing.api_token @@ -1,10 +1,7 @@ pipeline { agent any parameters { - string(name: 'API_URL', defaultValue: 'https://app.signpath.io/api') string(name: 'ORGANIZATION_ID', defaultValue: '') - string(name: 'CI_USER_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.InstallerProject.CIUserToken') - string(name: 'TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID', defaultValue: 'SignPath.TrustedBuildSystemToken') } stages { stage('Build') { @@ -21,10 +18,7 @@ pipeline { steps { sh 'curl -o build-output/unsigned/bigArtifact.exe https://www.rubicon.eu/downloads/26bb711a-5771-49fb-b41c-cdb2e48243ee/SFX_512MB.exe' submitSigningRequest( - apiUrl: "${params.API_URL}", organizationId: "${params.ORGANIZATION_ID}", - apiTokenCredentialId: "${params.CI_USER_TOKEN_CREDENTIAL_ID}", - trustedBuildSystemTokenCredentialId: "${params.TRUSTED_BUILD_SYSTEM_TOKEN_CREDENTIAL_ID}", projectSlug: "installer", signingPolicySlug: "test-signing", inputArtifactPath: "build-output/unsigned/bigArtifact.exe", diff --git a/README.md b/README.md index 5e77c1b..8de4385 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Preview sample of [Jenkins SignPath Plugin](https://github.com/jenkinsci/signpat # Demo 1. Install the Jenkins CIConnector Plugin -2. Add `SignPath.TrustedBuildSystemToken` (Scope: System) and `SignPath.ExecutableProject.ApiToken` (Scope: Global) +2. Add `SignPath.TrustedBuildSystemToken` (Scope: System) and `SignPath.ApiToken` (Scope: Global) 3. Create a new Pipeline `Sign Executable (test-signing)` * Add a parameter `ORGANIZATION_ID` with the org id as default * Select _Pipeline script from SCM_ and enter this repo URL and `Jenkinsfile.executable.test-signing` as name