diff --git a/.azure-pipelines/windows-release/gpg-sign.yml b/.azure-pipelines/windows-release/gpg-sign.yml deleted file mode 100644 index 04206d23e49..00000000000 --- a/.azure-pipelines/windows-release/gpg-sign.yml +++ /dev/null @@ -1,31 +0,0 @@ -parameters: - GPGKeyFile: $(GPGKey) - GPGPassphrase: $(GPGPassphrase) - Files: '*' - WorkingDirectory: $(Build.BinariesDirectory) - Condition: succeeded() - -steps: -- task: DownloadSecureFile@1 - name: gpgkey - inputs: - secureFile: ${{ parameters.GPGKeyFile }} - condition: ${{ parameters.Condition }} - displayName: 'Download GPG key' - -- powershell: | - git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg" - gpg/gpg2.exe --import "$(gpgkey.secureFilePath)" - (gci -File ${{ parameters.Files }}).FullName | %{ - gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_ - "Made signature for $_" - } - condition: ${{ parameters.Condition }} - displayName: 'Generate GPG signatures' - workingDirectory: ${{ parameters.WorkingDirectory }} - -- powershell: | - $p = gps "gpg-agent" -EA 0 - if ($p) { $p.Kill() } - displayName: 'Kill GPG agent' - condition: true diff --git a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml index ee50e4e8aa0..e8f12b64e55 100644 --- a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml +++ b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml @@ -84,16 +84,32 @@ jobs: condition: and(succeeded(), ne(variables['PublishARM64'], 'true')) - - template: ./gpg-sign.yml - parameters: - GPGKeyFile: 'python-signing.key' - Files: 'msi\*\*, embed\*.zip' + - task: DownloadSecureFile@1 + name: gpgkey + inputs: + secureFile: 'python-signing.key' + displayName: 'Download GPG key' + + - powershell: | + git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg" + gpg/gpg2.exe --import "$(gpgkey.secureFilePath)" + $files = gci -File "msi\*\*", "embed\*.zip" + if ("$(DoCHM)" -ieq "true") { + $files = $files + (gci -File "doc\htmlhelp\*.chm") + } + $files.FullName | %{ + gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_ + "Made signature for $_" + } + displayName: 'Generate GPG signatures' + workingDirectory: $(Build.BinariesDirectory) + + - powershell: | + $p = gps "gpg-agent" -EA 0 + if ($p) { $p.Kill() } + displayName: 'Kill GPG agent' + condition: true - - template: ./gpg-sign.yml - parameters: - GPGKeyFile: 'python-signing.key' - Files: 'doc\htmlhelp\*.chm' - Condition: and(succeeded(), eq(variables['DoCHM'], 'true')) - powershell: > $(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1