Fix GPG signing in Windows release build (GH-32089)

This commit is contained in:
Steve Dower 2022-03-23 23:36:26 +00:00 committed by GitHub
parent ff619c7dfe
commit 366c54633e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 40 deletions

View File

@ -1,31 +0,0 @@
parameters:
GPGKeyFile: $(GPGKey)
GPGPassphrase: $(GPGPassphrase)
Files: '*'
WorkingDirectory: $(Build.BinariesDirectory)
Condition: succeeded()
steps:
- task: DownloadSecureFile@1
name: gpgkey
inputs:
secureFile: ${{ parameters.GPGKeyFile }}
condition: ${{ parameters.Condition }}
displayName: 'Download GPG key'
- powershell: |
git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
(gci -File ${{ parameters.Files }}).FullName | %{
gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_
"Made signature for $_"
}
condition: ${{ parameters.Condition }}
displayName: 'Generate GPG signatures'
workingDirectory: ${{ parameters.WorkingDirectory }}
- powershell: |
$p = gps "gpg-agent" -EA 0
if ($p) { $p.Kill() }
displayName: 'Kill GPG agent'
condition: true

View File

@ -84,16 +84,32 @@ jobs:
condition: and(succeeded(), ne(variables['PublishARM64'], 'true')) condition: and(succeeded(), ne(variables['PublishARM64'], 'true'))
- template: ./gpg-sign.yml - task: DownloadSecureFile@1
parameters: name: gpgkey
GPGKeyFile: 'python-signing.key' inputs:
Files: 'msi\*\*, embed\*.zip' secureFile: 'python-signing.key'
displayName: 'Download GPG key'
- powershell: |
git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
$files = gci -File "msi\*\*", "embed\*.zip"
if ("$(DoCHM)" -ieq "true") {
$files = $files + (gci -File "doc\htmlhelp\*.chm")
}
$files.FullName | %{
gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_
"Made signature for $_"
}
displayName: 'Generate GPG signatures'
workingDirectory: $(Build.BinariesDirectory)
- powershell: |
$p = gps "gpg-agent" -EA 0
if ($p) { $p.Kill() }
displayName: 'Kill GPG agent'
condition: true
- template: ./gpg-sign.yml
parameters:
GPGKeyFile: 'python-signing.key'
Files: 'doc\htmlhelp\*.chm'
Condition: and(succeeded(), eq(variables['DoCHM'], 'true'))
- powershell: > - powershell: >
$(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1 $(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1