mirror of https://github.com/python/cpython
Fix GPG signing in Windows release build (GH-32089)
This commit is contained in:
parent
ff619c7dfe
commit
366c54633e
|
@ -1,31 +0,0 @@
|
||||||
parameters:
|
|
||||||
GPGKeyFile: $(GPGKey)
|
|
||||||
GPGPassphrase: $(GPGPassphrase)
|
|
||||||
Files: '*'
|
|
||||||
WorkingDirectory: $(Build.BinariesDirectory)
|
|
||||||
Condition: succeeded()
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- task: DownloadSecureFile@1
|
|
||||||
name: gpgkey
|
|
||||||
inputs:
|
|
||||||
secureFile: ${{ parameters.GPGKeyFile }}
|
|
||||||
condition: ${{ parameters.Condition }}
|
|
||||||
displayName: 'Download GPG key'
|
|
||||||
|
|
||||||
- powershell: |
|
|
||||||
git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
|
|
||||||
gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
|
|
||||||
(gci -File ${{ parameters.Files }}).FullName | %{
|
|
||||||
gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_
|
|
||||||
"Made signature for $_"
|
|
||||||
}
|
|
||||||
condition: ${{ parameters.Condition }}
|
|
||||||
displayName: 'Generate GPG signatures'
|
|
||||||
workingDirectory: ${{ parameters.WorkingDirectory }}
|
|
||||||
|
|
||||||
- powershell: |
|
|
||||||
$p = gps "gpg-agent" -EA 0
|
|
||||||
if ($p) { $p.Kill() }
|
|
||||||
displayName: 'Kill GPG agent'
|
|
||||||
condition: true
|
|
|
@ -84,16 +84,32 @@ jobs:
|
||||||
condition: and(succeeded(), ne(variables['PublishARM64'], 'true'))
|
condition: and(succeeded(), ne(variables['PublishARM64'], 'true'))
|
||||||
|
|
||||||
|
|
||||||
- template: ./gpg-sign.yml
|
- task: DownloadSecureFile@1
|
||||||
parameters:
|
name: gpgkey
|
||||||
GPGKeyFile: 'python-signing.key'
|
inputs:
|
||||||
Files: 'msi\*\*, embed\*.zip'
|
secureFile: 'python-signing.key'
|
||||||
|
displayName: 'Download GPG key'
|
||||||
|
|
||||||
|
- powershell: |
|
||||||
|
git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
|
||||||
|
gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
|
||||||
|
$files = gci -File "msi\*\*", "embed\*.zip"
|
||||||
|
if ("$(DoCHM)" -ieq "true") {
|
||||||
|
$files = $files + (gci -File "doc\htmlhelp\*.chm")
|
||||||
|
}
|
||||||
|
$files.FullName | %{
|
||||||
|
gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_
|
||||||
|
"Made signature for $_"
|
||||||
|
}
|
||||||
|
displayName: 'Generate GPG signatures'
|
||||||
|
workingDirectory: $(Build.BinariesDirectory)
|
||||||
|
|
||||||
|
- powershell: |
|
||||||
|
$p = gps "gpg-agent" -EA 0
|
||||||
|
if ($p) { $p.Kill() }
|
||||||
|
displayName: 'Kill GPG agent'
|
||||||
|
condition: true
|
||||||
|
|
||||||
- template: ./gpg-sign.yml
|
|
||||||
parameters:
|
|
||||||
GPGKeyFile: 'python-signing.key'
|
|
||||||
Files: 'doc\htmlhelp\*.chm'
|
|
||||||
Condition: and(succeeded(), eq(variables['DoCHM'], 'true'))
|
|
||||||
|
|
||||||
- powershell: >
|
- powershell: >
|
||||||
$(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1
|
$(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1
|
||||||
|
|
Loading…
Reference in New Issue