Fix GPG signing in Windows release build (GH-32089)

2022-03-23 23:36:26 +00:00 · 2022-03-23 23:36:26 +00:00 · 366c54633e
parent ff619c7dfe
commit 366c54633e
2 changed files with 25 additions and 40 deletions
--- a/.azure-pipelines/windows-release/gpg-sign.yml
+++ b/.azure-pipelines/windows-release/gpg-sign.yml
@ -1,31 +0,0 @@
-parameters:
-  GPGKeyFile: $(GPGKey)
-  GPGPassphrase: $(GPGPassphrase)
-  Files: '*'
-  WorkingDirectory: $(Build.BinariesDirectory)
-  Condition: succeeded()
-
-steps:
- task: DownloadSecureFile@1
-  name: gpgkey
-  inputs:
-    secureFile: ${{ parameters.GPGKeyFile }}
-  condition: ${{ parameters.Condition }}
-  displayName: 'Download GPG key'
-
- powershell: |
-    git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
-    gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
-    (gci -File ${{ parameters.Files }}).FullName | %{
-        gpg/gpg2.exe -ba --batch --passphrase ${{ parameters.GPGPassphrase }} $_
-        "Made signature for $_"
-    }
-  condition: ${{ parameters.Condition }}
-  displayName: 'Generate GPG signatures'
-  workingDirectory: ${{ parameters.WorkingDirectory }}
-
- powershell: |
-    $p = gps "gpg-agent" -EA 0
-    if ($p) { $p.Kill() }
-  displayName: 'Kill GPG agent'
-  condition: true
--- a/.azure-pipelines/windows-release/stage-publish-pythonorg.yml
+++ b/.azure-pipelines/windows-release/stage-publish-pythonorg.yml
@ -84,16 +84,32 @@ jobs:
    condition: and(succeeded(), ne(variables['PublishARM64'], 'true'))


-  - template: ./gpg-sign.yml
-    parameters:
-      GPGKeyFile: 'python-signing.key'
-      Files: 'msi\*\*, embed\*.zip'
+  - task: DownloadSecureFile@1
+    name: gpgkey
+    inputs:
+      secureFile: 'python-signing.key'
+    displayName: 'Download GPG key'
+
+  - powershell: |
+      git clone https://github.com/python/cpython-bin-deps --branch gpg --single-branch --depth 1 --progress -v "gpg"
+      gpg/gpg2.exe --import "$(gpgkey.secureFilePath)"
+      $files = gci -File "msi\*\*", "embed\*.zip"
+      if ("$(DoCHM)" -ieq "true") {
+          $files = $files + (gci -File "doc\htmlhelp\*.chm")
+      }
+      $files.FullName | %{
+          gpg/gpg2.exe -ba --batch --passphrase $(GPGPassphrase) $_
+          "Made signature for $_"
+      }
+    displayName: 'Generate GPG signatures'
+    workingDirectory: $(Build.BinariesDirectory)
+
+  - powershell: |
+      $p = gps "gpg-agent" -EA 0
+      if ($p) { $p.Kill() }
+    displayName: 'Kill GPG agent'
+    condition: true

-  - template: ./gpg-sign.yml
-    parameters:
-      GPGKeyFile: 'python-signing.key'
-      Files: 'doc\htmlhelp\*.chm'
-      Condition: and(succeeded(), eq(variables['DoCHM'], 'true'))

  - powershell: >
      $(Build.SourcesDirectory)\Tools\msi\uploadrelease.ps1