Jenkins Release Automation project: Jenkins Code Signing Certificate

[Olblak]

Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are

olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 

[Jeff Thompson]

This is great news!

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com.

[Raihaan Shouhell]

That really is great news, the release pipeline does LTS as well?

Great job, and thanks for all your efforts.

Cheers,

Raihaan

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com.

[Olblak]

That really is great news, the release pipeline does LTS as well?

It should and we want to use the release environment for every release but we didn't test it yet.

Basically we can provide a release profile configuration, defined here, and it defines which git repository we are going to use for the release, it could be jenkinsci/jenkins, jenkinsci-cert/jenkins, currently it's set to olblak/jenkins as long as the credential can push commits to the targetted repository. We also specify the maven repository where we publish generated artifacts.

During the packaging, we specify from which maven repository we want to fetch the war file and we generate packages as described here.

Because the release process involves pushing commits to jenkinsci/jenkins, we can't have both release process running on the master branch, so we now have to run the latest tests on my jenkins fork before switching to jenkinsci/jenkins 

---

gpg --keyserver keys.gnupg.net --recv-key 52210D3D

---

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFoxvgxGtRW5pFaq2%3DhegXtnD%2BMyDBgDEpEMcPsgnedbM2UQgA%40mail.gmail.com.

[Tracy Miranda]

Super happy to hear this! Thanks Olivier

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/eb12abd6-0641-4c36-bc3e-baeac2242996%40www.fastmail.com.