Jenkins Release Automation project: Jenkins Code Signing Certificate

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins Release Automation project: Jenkins Code Signing Certificate

Olblak-2
Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are
olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

Jeff Thompson

This is great news!

On 3/25/20 2:09 PM, Olblak wrote:
Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are
olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

Raihaan Shouhell
That really is great news, the release pipeline does LTS as well?

Great job, and thanks for all your efforts.

Cheers,
Raihaan

On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson <[hidden email]> wrote:

This is great news!

On 3/25/20 2:09 PM, Olblak wrote:
Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are
olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFoxvgxGtRW5pFaq2%3DhegXtnD%2BMyDBgDEpEMcPsgnedbM2UQgA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

Olblak-2
That really is great news, the release pipeline does LTS as well?

It should and we want to use the release environment for every release but we didn't test it yet.

Basically we can provide a release profile configuration, defined here, and it defines which git repository we are going to use for the release, it could be jenkinsci/jenkins, jenkinsci-cert/jenkins, currently it's set to olblak/jenkins as long as the credential can push commits to the targetted repository. We also specify the maven repository where we publish generated artifacts.

During the packaging, we specify from which maven repository we want to fetch the war file and we generate packages as described here.

Because the release process involves pushing commits to jenkinsci/jenkins, we can't have both release process running on the master branch, so we now have to run the latest tests on my jenkins fork before switching to jenkinsci/jenkins 


---
gpg --keyserver keys.gnupg.net --recv-key 52210D3D
---


On Thu, Mar 26, 2020, at 7:03 AM, Raihaan Shouhell wrote:
That really is great news, the release pipeline does LTS as well?

Great job, and thanks for all your efforts.

Cheers,
Raihaan

On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson <[hidden email]> wrote:

This is great news!

On 3/25/20 2:09 PM, Olblak wrote:
Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are
olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/eb12abd6-0641-4c36-bc3e-baeac2242996%40www.fastmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

Tracy Miranda
Super happy to hear this! Thanks Olivier

On Thu, Mar 26, 2020 at 3:26 AM Olblak <[hidden email]> wrote:
That really is great news, the release pipeline does LTS as well?

It should and we want to use the release environment for every release but we didn't test it yet.

Basically we can provide a release profile configuration, defined here, and it defines which git repository we are going to use for the release, it could be jenkinsci/jenkins, jenkinsci-cert/jenkins, currently it's set to olblak/jenkins as long as the credential can push commits to the targetted repository. We also specify the maven repository where we publish generated artifacts.

During the packaging, we specify from which maven repository we want to fetch the war file and we generate packages as described here.

Because the release process involves pushing commits to jenkinsci/jenkins, we can't have both release process running on the master branch, so we now have to run the latest tests on my jenkins fork before switching to jenkinsci/jenkins 


---
gpg --keyserver keys.gnupg.net --recv-key 52210D3D
---


On Thu, Mar 26, 2020, at 7:03 AM, Raihaan Shouhell wrote:
That really is great news, the release pipeline does LTS as well?

Great job, and thanks for all your efforts.

Cheers,
Raihaan

On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson <[hidden email]> wrote:

This is great news!

On 3/25/20 2:09 PM, Olblak wrote:
Hello,

I am happy to share that I received a code signing certificate for the Jenkins project, so the next step is to update the release environment with the right code signing certificate and the right gpg key, verify that they are in a safe location (both on Azure Key vault) and then finalize the publishing part.

Quick reminder on the current state of this project.

I deployed a specific Jenkins instance in the vpn, it's called release.ci.jenkins.io. This instance is configured with two jobs one to trigger release and a second one to trigger packaging for a specific release for debian,redhat,suse, msi

release.ci.jenkins.io configuration is defined on jenkins-infra/charts.

I created a new repository  named "github.com/jenkins-infra/release", where that repository contains scripts, Jenkinsfiles and pod template definition used by release.ci.jenkins.io

Finally, I reused and adapted scripts from jenkinsci/packaging, with the last PR located here, I wish I had the time to refactor more those scripts to reduce the dependency on pkg.jenkins.io but I'll probably have to take some shortcut.

Today people that I consider who should be able to trigger a job from release.ci.jenkins.io are
olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have read-only access from the vpn.

Feel free to ask if you have any questions, or just suggestions.

Cheers 
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].


--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/eb12abd6-0641-4c36-bc3e-baeac2242996%40www.fastmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CACTaz6p_e9ja419UQT_DJi6TqJZa_pKUeihrCC7JZGJDVBJn5g%40mail.gmail.com.