mirror of
https://github.com/digital-asset/daml.git
synced 2024-11-10 10:46:11 +03:00
e39c20ecbc
The existing public key is set to expire in May, so we've changed it.
Note: this _should_ require no other change as the private key is
unchanged (i.e. the new public key can be used to verify old
signatures), but my understanding of GPG is somewhat limited so 🤷.
CHANGELOG_BEGIN
CHANGELOG_END
156 lines
5.7 KiB
YAML
156 lines
5.7 KiB
YAML
# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
parameters:
|
|
var_name: ''
|
|
|
|
steps:
|
|
- bash: |
|
|
set -euo pipefail
|
|
TMP=$(mktemp)
|
|
cat > $TMP <<'END'
|
|
escape_slack() {
|
|
local r
|
|
r="$1"
|
|
r="${r//&/&}"
|
|
r="${r//>/>}"
|
|
r="${r//</<}"
|
|
echo "$r"
|
|
}
|
|
get_gh_auth_header() {
|
|
# Credentials are persisted in a different way on GCP and Azure nodes.
|
|
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
|
# On Azure nodes, the auth header is stored directly in the git
|
|
# config.
|
|
echo $header
|
|
else
|
|
# On GCP nodes, the credentials are stored as part of the remote
|
|
# url instead of as a separate header. The format is
|
|
# https://username:password@github.com/:user/:repo.git
|
|
echo "Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev | tr -d '\n' | base64 -w0)"
|
|
fi
|
|
}
|
|
open_pr() {
|
|
local branch title
|
|
branch="$1"
|
|
title="$2"
|
|
git branch -D $branch || true
|
|
git checkout -b $branch
|
|
git -c user.name="Azure Pipelines DAML Build" \
|
|
-c user.email="support@digitalasset.com" \
|
|
commit \
|
|
-m "$(printf "$title\n\nCHANGELOG_BEGIN\nCHANGELOG_END\n")"
|
|
git push origin $branch:$branch
|
|
jq -n --arg title "$title" \
|
|
--arg branch "$branch" \
|
|
'{"title": $title, "head": $branch, "base": "main"}' \
|
|
| curl -H "Content-Type: application/json" \
|
|
-H "$(get_gh_auth_header)" \
|
|
--fail \
|
|
--silent \
|
|
--include \
|
|
--location \
|
|
-d @- \
|
|
https://api.github.com/repos/digital-asset/daml/pulls
|
|
}
|
|
user_slack_handle() {
|
|
local email sha
|
|
sha=$1
|
|
email=$(git log -n 1 --format=%ae $sha)
|
|
if cat ci/slack_user_ids | grep $email >/dev/null 2>&1; then
|
|
echo $(cat ci/slack_user_ids | grep $email | awk '{print $2}')
|
|
else
|
|
echo ""
|
|
fi
|
|
}
|
|
tell_slack() {
|
|
local message channel
|
|
message="$1"
|
|
channel=${2:-$(Slack.team-daml)}
|
|
jq -n --arg message "$message" '{"text": $message}' \
|
|
| curl -XPOST -i -H 'Content-Type: application/json' -d @- $channel
|
|
}
|
|
gcs() {
|
|
local args cleanup cmd cred key restore_trap ret
|
|
ret=1
|
|
|
|
cred="$1"
|
|
cmd="$2"
|
|
args=(${@:3})
|
|
|
|
key=$(mktemp)
|
|
# There may already be a trap; this will save it
|
|
restore_trap=$(trap -p EXIT)
|
|
config_dir=$(mktemp -d)
|
|
cleanup="rm -rf $key $config_dir"
|
|
trap "$cleanup; $restore_trap" EXIT
|
|
echo "$cred" > $key
|
|
export CLOUDSDK_CONFIG="$config_dir"
|
|
gcloud auth activate-service-account --key-file=$key
|
|
|
|
BOTO_CONFIG=/dev/null gsutil $cmd "${args[@]}"
|
|
ret=$?
|
|
eval "$cleanup"
|
|
trap - EXIT
|
|
eval "$restore_trap"
|
|
return $ret
|
|
}
|
|
gpg_verify() {
|
|
local key gpg_dir signature_file res
|
|
signature_file=$1
|
|
key=$(mktemp)
|
|
cat > $key <<PUB_KEY
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
mQENBFzdsasBCADO+ZcfZQATP6ceTh4WfXiL2Z2tetvUZGfTaEs/UfBoJPmQ53bN
|
|
90MxudKhgB2mi8DuifYnHfLCvkxSgzfhj2IogV1S+Fa2x99Y819GausJoYfK9gwc
|
|
8YWKEkM81F15jA5UWJTsssKNxUddr/sxJIHIFfqGRQ0e6YeAcc5bOAogBE8UrmxE
|
|
uGfOt9/MvLpDewjDE+2lQOFi9RZuy7S8RMJLTiq2JWbO5yI50oFKeMQy/AJPmV7y
|
|
qAyYUIeZZxvrYeBWi5JDsZ2HOSJPqV7ttD2MvkyXcJCW/Xf8FcleAoWJU09RwVww
|
|
BhZSDz+9mipwZBHENILMuVyEygG5A+vc/YptABEBAAG0N0RpZ2l0YWwgQXNzZXQg
|
|
SG9sZGluZ3MsIExMQyA8c2VjdXJpdHlAZGlnaXRhbGFzc2V0LmNvbT6JAVQEEwEI
|
|
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRJEajf6Xas36BxMNvoNywM
|
|
HHNMUQUCYHxZ3AUJB2EPMAAKCRDoNywMHHNMUfJpB/9Gj7Kce6qtrXj4f54eLOf1
|
|
RpKYUnBcBWjmrnj8eS9AYLy7C1nkpP4H8OAlDJWxslnY6MjMOYmPNgGzf4/MONxa
|
|
PuFbRdfyblkUfujXikI2GFXwyUDEp9J0WOTC9LmZkRxf92bFxTy9rD+Lx9EeBPdi
|
|
nfyID2TOKH0fY0pawqjjvnLyVb/WfNUogkhLRpDXFWrykCWDaWQmFgDkLU2nYkb+
|
|
YyEfWq4cgF3Sbsa43AToRUpU16rldPwClmtDPS8Ba/SxvcU3l+9ksdcTsIko8BEy
|
|
Bw0K5xkRenEDDwpZvTA2bHLs3iBWW6WC52wyUOLzar+ha/YRgNjb8YBlkYbLbwaN
|
|
uQENBFzdsasBCAC5fr5pqxFm+AWPc7wiBSt7uKNdxiRJYydeoPqgmYZTvc8Um8pI
|
|
6JHtUrNxnx4WWKtj6iSPn5pSUrJbue4NAUsBF5O9LZ0fcQKb5diZLGHKtOZttCaj
|
|
Iryp1Rm961skmPmi3yYaHXq4GC/05Ra/bo3C+ZByv/W0JzntOxA3Pvc3c8Pw5sBm
|
|
63xu7iRrnJBtyFGD+MuAZxbN8dwYX0OcmwuSFGxf/wa+aB8b7Ut9RP76sbDvFaXx
|
|
Ef314k8AwxUvlv+ozdNWmEBxp1wR/Fra9i8EbC0V6EkCcModRhjbaNSPIbgkC0ka
|
|
2cgYp1UDgf9FrKvkuir70dg75qSrPRwvFghrABEBAAGJATwEGAEIACYCGwwWIQRJ
|
|
Eajf6Xas36BxMNvoNywMHHNMUQUCYHxZ3AUJB2EPMQAKCRDoNywMHHNMUYXRB/0b
|
|
Ln55mfnhJUFwaL49Le5I74EoL4vCAya6aDDVx/C7PJlVfr+cXZi9gNJn9RTAjCz3
|
|
4yQeg3AFhqvTK/bEH7RvAfqeUf8TqPjI/qDacSFDhZjdsg3GMDolXp0oubp9mN+Y
|
|
JFowLzulJ7DXFVyICozuWeixcjtKzlePX0GW80kcPzXCNwukcMrwCf45+OzF6YMb
|
|
yA2FyBmjjgAlHKM/oUapVoD2hmO3ptC5CAkfslxrsIUAfoStez9MrGoX1JOCu4qm
|
|
aODLV3Mlty4HhdtO2o+Akh6ay5fnrXQ5r2kGa1ICrfoFFKs7oWpSDbsTsgQKexFC
|
|
rLmmBKjG6RQfWJyVSUc8
|
|
=pVlb
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
PUB_KEY
|
|
gpg_dir=$(mktemp -d)
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --import $key
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --command-fd 0 --edit-key 4911A8DFE976ACDFA07130DBE8372C0C1C734C51 << CMD
|
|
trust
|
|
4
|
|
quit
|
|
CMD
|
|
GNUPGHOME=$gpg_dir gpg --verify $signature_file
|
|
res=$?
|
|
rm -rf $gpg_dir $key
|
|
return $res
|
|
}
|
|
setvar() {
|
|
echo "Setting '$1' to '$2'"
|
|
echo "##vso[task.setvariable variable=$1;isOutput=true]$2"
|
|
}
|
|
|
|
END
|
|
echo "##vso[task.setvariable variable=${{parameters.var_name}}]$TMP"
|
|
displayName: install Bash lib
|
|
condition: always()
|