Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Overview

The SignReleaseBundle native step signs a Release Bundle in preparation for distributing it to Edge nodes. 


Page Contents


YAML Schema

The YAML schema for SignReleaseBundle native step is as follows:

SignReleaseBundle
pipelines:
  - name:   <string>
    steps:
      - name: <string>
        type: SignReleaseBundle
        configuration:
		  #inherits all the tags from bash; https://www.jfrog.com/confluence/display/JFROG/Bash
          inputResources:
            - name:            <release bundle to sign>  # required
    		  trigger: false
          outputResources:
            - name:            <signed release bundle>  # required

        execution:
          onStart:
            - echo "Preparing for work..."
          onSuccess:
            - echo "Job well done!"
          onFailure:
            - echo "uh oh, something went wrong"
          onComplete: #always
            - echo "Cleaning up some stuff"

Tags

name 

An alphanumeric string (underscores are permitted) that identifies the step.

type 

Must be SignReleaseBundle for this step type.

configuration

Specifies all configuration selections for the step's execution environment. This step inherits the Bash/PowerShell step configuration tags, including these pertinent tags:

Tag

Description of usage

Required/Optional
inputResources Must specify a ReleaseBundle resource whose name and version properties identify the release bundle to be signed. Required
outputResources 

Must specify a ReleaseBundle resource. This ReleaseBundle is updated with the name and version properties of the input ReleaseBundle, and sets the isSigned property to true.

Required


There is no additional configuration required.

Tags derived from Bash

All native steps derive from the Bash step. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well that support the step's particular function. So it's important to be familiar with the Bash step definition, since it's the core of the definition of all other steps.

GPG Signing Key Passphrase

When your Distribution release bundle GPG signing key is passphrase protected, remember to provide the GPG Signing Key Passphrase when creating/updating your Distribution Integration .

execution

Declares collections of shell command sequences to perform for pre- and post-execution phases:

TagDescription of usageRequired/Optional
onStartCommands to execute in advance of the native operationOptional
onSuccessCommands to execute on successful completionOptional
onFailureCommands to execute on failed completionOptional
onCompleteCommands to execute on any completionOptional


The actions performed for the onExecute phase are inherent to this step type and may not be overridden.


Examples

The following example shows how to configure a SignReleaseBundle step.

Sign a Release Bundle

Signs a ReleaseBundle provided as an input.

SignReleaseBundle
template: true   # required for local templates
valuesFilePath: ./values.yml

resources:
  # Build info of first build to bundle
  - name: gosvc_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.myArtifactoryIntegration }}
      buildName: svc_build
      buildNumber: 1

  # Build info of second build to bundle
  - name: appl_promoted_build_info
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.demoArtifactoryIntegration }}
      buildName: backend_build
      buildNumber: 1

  # Release bundle
  - name: release_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Signed version of the same release bundle
  - name: signed_bundle
    type: ReleaseBundle
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      name: demo_rb
      version: v1.0.0

  # Distribution rules
  - name: distribution_rules
    type: DistributionRule
    configuration:
      sourceDistribution: {{ .Values.distributionIntegration }}
      serviceName: "*"
      siteName: "*"
      cityName: "*"
      countryCodes:
        - "CN"
        - "GB"

pipelines:
  - name: demo_release_mgmt
    steps:
      - name: bundle
        type: CreateReleaseBundle
        configuration:
          releaseBundleName: demo_rb
          releaseBundleVersion: v1.0.${run_number}
          dryRun: false
          sign: false
          description: "some random test description"
          inputResources:
            - name: gosvc_promoted_build_info
              trigger: true
            - name: appl_promoted_build_info
              trigger: true
          outputResources:
            - name: release_bundle
          releaseNotes:
            syntax: markdown
            content: |
              ## Heading
                * Bullet
                * Points
            
      - name: sign
        type: SignReleaseBundle
        configuration:
          inputResources:
            - name: release_bundle
          outputResources:
            - name: signed_bundle

      - name: distribute
        type: DistributeReleaseBundle
        configuration:
          dryRun: false
          inputResources:
            - name: signed_bundle
            - name: distribution_rules

How it Works

When you use the SignReleaseBundle native step in a pipeline, it performs the following functions in the background:

  • curl $distUrl/api/v1/release_bundle/$releaseBundleName/$releaseBundleVersion/sign (sign the release bundle)
  • write_output (update the output ReleaseBundle resource)
  • No labels
Copyright © 2021 JFrog Ltd.