Changeset 25873


Ignore:
Timestamp:
12/15/20 12:22:52 (4 years ago)
Author:
jdquinn
Message:

BUG: Need special handling of svn calls in the context of the Jenkins ‘Execute shell’

Location:
issm/trunk-jpl/packagers/mac
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh

    r25849 r25873  
    3737#
    3838# NOTE:
    39 # - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in
     39# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in
    4040#       the 'Bindings' section under a 'Username and password (separated)' binding
    4141#       (requires 'Credentials Binding Plugin').
     
    7373MATLAB_PATH="/Applications/MATLAB_R2018a.app"
    7474NOTARIZATION_LOGFILE="notarization.log"
    75 PASSWORD=$env:issm-binaries-pass
     75PASSWORD=${ISSM_BINARIES_PASS}
    7676PKG="ISSM-macOS-MATLAB" # Name of directory to copy distributable files to
    7777RETRIGGER_SIGNING_FILE="retrigger.txt"
     
    8282UNSIGNED_REPO_COPY="./unsigned"
    8383UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned"
    84 USERNAME=$env:issm-binaries-user
     84USERNAME=${ISSM_BINARIES_USER}
    8585
    8686COMPRESSED_PKG="${PKG}.zip"
     
    8989#
    9090export PATH="${ISSM_DIR}/bin:$(getconf PATH)" # Ensure that we pick up binaries from 'bin' directory rather than 'externalpackages'
    91 
     91AGU
    9292## Parse options
    9393#
     
    116116        # build can run
    117117        echo "Removing lock file from repository for signed packages"
    118         svn co \
     118        svn checkout \
     119                --trust-server-cert \
     120                --non-interactive \
    119121                --username ${USERNAME} \
    120122                --password ${PASSWORD} \
     
    124126        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    125127        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    126         svn commit --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     128        svn commit \
     129                --trust-server-cert \
     130                --non-interactive \
     131                --username ${USERNAME} \
     132                --password ${PASSWORD} \
     133                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    127134        svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
    128135        exit 1
     
    149156                #
    150157                echo "Checking out copy of repository for signed packages"
    151                 svn co \
     158                svn checkout \
     159                        --trust-server-cert \
     160                        --non-interactive \
    152161                        --username ${USERNAME} \
    153162                        --password ${PASSWORD} \
     
    266275        touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    267276        svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    268         svn commit --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     277        svn commit \
     278                --trust-server-cert \
     279                --non-interactive \
     280                --username ${USERNAME} \
     281                --password ${PASSWORD} \
     282                --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    269283
    270284        # Save current working copy revision number
     
    274288        # Check out copy of SVN repository for unsigned packages
    275289        echo "Checking out copy of repository for unsigned packages"
    276         svn co \
     290        svn checkout \
     291                --trust-server-cert \
     292                --non-interactive \
    277293                --username ${USERNAME} \
    278294                --password ${PASSWORD} \
     
    289305                cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
    290306                svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
    291                 svn commit --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     307                svn commit \
     308                        --trust-server-cert \
     309                        --non-interactive \
     310                        --username ${USERNAME} \
     311                        --password ${PASSWORD} \
     312                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    292313        else
    293314                # NOTE: If notarize_only == 1, we commit a dummy file as the signing
     
    298319                touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
    299320                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    300                 svn commit --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     321                svn commit \
     322                        --trust-server-cert \
     323                        --non-interactive \
     324                        --username ${USERNAME} \
     325                        --password ${PASSWORD} \
     326                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    301327        fi
    302328

  • issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh

    r25788 r25873  
    3737#
    3838# NOTE:
    39 # - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in
     39# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in
    4040#       the 'Bindings' section under a 'Username and password (separated)' binding
    4141#       (requires 'Credentials Binding Plugin').
     
    7171#
    7272NOTARIZATION_LOGFILE="notarization.log"
    73 PASSWORD=$env:issm-binaries-pass
     73PASSWORD=${ISSM_BINARIES_PASS}
    7474PKG="ISSM-macOS-Python" # Name of directory to copy distributable files to
    7575PYTHON_NROPTIONS="--benchmark all --exclude 125 126 234 235 418 420 435 444 445 701 702 703 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1201 1202 1203 1204 1205 1206 1207 1208 1301 1302 1303 1304 1401 1402 1601 1602 2006 2020 2021 2051 2052 2053 3001:3200 3201 3202 3300 3480 3481 4001 4002 4003" # NOTE: Combination of test suites from basic, Dakota, and Solid Earth builds, with tests that require a restart and those that require the JVM excluded
     
    8181UNSIGNED_REPO_COPY="./unsigned"
    8282UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned"
    83 USERNAME=$env:issm-binaries-user
     83USERNAME=${ISSM_BINARIES_USER}
    8484
    8585COMPRESSED_PKG="${PKG}.zip"
     
    115115        # build can run
    116116        echo "Removing lock file from repository for signed packages"
    117         svn co \
     117        svn checkout \
     118                --trust-server-cert \
     119                --non-interactive \
    118120                --username ${USERNAME} \
    119121                --password ${PASSWORD} \
     
    123125        svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    124126        svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    125         svn commit --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     127        svn commit \
     128                --trust-server-cert \
     129                --non-interactive \
     130                --username ${USERNAME} \
     131                --password ${PASSWORD} \
     132                --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    126133        svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
    127134        exit 1
     
    142149                #
    143150                echo "Checking out copy of repository for signed packages"
    144                 svn co \
     151                svn checkout \
     152                        --trust-server-cert \
     153                        --non-interactive \
    145154                        --username ${USERNAME} \
    146155                        --password ${PASSWORD} \
     
    267276        touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
    268277        svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
    269         svn commit --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     278        svn commit \
     279                --trust-server-cert \
     280                --non-interactive \
     281                --username ${USERNAME} \
     282                --password ${PASSWORD} \
     283                --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    270284
    271285        # Save current working copy revision number
     
    275289        # Check out copy of SVN repository for unsigned packages
    276290        echo "Checking out copy of repository for unsigned packages"
    277         svn co \
     291        svn checkout \
     292                --trust-server-cert \
     293                --non-interactive \
    278294                --username ${USERNAME} \
    279295                --password ${PASSWORD} \
     
    290306                cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
    291307                svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
    292                 svn commit --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     308                svn commit \
     309                        --trust-server-cert \
     310                        --non-interactive \
     311                        --username ${USERNAME} \
     312                        --password ${PASSWORD} \
     313                        --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    293314        else
    294315                # NOTE: If notarize_only == 1, we commit a dummy file as the signing
     
    299320                touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE}
    300321                svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    301                 svn commit --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     322                svn commit \
     323                        --trust-server-cert \
     324                        --non-interactive \
     325                        --username ${USERNAME} \
     326                        --password ${PASSWORD} \
     327                        --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    302328        fi
    303329

  • issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh

    r25849 r25873  
    1717#       'Add Credentials' and enter the crendentials from above.
    1818# - From the 'Dashboard', select 'New Item' -> 'Freestyle project'.
    19 # - Under 'Source Code Management', select 'Subversion'. 
     19# - Under 'Source Code Management', select 'Subversion'.
    2020#               - The 'Repository URL' text field should be set to
    21 #               "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned"
     21#               "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned".
    2222#               - The 'Credentials' select menu should be set to the new credentials
    2323#               created previously.
     24#               - The 'Local module directory' text field should be set to the same
     25#               value as the constant UNSIGNED_REPO_COPY (set below to './unsigned').
    2426# - Under 'Build Trigggers', check the box for 'Poll SCM' and set the
    2527#       'Schedule' text area to "H/5 * * * *".
     
    2729#       file(s)', then under 'Bindings' click the 'Add...' button and select
    2830#       'Username and password (separated)'.
    29 #               - Set 'Username Variable' to "issm-binaries-user”.
    30 #               - Set 'Password Variable' to "issm-binaries-pass”.
     31#               - Set 'Username Variable' to "ISSM_BINARIES_USER".
     32#               - Set 'Password Variable' to "ISSM_BINARIES_PASS".
    3133# - Under 'Credentials', select the same, new credentials that created
    3234#       previously.
     
    8284NOTARIZATION_LOGFILE="notarization.log"
    8385NOTARIZATION_LOGFILE_PATH="."
     86PASSWORD=${ISSM_BINARIES_PASS}
    8487PKG="ISSM-macOS-MATLAB"
    8588PRIMARY_BUNDLE_ID="**********.issm.matlab" # Should be "gov.nasa.jpl.issm.matlab"
     
    9194UNSIGNED_REPO_COPY="./unsigned"
    9295UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned"
     96USERNAME=${ISSM_BINARIES_USER}
    9397
    9498COMPRESSED_PKG="${PKG}.zip"
     
    101105mkdir ${PKG}
    102106
     107# NOTE: Uncomment the following for local testing (Jenkins checks out copy of
     108#               repository for unsigned packages to working directory)
     109#
    103110# Check out copy of repository for unsigned packages
    104 echo "Checking out copy of respository for unsigned packages"
    105 svn co \
    106         --username ${USERNAME} \
    107         --password ${PASSWORD} \
    108         ${UNSIGNED_REPO_URL} \
    109         ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     111# echo "Checking out copy of respository for unsigned packages"
     112# svn checkout \
     113#       --trust-server-cert \
     114#       --non-interactive \
     115#       --username ${USERNAME} \
     116#       --password ${PASSWORD} \
     117#       ${UNSIGNED_REPO_URL} \
     118#       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    110119
    111120# Extract package contents
     
    239248# Remove dummy file for retriggering signing/notarization (if it exists)
    240249svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    241 svn commit --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     250svn commit \
     251        --trust-server-cert \
     252        --non-interactive \
     253        --username ${USERNAME} \
     254        --password ${PASSWORD} \
     255        --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    242256
    243257# Check out copy of repository for signed packages
    244258echo "Checking out copy of respository for signed packages"
    245 svn co \
     259svn checkout \
     260        --trust-server-cert \
     261        --non-interactive \
    246262        --username ${USERNAME} \
    247263        --password ${PASSWORD} \
     
    263279        # Commit changes
    264280        echo "Committing changes to repository for signed packages"
    265         svn commit --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     281        svn commit \
     282                --trust-server-cert \
     283                --non-interactive \
     284                --username ${USERNAME} \
     285                --password ${PASSWORD} \
     286                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    266287else
    267288        # Commit changes
    268289        echo "Committing changes to repository for signed packages"
    269         svn commit --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     290        svn commit \
     291                --trust-server-cert \
     292                --non-interactive \
     293                --username ${USERNAME} \
     294                --password ${PASSWORD} \
     295                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    270296
    271297        exit 1

  • issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh

    r25849 r25873  
    55# Cybersecurity server for signing macOS applications. Polls SCM of the
    66# Subversion repository hosted at
    7 # https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned to trigger new
     7# https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned to trigger new
    88# builds.
    99#
     
    1717#       'Add Credentials' and enter the crendentials from above.
    1818# - From the 'Dashboard', select 'New Item' -> 'Freestyle project'.
    19 # - Under 'Source Code Management', select 'Subversion'. 
     19# - Under 'Source Code Management', select 'Subversion'.
    2020#               - The 'Repository URL' text field should be set to
    21 #               "https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned"
     21#               "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned".
    2222#               - The 'Credentials' select menu should be set to the new credentials
    2323#               created previously.
     24#               - The 'Local module directory' text field should be set to the same
     25#               value as the constant UNSIGNED_REPO_COPY (set below to './unsigned').
    2426# - Under 'Build Trigggers', check the box for 'Poll SCM' and set the
    2527#       'Schedule' text area to "H/5 * * * *".
     
    2729#       file(s)', then under 'Bindings' click the 'Add...' button and select
    2830#       'Username and password (separated)'.
    29 #               - Set 'Username Variable' to "issm-binaries-user”.
    30 #               - Set 'Password Variable' to "issm-binaries-pass”.
     31#               - Set 'Username Variable' to "ISSM_BINARIES_USER".
     32#               - Set 'Password Variable' to "ISSM_BINARIES_PASS".
    3133# - Under 'Credentials', select the same, new credentials that created
    3234#       previously.
     
    4749################################################################################
    4850
     51# Expand aliases within the context of this script
     52shopt -s expand_aliases
     53
    4954# From https://developer.apple.com/documentation/macos-release-notes/macos-catalina-10_15-release-notes,
    5055#
     
    6065# is available in PATH.
    6166#
    62 shopt -s expand_aliases
     67# NOTE: May be able to remove this after updating macOS.
     68#
    6369alias svn='/usr/local/bin/svn'
    6470
     
    7884NOTARIZATION_LOGFILE="notarization.log"
    7985NOTARIZATION_LOGFILE_PATH="."
     86PASSWORD=${ISSM_BINARIES_PASS}
    8087PKG="ISSM-macOS-Python"
    8188PRIMARY_BUNDLE_ID="**********.issm.python" # Should be "gov.nasa.jpl.issm.python"
     
    8794UNSIGNED_REPO_COPY="./unsigned"
    8895UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned"
     96USERNAME=${ISSM_BINARIES_USER}
    8997
    9098COMPRESSED_PKG="${PKG}.zip"
     
    97105mkdir ${PKG}
    98106
     107# NOTE: Uncomment the following for local testing (Jenkins checks out copy of
     108#               repository for unsigned packages to working directory)
     109#
    99110# Check out copy of repository for unsigned packages
    100 echo "Checking out copy of respository for unsigned packages"
    101 svn co \
    102         --username ${USERNAME} \
    103         --password ${PASSWORD} \
    104         ${UNSIGNED_REPO_URL} \
    105         ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     111# echo "Checking out copy of respository for unsigned packages"
     112# svn checkout \
     113#       --trust-server-cert \
     114#       --non-interactive \
     115#       --username ${USERNAME} \
     116#       --password ${PASSWORD} \
     117#       ${UNSIGNED_REPO_URL} \
     118#       ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    106119
    107120# Extract package contents
     
    244257# Remove dummy file for retriggering signing/notarization (if it exists)
    245258svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
    246 svn commit --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
     259svn commit \
     260        --trust-server-cert \
     261        --non-interactive \
     262        --username ${USERNAME} \
     263        --password ${PASSWORD} \
     264        --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
    247265
    248266# Check out copy of repository for signed packages
    249267echo "Checking out copy of respository for signed packages"
    250 svn co \
     268svn checkout \
     269        --trust-server-cert \
     270        --non-interactive \
    251271        --username ${USERNAME} \
    252272        --password ${PASSWORD} \
     
    268288        # Commit changes
    269289        echo "Committing changes to repository for signed packages"
    270         svn commit --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     290        svn commit \
     291                --trust-server-cert \
     292                --non-interactive \
     293                --username ${USERNAME} \
     294                --password ${PASSWORD} \
     295                --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    271296else
    272297        # Commit changes
    273298        echo "Committing changes to repository for signed packages"
    274         svn commit --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
     299        svn commit \
     300                --trust-server-cert \
     301                --non-interactive \
     302                --username ${USERNAME} \
     303                --password ${PASSWORD} \
     304                --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1
    275305
    276306        exit 1
Note: See TracChangeset for help on using the changeset viewer.