Index: /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh (revision 25872) +++ /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-matlab.sh (revision 25873) @@ -37,5 +37,5 @@ # # NOTE: -# - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in +# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in # the 'Bindings' section under a 'Username and password (separated)' binding # (requires 'Credentials Binding Plugin'). @@ -73,5 +73,5 @@ MATLAB_PATH="/Applications/MATLAB_R2018a.app" NOTARIZATION_LOGFILE="notarization.log" -PASSWORD=$env:issm-binaries-pass +PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-MATLAB" # Name of directory to copy distributable files to RETRIGGER_SIGNING_FILE="retrigger.txt" @@ -82,5 +82,5 @@ UNSIGNED_REPO_COPY="./unsigned" UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned" -USERNAME=$env:issm-binaries-user +USERNAME=${ISSM_BINARIES_USER} COMPRESSED_PKG="${PKG}.zip" @@ -89,5 +89,5 @@ # export PATH="${ISSM_DIR}/bin:$(getconf PATH)" # Ensure that we pick up binaries from 'bin' directory rather than 'externalpackages' - +AGU ## Parse options # @@ -116,5 +116,7 @@ # build can run echo "Removing lock file from repository for signed packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -124,5 +126,10 @@ svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 - svn commit --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1 svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1 exit 1 @@ -149,5 +156,7 @@ # echo "Checking out copy of repository for signed packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -266,5 +275,10 @@ touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 - svn commit --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1 # Save current working copy revision number @@ -274,5 +288,7 @@ # Check out copy of SVN repository for unsigned packages echo "Checking out copy of repository for unsigned packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -289,5 +305,10 @@ cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY} svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1 - svn commit --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 else # NOTE: If notarize_only == 1, we commit a dummy file as the signing @@ -298,5 +319,10 @@ touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1 - svn commit --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 fi Index: /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh (revision 25872) +++ /issm/trunk-jpl/packagers/mac/package-issm-mac-binaries-python.sh (revision 25873) @@ -37,5 +37,5 @@ # # NOTE: -# - Assumes that 'issm-binaries-user' and 'issm-binaries-pass' are set up in +# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in # the 'Bindings' section under a 'Username and password (separated)' binding # (requires 'Credentials Binding Plugin'). @@ -71,5 +71,5 @@ # NOTARIZATION_LOGFILE="notarization.log" -PASSWORD=$env:issm-binaries-pass +PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-Python" # Name of directory to copy distributable files to PYTHON_NROPTIONS="--benchmark all --exclude 125 126 234 235 418 420 435 444 445 701 702 703 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1201 1202 1203 1204 1205 1206 1207 1208 1301 1302 1303 1304 1401 1402 1601 1602 2006 2020 2021 2051 2052 2053 3001:3200 3201 3202 3300 3480 3481 4001 4002 4003" # NOTE: Combination of test suites from basic, Dakota, and Solid Earth builds, with tests that require a restart and those that require the JVM excluded @@ -81,5 +81,5 @@ UNSIGNED_REPO_COPY="./unsigned" UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned" -USERNAME=$env:issm-binaries-user +USERNAME=${ISSM_BINARIES_USER} COMPRESSED_PKG="${PKG}.zip" @@ -115,5 +115,7 @@ # build can run echo "Removing lock file from repository for signed packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -123,5 +125,10 @@ svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 - svn commit --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1 svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1 exit 1 @@ -142,5 +149,7 @@ # echo "Checking out copy of repository for signed packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -267,5 +276,10 @@ touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1 - svn commit --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1 # Save current working copy revision number @@ -275,5 +289,7 @@ # Check out copy of SVN repository for unsigned packages echo "Checking out copy of repository for unsigned packages" - svn co \ + svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -290,5 +306,10 @@ cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY} svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1 - svn commit --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 else # NOTE: If notarize_only == 1, we commit a dummy file as the signing @@ -299,5 +320,10 @@ touch ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1 - svn commit --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 fi Index: /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh (revision 25872) +++ /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-matlab.sh (revision 25873) @@ -17,9 +17,11 @@ # 'Add Credentials' and enter the crendentials from above. # - From the 'Dashboard', select 'New Item' -> 'Freestyle project'. -# - Under 'Source Code Management', select 'Subversion'. +# - Under 'Source Code Management', select 'Subversion'. # - The 'Repository URL' text field should be set to -# "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned" +# "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned". # - The 'Credentials' select menu should be set to the new credentials # created previously. +# - The 'Local module directory' text field should be set to the same +# value as the constant UNSIGNED_REPO_COPY (set below to './unsigned'). # - Under 'Build Trigggers', check the box for 'Poll SCM' and set the # 'Schedule' text area to "H/5 * * * *". @@ -27,6 +29,6 @@ # file(s)', then under 'Bindings' click the 'Add...' button and select # 'Username and password (separated)'. -# - Set 'Username Variable' to "issm-binaries-user”. -# - Set 'Password Variable' to "issm-binaries-pass”. +# - Set 'Username Variable' to "ISSM_BINARIES_USER". +# - Set 'Password Variable' to "ISSM_BINARIES_PASS". # - Under 'Credentials', select the same, new credentials that created # previously. @@ -82,4 +84,5 @@ NOTARIZATION_LOGFILE="notarization.log" NOTARIZATION_LOGFILE_PATH="." +PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-MATLAB" PRIMARY_BUNDLE_ID="**********.issm.matlab" # Should be "gov.nasa.jpl.issm.matlab" @@ -91,4 +94,5 @@ UNSIGNED_REPO_COPY="./unsigned" UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned" +USERNAME=${ISSM_BINARIES_USER} COMPRESSED_PKG="${PKG}.zip" @@ -101,11 +105,16 @@ mkdir ${PKG} +# NOTE: Uncomment the following for local testing (Jenkins checks out copy of +# repository for unsigned packages to working directory) +# # Check out copy of repository for unsigned packages -echo "Checking out copy of respository for unsigned packages" -svn co \ - --username ${USERNAME} \ - --password ${PASSWORD} \ - ${UNSIGNED_REPO_URL} \ - ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 +# echo "Checking out copy of respository for unsigned packages" +# svn checkout \ +# --trust-server-cert \ +# --non-interactive \ +# --username ${USERNAME} \ +# --password ${PASSWORD} \ +# ${UNSIGNED_REPO_URL} \ +# ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 # Extract package contents @@ -239,9 +248,16 @@ # Remove dummy file for retriggering signing/notarization (if it exists) svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1 -svn commit --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 +svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 # Check out copy of repository for signed packages echo "Checking out copy of respository for signed packages" -svn co \ +svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -263,9 +279,19 @@ # Commit changes echo "Committing changes to repository for signed packages" - svn commit --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 else # Commit changes echo "Committing changes to repository for signed packages" - svn commit --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 exit 1 Index: /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh =================================================================== --- /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh (revision 25872) +++ /issm/trunk-jpl/packagers/mac/sign-issm-mac-binaries-python.sh (revision 25873) @@ -5,5 +5,5 @@ # Cybersecurity server for signing macOS applications. Polls SCM of the # Subversion repository hosted at -# https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned to trigger new +# https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned to trigger new # builds. # @@ -17,9 +17,11 @@ # 'Add Credentials' and enter the crendentials from above. # - From the 'Dashboard', select 'New Item' -> 'Freestyle project'. -# - Under 'Source Code Management', select 'Subversion'. +# - Under 'Source Code Management', select 'Subversion'. # - The 'Repository URL' text field should be set to -# "https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned" +# "https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned". # - The 'Credentials' select menu should be set to the new credentials # created previously. +# - The 'Local module directory' text field should be set to the same +# value as the constant UNSIGNED_REPO_COPY (set below to './unsigned'). # - Under 'Build Trigggers', check the box for 'Poll SCM' and set the # 'Schedule' text area to "H/5 * * * *". @@ -27,6 +29,6 @@ # file(s)', then under 'Bindings' click the 'Add...' button and select # 'Username and password (separated)'. -# - Set 'Username Variable' to "issm-binaries-user”. -# - Set 'Password Variable' to "issm-binaries-pass”. +# - Set 'Username Variable' to "ISSM_BINARIES_USER". +# - Set 'Password Variable' to "ISSM_BINARIES_PASS". # - Under 'Credentials', select the same, new credentials that created # previously. @@ -47,4 +49,7 @@ ################################################################################ +# Expand aliases within the context of this script +shopt -s expand_aliases + # From https://developer.apple.com/documentation/macos-release-notes/macos-catalina-10_15-release-notes, # @@ -60,5 +65,6 @@ # is available in PATH. # -shopt -s expand_aliases +# NOTE: May be able to remove this after updating macOS. +# alias svn='/usr/local/bin/svn' @@ -78,4 +84,5 @@ NOTARIZATION_LOGFILE="notarization.log" NOTARIZATION_LOGFILE_PATH="." +PASSWORD=${ISSM_BINARIES_PASS} PKG="ISSM-macOS-Python" PRIMARY_BUNDLE_ID="**********.issm.python" # Should be "gov.nasa.jpl.issm.python" @@ -87,4 +94,5 @@ UNSIGNED_REPO_COPY="./unsigned" UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/python/unsigned" +USERNAME=${ISSM_BINARIES_USER} COMPRESSED_PKG="${PKG}.zip" @@ -97,11 +105,16 @@ mkdir ${PKG} +# NOTE: Uncomment the following for local testing (Jenkins checks out copy of +# repository for unsigned packages to working directory) +# # Check out copy of repository for unsigned packages -echo "Checking out copy of respository for unsigned packages" -svn co \ - --username ${USERNAME} \ - --password ${PASSWORD} \ - ${UNSIGNED_REPO_URL} \ - ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 +# echo "Checking out copy of respository for unsigned packages" +# svn checkout \ +# --trust-server-cert \ +# --non-interactive \ +# --username ${USERNAME} \ +# --password ${PASSWORD} \ +# ${UNSIGNED_REPO_URL} \ +# ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 # Extract package contents @@ -244,9 +257,16 @@ # Remove dummy file for retriggering signing/notarization (if it exists) svn delete ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1 -svn commit --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 +svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "DEL: Removing dummy file for retriggering signing of same package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1 # Check out copy of repository for signed packages echo "Checking out copy of respository for signed packages" -svn co \ +svn checkout \ + --trust-server-cert \ + --non-interactive \ --username ${USERNAME} \ --password ${PASSWORD} \ @@ -268,9 +288,19 @@ # Commit changes echo "Committing changes to repository for signed packages" - svn commit --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New signed package (success)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 else # Commit changes echo "Committing changes to repository for signed packages" - svn commit --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 + svn commit \ + --trust-server-cert \ + --non-interactive \ + --username ${USERNAME} \ + --password ${PASSWORD} \ + --message "CHG: New signed package (failure)" ${SIGNED_REPO_COPY} > /dev/null 2>&1 exit 1