Skip to content

Receive GPG key while publishing artifacts #271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 5, 2020
Merged

Receive GPG key while publishing artifacts #271

merged 6 commits into from
Jun 5, 2020

Conversation

@coalkettler
Copy link
Contributor

@coalkettler coalkettler commented Jun 5, 2020
edited by rbreslow
Loading

Overview

This retrieves an up-to-date copy of the Geotrellis public GPG key during the cipublish build stage.

We've pushed a new signature to extend the expiration date on the public key that we've uploaded to public keyservers. The CircleCI build will now retrieve the latest copy of the public key, allowing us to renew the key in the future using the same procedure.

Checklist

  • Description of PR is in an appropriate section of the CHANGELOG and grouped with similar changes if possible

Testing Instructions

  • Verify that updated and valid Geotrellis GPG key is retrieved and verified during cipublish.
    • Verified by @rbreslow during pairing session.

Connects azavea/operations#446

@coalkettler coalkettler self-assigned this Jun 5, 2020
coalkettler
coalkettler commented Jun 5, 2020
View reviewed changes
.circleci/config.yml
Comment on lines -29 to -30
gpg --batch \
--passphrase "${GPG_PASSPHRASE}" \
Copy link
Contributor Author

@coalkettler coalkettler Jun 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because we're not using passphrase for this key, the --batch and --passphrase options are unnecessary.

@coalkettler coalkettler marked this pull request as ready for review June 5, 2020 15:51
@coalkettler coalkettler requested a review from rbreslow June 5, 2020 15:59
rbreslow
rbreslow approved these changes Jun 5, 2020
View reviewed changes
Copy link
Contributor

@rbreslow rbreslow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@coalkettler coalkettler merged commit 84553e7 into develop Jun 5, 2020
@coalkettler coalkettler deleted the feature/cek/receive-gpg-key branch June 5, 2020 16:07
rbreslow
rbreslow reviewed Jun 5, 2020
View reviewed changes
.circleci/config.yml
- run:
name: "Import signing key"
command: |
gpg --keyserver keyserver.ubuntu.com \
Copy link
Contributor

@rbreslow rbreslow Jun 5, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's worth surfacing that we're specifying the Ubuntu keyserver here to mirror the approach taken by @jodersky. Through testing, I've found that this keyserver was updated more quickly than the default.

@rbreslow rbreslow mentioned this pull request Jun 10, 2020
Merged
1 task
@rbreslow rbreslow mentioned this pull request Jun 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rbreslow rbreslow rbreslow approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@coalkettler coalkettler

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@coalkettler @rbreslow