Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the signing of releases to build process #4033

Merged
merged 2 commits into from
Nov 9, 2022
Merged

Add the signing of releases to build process #4033

merged 2 commits into from
Nov 9, 2022

Conversation

jkowall
Copy link
Contributor

@jkowall jkowall commented Nov 9, 2022

Signed-off-by: jkowall [email protected]

Which problem is this PR solving?

Resolves #3960

Short description of the changes

This adds in signing to the build process, the following steps must be taken to configure 2 new secrets in the repo by another team member.

  1. Generate a GPG key : gpg --gen-key
    Answer the prompts accordingly for the email specified (you can set a password as well)

  2. pgp --list-keys
    Find the GUID for the key you want to use ex: 79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

  3. Get the contents of the key: gpg --export-secret-keys -a 8DE95E7E9BC9CA3C

  4. Copy and paste (or pipe to a file and use that). This should be added as a secret called GPG_PRIVATE_KEY

  5. The password you created should be added as a secret called GPG_PASSWORD

Please let me know if you have questions. We can either re-run the last build or wait for the next release to test it.

@jkowall jkowall requested a review from a team as a code owner November 9, 2022 13:25
@codecov
Copy link

codecov bot commented Nov 9, 2022

Codecov Report

Base: 97.18% // Head: 97.17% // Decreases project coverage by -0.01% ⚠️

Coverage data is based on head (b0430e8) compared to base (84c0abc).
Patch has no changes to coverable lines.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #4033      +/-   ##
==========================================
- Coverage   97.18%   97.17%   -0.02%     
==========================================
  Files         295      295              
  Lines       17390    17390              
==========================================
- Hits        16901    16898       -3     
- Misses        394      396       +2     
- Partials       95       96       +1     
Flag Coverage Δ
unittests 97.17% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
plugin/storage/badger/spanstore/reader.go 95.49% <0.00%> (-0.72%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@jkowall jkowall changed the title Adding signing releases capabilities to build process Add the signing of releases to build process Nov 9, 2022
@jkowall
Copy link
Contributor Author

jkowall commented Nov 9, 2022

One missing step if you want to add the key into the keyserver:

gpg --keyserver pgp.mit.edu --send-key 79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

Co-authored-by: Yuri Shkuro <[email protected]>
Signed-off-by: Jonah Kowall <[email protected]>
@yurishkuro yurishkuro merged commit 252d198 into jaegertracing:main Nov 9, 2022
@jkowall jkowall deleted the sign-releases branch November 9, 2022 18:52
shubbham1215 pushed a commit to shubbham1215/jaeger that referenced this pull request Mar 5, 2023
Signed-off-by: jkowall <[email protected]>

## Which problem is this PR solving?
Resolves jaegertracing#3960

## Short description of the changes
This adds in signing to the build process, the following steps must be
taken to configure 2 new secrets in the repo by another team member.

1. Generate a GPG key : gpg --gen-key
Answer the prompts accordingly for the email specified (you can set a
password as well)

2. pgp --list-keys
Find the GUID for the key you want to use ex:
79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

3. Get the contents of the key: gpg --export-secret-keys -a
8DE95E7E9BC9CA3C
4. Copy and paste (or pipe to a file and use that). This should be added
as a secret called GPG_PRIVATE_KEY

5. The password you created should be added as a secret called
GPG_PASSWORD

Please let me know if you have questions. We can either re-run the last
build or wait for the next release to test it.

Signed-off-by: jkowall <[email protected]>
Signed-off-by: Jonah Kowall <[email protected]>
Co-authored-by: Yuri Shkuro <[email protected]>
Signed-off-by: shubbham1215 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Security]: Sign Releases
2 participants