Merge pull request #90 from OctopusDeploy/enh-sign-rpm

Pass signing secrets through into the package creation process
OctopusDeploy · Jul 1, 2020 · d50b222 · d50b222
2 parents d48a543 + ea12659
commit d50b222
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/build.cake b/build.cake
@@ -341,12 +341,19 @@ Task("BuildDockerImage")
 
 Task("CreateLinuxPackages")
     .IsDependentOn("AssertLinuxSelfContainedArtifactsExists")
-    .Does(() =>
+    .Does(context =>
 {
-    // This task requires `linuxPackageFeedsDir` to contain scripts from https://github.com/OctopusDeploy/linux-package-feeds.
-    // They are currently added as an Artifact Dependency in TeamCity from "Infrastructure / Linux Package Feeds"
-    //   with the rule: LinuxPackageFeedsTools.*.zip!*=>linux-package-feeds
-    // See https://build.octopushq.com/admin/editDependencies.html?id=buildType:OctopusDeploy_OctopusCLI_BuildLinuxContainer
+    if (string.IsNullOrEmpty(context.EnvironmentVariable("SIGN_PRIVATE_KEY"))
+        || string.IsNullOrEmpty(context.EnvironmentVariable("SIGN_PASSPHRASE"))) {
+        throw new Exception("This build requires environment variables `SIGN_PRIVATE_KEY` (in a format gpg1 can import)"
+            + " and `SIGN_PASSPHRASE`, which are used to sign the .rpm.");
+    }
+    if (!context.DirectoryExists(linuxPackageFeedsDir)) {
+        throw new Exception($"This build requires `{linuxPackageFeedsDir}` to contain scripts from https://github.com/OctopusDeploy/linux-package-feeds.\n"
+            + "They are usually added as an Artifact Dependency in TeamCity from 'Infrastructure / Linux Package Feeds' with the rule:\n"
+            + "  LinuxPackageFeedsTools.*.zip!*=>linux-package-feeds\n"
+            + "See https://build.octopushq.com/admin/editDependencies.html?id=buildType:OctopusDeploy_OctopusCLI_BuildLinuxContainer");
+    }
 
     UnTarGZip(
         artifactsDir + $"/OctopusTools.{nugetVersion}.linux-x64.tar.gz",
@@ -358,7 +365,9 @@ Task("CreateLinuxPackages")
         Env = new string[] { 
             $"VERSION={nugetVersion}",
             $"BINARIES_PATH=/artifacts/OctopusTools.{nugetVersion}.linux-x64.extracted/",
-            "PACKAGES_PATH=/artifacts"
+            "PACKAGES_PATH=/artifacts",
+            "SIGN_PRIVATE_KEY",
+            "SIGN_PASSPHRASE"
         },
         Volume = new string[] { 
             System.IO.Path.Combine(Environment.CurrentDirectory, assetDir) + ":/BuildAssets",