stevedlawrence commented on code in PR #20:
URL:
https://github.com/apache/daffodil-infrastructure/pull/20#discussion_r2504946852
##########
actions/release-candidate/dist/main/index.js:
##########
@@ -31855,46 +31855,70 @@ async function run() {
const tlp_dir = core.getInput("tlp_dir", { required: true });
const project_id = core.getInput("project_id", { required: true
});
const project_dir = core.getInput("project_dir");
- const gpg_signing_key = core.getInput("gpg_signing_key", {
required: true });
- const svn_username = core.getInput("svn_username", { required:
true });
- const svn_password = core.getInput("svn_password", { required:
true });
- const nexus_username = core.getInput("nexus_username", {
required: true });
- const nexus_password = core.getInput("nexus_password", {
required: true });
- let publish = core.getBooleanInput("publish");
-
- // import signing key into gpg and get it's key id
- let gpg_import_stdout = ""
- await exec("gpg", ["--batch", "--import", "--import-options",
"import-show"], {
- input: Buffer.from(gpg_signing_key),
- listeners: {
- stdout: (data) => { gpg_import_stdout +=
data.toString(); }
- }
- });
- const gpg_signing_key_id =
gpg_import_stdout.match("[0-9A-Z]{40}")[0];
- console.info("Using gpgp key id: " + gpg_signing_key_id);
-
- // tags must be signed with a committers key, download and
import committer
- // keys for verification later
- let committer_keys = "";
- await exec("curl", [`https://downloads.apache.org/${ tlp_dir
}/KEYS`], {
- silent: true,
- listeners: {
- stdout: (data) => { committer_keys +=
data.toString(); }
- }
- });
- await exec("gpg", ["--batch", "--import"], {
- input: Buffer.from(committer_keys)
- });
+ const publish = core.getBooleanInput("publish");
// get the actual project version, this requires a 'VERSION'
file at
// the root of the repository
const project_version =
fs.readFileSync("VERSION").toString().trim();
+ const is_snapshot = project_version.includes("-SNAPSHOT");
+ const is_apache = process.env.GITHUB_REPOSITORY_OWNER ==
"apache";
+ const gitTagPrefix = "refs/tags/";
+ const is_tagged = github.context.eventName == "push" &&
github.context.ref.startsWith(gitTagPrefix);
+ const do_publish =
+ // Note that publishing could be disabled if the
publish input was explicitly set
+ // to false
+ publish
+ // require a pushed tag to enable publishing
+ && is_tagged
+ // require non-snapshot ASF builds to enable publishing
+ && (!is_snapshot && is_apache)
+ const gpg_signing_key = core.getInput("gpg_signing_key",
{required: do_publish});
+
+ let gpg_signing_key_id = "";
+ if (gpg_signing_key.trim() === "") {
+ // Generate keypair (non-interactive)
+ await exec("gpg", ["--batch", "--yes", "--passphrase",
'', "--quick-generate-key", process.env.USER ]);
+
+ // Capture the key id of the most recent generated key
+ await exec("gpg", ["--list-secret-keys",
"--with-colons"], {
+ silent: true,
+ listeners: {
+ stdout: (data) => {
+ gpg_signing_key_id +=
data.toString().trim()
+ .split('\n')
+ .findLast(l =>
l.startsWith("fpr"))
+ .split(':')[9];
Review Comment:
The spit/findlast stuff can't happen inside the stdout event, since it isn't
guaranteed to get the full data. You instead need to append the data to a
variable, and then once the execution is done you can examine the total string.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
