feat(CLDX-232): updates for windows signing host (#778)

-The windows signing host has been migrated to aws. This change modifies the cleanup line and utilizes the windows host parameter Signed-off-by: Scott Wickersham <[email protected]>
konflux-ci · Jan 24, 2025 · d8da8d2 · d8da8d2
1 parent f5b6fba
commit d8da8d2
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/tasks/managed/sign-binaries/README.md b/tasks/managed/sign-binaries/README.md
@@ -2,7 +2,7 @@
 
 Tekton task to sign windows and mac binaries before they are pushed to the Red Hat Developer Portal
 
-If any help is needed with this task, please ping in [#clouddst](https://redhat.enterprise.slack.com/archives/C04QRCD4SQZ) slack channel. 
+If any help is needed with this task, please ping in [#clouddst](https://redhat.enterprise.slack.com/archives/C04QRCD4SQZ) slack channel.
 
 ## Parameters
 
@@ -25,6 +25,9 @@ If any help is needed with this task, please ping in [#clouddst](https://redhat.
 | pipelineRunUid | Unique ID of the pipelineRun | No |  |
 
 
+## Changes in 3.0.0
+* Updates to work with the new Windows signing host on AWS
+
 ## Changes in 2.1.0
 * Added sign-mac-binaries step
 * Added push-unsigned-using-oras step

diff --git a/tasks/managed/sign-binaries/sign-binaries.yaml b/tasks/managed/sign-binaries/sign-binaries.yaml
@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: sign-binaries
   labels:
-    app.kubernetes.io/version: "2.1.0"
+    app.kubernetes.io/version: "3.0.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -387,16 +387,16 @@ spec:
         set -x
         # shellcheck disable=SC2086
         scp $SCP_OPTS "$windows_signing_script_file" \
-        "${WINDOWS_USER}@${WINDOWS_HOST}:C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat"
+        "${WINDOWS_USER}@${WINDOWS_HOST}:C:/Users/${WINDOWS_USER}/AppData/Local/Temp/windows_signing_script_file.bat"
 
         # Execute the script on the Windows host
-        # shellcheck disable=SC2086
-        ssh $SSH_OPTS "C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat"
+        # shellcheck disable=SC2029,SC2086
+        ssh $SSH_OPTS "C:/Users/${WINDOWS_USER}/AppData/Local/Temp/windows_signing_script_file.bat"
 
         # disable shellcheck for escaping the pipelineRunUid as we want that evaluated on client side
         # shellcheck disable=SC2029,SC2086
         scp $SCP_OPTS "${WINDOWS_USER}@${WINDOWS_HOST}:\
-        C:/Users/Administrator/AppData/Local/Temp/$(params.pipelineRunUid)/digest.txt" \
+        C:/Users/${WINDOWS_USER}/AppData/Local/Temp/$(params.pipelineRunUid)/digest.txt" \
         "$(results.signedWindowsDigest.path)"
 
         # Remove trailing spaces, carriage returns, newlines
@@ -405,7 +405,8 @@ spec:
         # Clean up the windows host now that we are done
         # disable shellcheck for escaping the pipelineRunUid as we want that evaluated on client side
         # shellcheck disable=SC2029,SC2086
-        ssh $SSH_OPTS "rmdir /s /q C:\\Users\\Administrator\\AppData\\Local\\Temp\\$(params.pipelineRunUid)"
+        ssh $SSH_OPTS "Remove-Item -LiteralPath \
+        C:\\Users\\${WINDOWS_USER}\\AppData\\Local\\Temp\\$(params.pipelineRunUid) -Force -Recurse"
     - name: generate-checksums
       image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
       volumeMounts:

diff --git a/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml b/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml
@@ -171,7 +171,7 @@ spec:
               expected_scp_windows_args="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts "
               expected_scp_windows_args+="-P 22 /tmp/windows_signing_script_file.bat "
               expected_scp_windows_args+="[email protected]:"
-              expected_scp_windows_args+="C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat"
+              expected_scp_windows_args+="C:/Users/windowsusername/AppData/Local/Temp/windows_signing_script_file.bat"
 
               if [[ "$scp_windows_args" == "$expected_scp_windows_args" ]]; then
                   echo "Test passed: Windows scp command called with correct arguments."
@@ -196,7 +196,7 @@ spec:
               expected_scp="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts -P 22 \
               /tmp/windows_signing_script_file.bat \
               [email protected]:\
-              C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat"
+              C:/Users/windowsusername/AppData/Local/Temp/windows_signing_script_file.bat"
 
               if [[ "$mock_scp_1" == "$expected_scp" ]]; then
                   echo "Test passed: First SCP command is correct."
@@ -210,7 +210,7 @@ spec:
               # check second scp command
               mock_scp_2=$(cat "$(workspaces.data.path)/mock_scp_2.txt")
               expected_scp_2="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts -P 22 \
-              [email protected]:C:/Users/Administrator/AppData/Local/Temp/12345678/digest.txt \
+              [email protected]:C:/Users/windowsusername/AppData/Local/Temp/12345678/digest.txt \
               /tekton/results/signedWindowsDigest"
 
               if [[ "$mock_scp_2" == "$expected_scp_2" ]]; then