From d8da8d26d06098c00de80d5704f10d2734174d6f Mon Sep 17 00:00:00 2001 From: Scott Wickersham <117788265+swickersh@users.noreply.github.com> Date: Fri, 24 Jan 2025 05:24:45 -0500 Subject: [PATCH] feat(CLDX-232): updates for windows signing host (#778) -The windows signing host has been migrated to aws. This change modifies the cleanup line and utilizes the windows host parameter Signed-off-by: Scott Wickersham --- tasks/managed/sign-binaries/README.md | 5 ++++- tasks/managed/sign-binaries/sign-binaries.yaml | 13 +++++++------ .../sign-binaries/tests/test-sign-binaries.yaml | 6 +++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/tasks/managed/sign-binaries/README.md b/tasks/managed/sign-binaries/README.md index 13be545d6..5e10a46fa 100644 --- a/tasks/managed/sign-binaries/README.md +++ b/tasks/managed/sign-binaries/README.md @@ -2,7 +2,7 @@ Tekton task to sign windows and mac binaries before they are pushed to the Red Hat Developer Portal -If any help is needed with this task, please ping in [#clouddst](https://redhat.enterprise.slack.com/archives/C04QRCD4SQZ) slack channel. +If any help is needed with this task, please ping in [#clouddst](https://redhat.enterprise.slack.com/archives/C04QRCD4SQZ) slack channel. ## Parameters @@ -25,6 +25,9 @@ If any help is needed with this task, please ping in [#clouddst](https://redhat. | pipelineRunUid | Unique ID of the pipelineRun | No | | +## Changes in 3.0.0 +* Updates to work with the new Windows signing host on AWS + ## Changes in 2.1.0 * Added sign-mac-binaries step * Added push-unsigned-using-oras step diff --git a/tasks/managed/sign-binaries/sign-binaries.yaml b/tasks/managed/sign-binaries/sign-binaries.yaml index f8a1de5d1..206708a12 100644 --- a/tasks/managed/sign-binaries/sign-binaries.yaml +++ b/tasks/managed/sign-binaries/sign-binaries.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: sign-binaries labels: - app.kubernetes.io/version: "2.1.0" + app.kubernetes.io/version: "3.0.0" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -387,16 +387,16 @@ spec: set -x # shellcheck disable=SC2086 scp $SCP_OPTS "$windows_signing_script_file" \ - "${WINDOWS_USER}@${WINDOWS_HOST}:C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat" + "${WINDOWS_USER}@${WINDOWS_HOST}:C:/Users/${WINDOWS_USER}/AppData/Local/Temp/windows_signing_script_file.bat" # Execute the script on the Windows host - # shellcheck disable=SC2086 - ssh $SSH_OPTS "C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat" + # shellcheck disable=SC2029,SC2086 + ssh $SSH_OPTS "C:/Users/${WINDOWS_USER}/AppData/Local/Temp/windows_signing_script_file.bat" # disable shellcheck for escaping the pipelineRunUid as we want that evaluated on client side # shellcheck disable=SC2029,SC2086 scp $SCP_OPTS "${WINDOWS_USER}@${WINDOWS_HOST}:\ - C:/Users/Administrator/AppData/Local/Temp/$(params.pipelineRunUid)/digest.txt" \ + C:/Users/${WINDOWS_USER}/AppData/Local/Temp/$(params.pipelineRunUid)/digest.txt" \ "$(results.signedWindowsDigest.path)" # Remove trailing spaces, carriage returns, newlines @@ -405,7 +405,8 @@ spec: # Clean up the windows host now that we are done # disable shellcheck for escaping the pipelineRunUid as we want that evaluated on client side # shellcheck disable=SC2029,SC2086 - ssh $SSH_OPTS "rmdir /s /q C:\\Users\\Administrator\\AppData\\Local\\Temp\\$(params.pipelineRunUid)" + ssh $SSH_OPTS "Remove-Item -LiteralPath \ + C:\\Users\\${WINDOWS_USER}\\AppData\\Local\\Temp\\$(params.pipelineRunUid) -Force -Recurse" - name: generate-checksums image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f volumeMounts: diff --git a/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml b/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml index 34e4ac540..3f99d8187 100644 --- a/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml +++ b/tasks/managed/sign-binaries/tests/test-sign-binaries.yaml @@ -171,7 +171,7 @@ spec: expected_scp_windows_args="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts " expected_scp_windows_args+="-P 22 /tmp/windows_signing_script_file.bat " expected_scp_windows_args+="windowsusername@windowsserver.com:" - expected_scp_windows_args+="C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat" + expected_scp_windows_args+="C:/Users/windowsusername/AppData/Local/Temp/windows_signing_script_file.bat" if [[ "$scp_windows_args" == "$expected_scp_windows_args" ]]; then echo "Test passed: Windows scp command called with correct arguments." @@ -196,7 +196,7 @@ spec: expected_scp="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts -P 22 \ /tmp/windows_signing_script_file.bat \ windowsusername@windowsserver.com:\ - C:/Users/Administrator/AppData/Local/Temp/windows_signing_script_file.bat" + C:/Users/windowsusername/AppData/Local/Temp/windows_signing_script_file.bat" if [[ "$mock_scp_1" == "$expected_scp" ]]; then echo "Test passed: First SCP command is correct." @@ -210,7 +210,7 @@ spec: # check second scp command mock_scp_2=$(cat "$(workspaces.data.path)/mock_scp_2.txt") expected_scp_2="-i /root/.ssh/id_rsa -o UserKnownHostsFile=/root/.ssh/known_hosts -P 22 \ - windowsusername@windowsserver.com:C:/Users/Administrator/AppData/Local/Temp/12345678/digest.txt \ + windowsusername@windowsserver.com:C:/Users/windowsusername/AppData/Local/Temp/12345678/digest.txt \ /tekton/results/signedWindowsDigest" if [[ "$mock_scp_2" == "$expected_scp_2" ]]; then