Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the signing of releases to build process #4033

Merged
merged 2 commits into from
Nov 9, 2022
Merged

Add the signing of releases to build process #4033

merged 2 commits into from
Nov 9, 2022

Conversation

jkowall
Copy link
Contributor

@jkowall jkowall commented Nov 9, 2022

Signed-off-by: jkowall jkowall@kowall.net

Which problem is this PR solving?

Resolves #3960

Short description of the changes

This adds in signing to the build process, the following steps must be taken to configure 2 new secrets in the repo by another team member.

  1. Generate a GPG key : gpg --gen-key
    Answer the prompts accordingly for the email specified (you can set a password as well)

  2. pgp --list-keys
    Find the GUID for the key you want to use ex: 79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

  3. Get the contents of the key: gpg --export-secret-keys -a 8DE95E7E9BC9CA3C

  4. Copy and paste (or pipe to a file and use that). This should be added as a secret called GPG_PRIVATE_KEY

  5. The password you created should be added as a secret called GPG_PASSWORD

Please let me know if you have questions. We can either re-run the last build or wait for the next release to test it.

@jkowall
Adding signing releases capabilities to build process
4749f83 
Signed-off-by: jkowall <jkowall@kowall.net>
@jkowall jkowall requested a review from a team as a code owner November 9, 2022 13:25
@codecov
Copy link

codecov bot commented Nov 9, 2022
edited
Loading

Codecov Report

Base: 97.18% // Head: 97.17% // Decreases project coverage by -0.01% ⚠️

Coverage data is based on head (b0430e8) compared to base (84c0abc).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4033      +/-   ##
==========================================
- Coverage   97.18%   97.17%   -0.02%     
==========================================
  Files         295      295              
  Lines       17390    17390              
==========================================
- Hits        16901    16898       -3     
- Misses        394      396       +2     
- Partials       95       96       +1
Flag Coverage Δ
unittests 97.17% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
plugin/storage/badger/spanstore/reader.go 95.49% <0.00%> (-0.72%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@jkowall jkowall changed the title Adding signing releases capabilities to build process Add the signing of releases to build process Nov 9, 2022
@jkowall
Copy link
Contributor Author

jkowall commented Nov 9, 2022

One missing step if you want to add the key into the keyserver:

gpg --keyserver pgp.mit.edu --send-key 79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

@jkowall @yurishkuro
Change secret variable
b0430e8 
Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Signed-off-by: Jonah Kowall <jkowall@gmail.com>
@yurishkuro yurishkuro merged commit 252d198 into jaegertracing:main Nov 9, 2022
@jkowall jkowall deleted the sign-releases branch November 9, 2022 18:52
shubbham1215 pushed a commit to shubbham1215/jaeger that referenced this pull request Mar 5, 2023
@jkowall @yurishkuro @shubbham1215
Add the signing of releases to build process (jaegertracing#4033)
f21e3f7 
Signed-off-by: jkowall <jkowall@kowall.net>

## Which problem is this PR solving?
Resolves jaegertracing#3960

## Short description of the changes
This adds in signing to the build process, the following steps must be
taken to configure 2 new secrets in the repo by another team member.

1. Generate a GPG key : gpg --gen-key
Answer the prompts accordingly for the email specified (you can set a
password as well)

2. pgp --list-keys
Find the GUID for the key you want to use ex:
79FAF16A8C42B3593143DD7C8DE95E7E9BC9CA3C

3. Get the contents of the key: gpg --export-secret-keys -a
8DE95E7E9BC9CA3C
4. Copy and paste (or pipe to a file and use that). This should be added
as a secret called GPG_PRIVATE_KEY

5. The password you created should be added as a secret called
GPG_PASSWORD

Please let me know if you have questions. We can either re-run the last
build or wait for the next release to test it.

Signed-off-by: jkowall <jkowall@kowall.net>
Signed-off-by: Jonah Kowall <jkowall@gmail.com>
Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Signed-off-by: shubbham1215 <sawaikershubham@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@albertteoh albertteoh Awaiting requested review from albertteoh albertteoh is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security]: Sign Releases
2 participants
@jkowall @yurishkuro