Change-Id: I2e38ee89cb5c05bc8a6346e7d95a4001669235d4
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
--- /dev/null
+#!/bin/bash
+
+git log --show-signature -1 | egrep -q 'gpg: Signature made.*key ID'
+if [ $? -eq 0 ]; then
+ echo "git commit is gpg signed"
+else
+ echo "WARNING: gpg signature missing for the commit"
+fi
+
+# Don't fail the job for unsigned commits
+exit 0
gzip archives/job_output/*
- releng-check-unicode
+ - verify-gpg-signature
publishers:
- email-notification:
files: 'scripts/**'
builders:
+ - verify-gpg-signature
- shell: |
virtualenv $WORKSPACE/venv
source $WORKSPACE/venv/bin/activate
packer.io build -var-file=$CLOUDENV \
-var-file=../packer/vars/{platform}.json \
../packer/templates/{template}.json
+
+- builder:
+ # TODO: Verify signature after downloading users public key from a locally created
+ # repository instead of the public keymesh. This requires a process in place to get ODL
+ # developers public keys into a local repository without increasing the job thoughput.
+ name: verify-gpg-signature
+ builders:
+ - shell: !include-raw: include-raw-verify-gpg-signatures.sh