Google Git
Sign in
gerrit / gerrit-ci-scripts / 60411a1694fa7aa565336c0c1c653f4bb80c3be9^! / .
commit60411a1694fa7aa565336c0c1c653f4bb80c3be9[log] [tgz]
authorAntonio Barone <syntonyze@gmail.com>Tue Sep 30 11:32:02 2025 +0200
committerLuca Milanesio <luca.milanesio@gmail.com>Thu Oct 02 04:57:49 2025 -0700
tree86e505b53bc4eb633e770542726e6ce81f7dea2c
parent047bbd97900f095f9895882c7e5d30128795d120 [diff]
release: enable automatic signing in gerrit-release.sh

Update `gerrit-release.sh` to automatically configure and use GPG
credentials for signing operations. When the `$GPG_KEY` private key file
is available, it is imported and paired with the configured
`$GPG_PASSPHRASE_FILE`. The passphrase is provided non-interactively
through the `gpg-loopback` wrapper.

This removes the need for manual input during the release process and
continues the effort toward a fully automated Gerrit release pipeline.

Change-Id: I014f29abc99714653038720f8fbf3dbe2ae7d5be

diff --git a/jenkins-docker/agent-release/gerrit-release.sh b/jenkins-docker/agent-release/gerrit-release.sh
index 876b9eb..6863d73 100755
--- a/jenkins-docker/agent-release/gerrit-release.sh
+++ b/jenkins-docker/agent-release/gerrit-release.sh

@@ -12,6 +12,13 @@
   echo "       test-migration-version Test migration from an earlier Gerrit version"
   echo ""
   echo "Example: $0 stable-3.10 3.10.2 3.10.3-SNAPSHOT 3.9.6"
+  echo ""
+  echo "Environment variables:"
+  echo "* GPG_KEY:"
+  echo "     Path to private GPG key to be imported for signing"
+  echo "* GPG_PASSPHRASE_FILE:"
+  echo "     Path to file containing the GPG passphrase"
+  echo ""
   exit 1
 fi
 
@@ -47,6 +54,24 @@
   git config --global http.cookiefile $HOME/.gitcookies
 fi
 
+if [ -f "$GPG_KEY" ]
+then
+  echo "Configuring GPG keys..."
+  mkdir -p "$HOME/.gnupg"
+  chmod 700 "$HOME/.gnupg"
+  echo "allow-loopback-pinentry" >> "$HOME/.gnupg/gpg-agent.conf"
+  echo "use-agent" >> "$HOME/.gnupg/gpg.conf"
+  echo "pinentry-mode loopback" >> "$HOME/.gnupg/gpg.conf"
+
+  gpgconf --kill gpg-agent || true
+
+  echo "Import private key..."
+  gpg --batch --yes --import "$GPG_KEY"
+
+  echo "Configuring git to read GPG passphrase from file..."
+  git config --global gpg.program /usr/local/bin/gpg-loopback
+fi
+
 echo "Cloning and building Gerrit Code Review on branch $branch ..."
 git config --global credential.helper cache
 git clone https://gerrit.googlesource.com/gerrit && (cd gerrit && f=$(git rev-parse --git-dir)/hooks/commit-msg ; curl -Lo "$f" https://gerrit-review.googlesource.com/tools/hooks/commit-msg ; chmod +x "$f")