Skip to content

Commit c68cfc1

Browse files
jbachorikjbachorik
committed
ci: fail publish explicitly when GPG key is missing instead of silent skip
1 parent 83f4a00 commit c68cfc1

1 file changed

Lines changed: 6 additions & 9 deletions

File tree

.gitlab/scripts/deploy.sh

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,6 @@ if [ "$MODE" = "publish" ] || [ "$MODE" = "all" ]; then
2929
export GPG_PASSWORD=$(aws ssm get-parameter --region ${AWS_REGION} --name ${SSM_PREFIX}.signing.gpg_passphrase --with-decryption --query "Parameter.Value" --out text)
3030
fi
3131

32-
# Determine whether signing is available (key present and non-empty)
33-
SIGNING_SKIP_FLAG=""
34-
if [ -z "${GPG_PRIVATE_KEY:-}" ]; then
35-
echo "WARNING: GPG_PRIVATE_KEY not set — signing will be skipped"
36-
SIGNING_SKIP_FLAG="-Psigning.skip=true"
37-
fi
38-
3932
source .gitlab/scripts/includes.sh
4033

4134
LIB_VERSION=$(get_version)
@@ -44,11 +37,15 @@ echo "com.datadoghq:ddprof:${LIB_VERSION}" > version.txt
4437
# Assemble task (always needed for artifact creation)
4538
if [ "$MODE" = "assemble" ] || [ "$MODE" = "all" ]; then
4639
echo "=== Assembling artifact ==="
47-
./gradlew -Pskip-native -Pskip-tests -Pddprof_version="${LIB_VERSION}" -PbuildInfo.build.number=$CI_JOB_ID -Pwith-libs="$(pwd)/libs" ${SIGNING_SKIP_FLAG} :ddprof-lib:jar assembleAll --exclude-task compileFuzzer --exclude-task sign --max-workers=1 --no-build-cache --stacktrace --info --no-watch-fs --no-daemon
40+
./gradlew -Pskip-native -Pskip-tests -Pddprof_version="${LIB_VERSION}" -PbuildInfo.build.number=$CI_JOB_ID -Pwith-libs="$(pwd)/libs" :ddprof-lib:jar assembleAll --exclude-task compileFuzzer --exclude-task sign --max-workers=1 --no-build-cache --stacktrace --info --no-watch-fs --no-daemon
4841
fi
4942

5043
# Publish task (only when publishing to Maven Central)
5144
if [ "$MODE" = "publish" ] || [ "$MODE" = "all" ]; then
5245
echo "=== Publishing to Sonatype ==="
53-
./gradlew -Pskip-native -Pskip-tests -Pddprof_version="${LIB_VERSION}" -PbuildInfo.build.number=$CI_JOB_ID -Pwith-libs="$(pwd)/libs" ${SIGNING_SKIP_FLAG} publishToSonatype closeAndReleaseSonatypeStagingRepository --exclude-task compileFuzzer --max-workers=1 --no-build-cache --stacktrace --info --no-watch-fs --no-daemon
46+
if [ -z "${GPG_PRIVATE_KEY:-}" ]; then
47+
echo "ERROR: GPG_PRIVATE_KEY is not set — run the create_key CI job first to provision the signing key in SSM (ci.java-profiler.signing.gpg_private_key)"
48+
exit 1
49+
fi
50+
./gradlew -Pskip-native -Pskip-tests -Pddprof_version="${LIB_VERSION}" -PbuildInfo.build.number=$CI_JOB_ID -Pwith-libs="$(pwd)/libs" publishToSonatype closeAndReleaseSonatypeStagingRepository --exclude-task compileFuzzer --max-workers=1 --no-build-cache --stacktrace --info --no-watch-fs --no-daemon
5451
fi

0 commit comments

Comments
 (0)