blob: cc45bcf920be58b483e1d561c4b25c652a8059dd [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<project
name="signJarsInArchive"
default="signJarsInArchive"
basedir=".">
<!-- = = = standard properties pattern = = = -->
<!--
Note to be cross-platform, "environment variables" are only appropriate for
some variables, such as ones we create and set, since properties are case sensitive, even if
the environment variables on your operating system are not, e.g. it will
be ${env.Path} not ${env.PATH} on Windows -->
<property
environment="env"/>
<!--
Let users override standard properties, if desired.
If directory, file, or some properties do not exist,
then standard properties will be used.
-->
<property
file="${env.LOCAL_BUILD_PROPERTIES_DIR}/${ant.project.name}.properties"/>
<!-- = = = end standard properties pattern = = = -->
<!--
TODO: this should be pulled out as passed-in property?
Note: used to use 'david_williams@build.eclpse.org' but it was recommended to me
to use 'david_williams' when running on build.eclipse.org to avoid tcp connection when
on same machine. It should be changed back to include host, if signing from different machine.
-->
<property
name="sshUser"
value="david_williams@build.eclipse.org"/>
<!--
======= Primary task ========
-->
<!--
== signJarsInArchive ==
-->
<target
name="signJarsInArchive"
depends="check.sign"
if="doSign">
<!--
Fail fast if variables are not provided as expected.
remember, these "fast fails" should not go at top of file, out of a target,
as I usually do, since sometimes this script is re-entered with inheritAll=false,
in which case some _will_ be undefined (though they don't need to before that caes)
-->
<fail
unless="buildDirectory"
message="buildDirectory must be specified by caller"/>
<!-- Fail fast if variables are not provided as expected -->
<fail
unless="archiveName"
message="archiveName must be specified by caller"/>
<fail
unless="buildLabel"
message="buildLabel must be specified by caller"/>
<fail
unless="buildId"
message="buildId must be specified by caller"/>
<!-- Our specific directory in the signing area -->
<property
name="stagingDirectory"
value="/opt/public/download-staging.priv/webtools/${archiveName}"/>
<property
name="signingHistory"
value="${buildDirectory}/signing-${archiveName}.log"/>
<property
name="outputFile"
value="${stagingDirectory}/${archiveName}"/>
<!--copy zip file to staging directory-->
<!-- but first make positive that staging area is completely clean, incase used before. In future, might want to fail if it's not? -->
<echo
message="deleting any possible files in staging area "/>
<!-- this first output creates or replaces signingHistory file, all subsequent ones should append -->
<exec
executable="ssh"
output="${signingHistory}">
<arg
line="${sshUser} mkdir -p ${stagingDirectory}/*"/>
</exec>
<exec
executable="ssh"
output="${signingHistory}"
append="true">
<arg
line="${sshUser} /bin/rm -rf ${stagingDirectory}/*"/>
</exec>
<echo
message="copying zip file to staging directory"/>
<exec
executable="scp"
output="${signingHistory}"
failonerror="true"
append="true">
<arg
line="${buildDirectory}/${buildLabel}/${archiveName} ${sshUser}:${stagingDirectory}"/>
</exec>
<!-- make sure it has correct permissions -->
<exec
executable="ssh"
output="${signingHistory}"
append="true">
<arg
line="${sshUser} /bin/chmod ugo+rw ${outputFile} "/>
</exec>
<!-- establish Original Attributes -->
<!-- this first count is just to confirm there is only one file there ...
in future, we may want to fail here, if not -->
<exec
executable="ssh"
failonerror="true"
outputProperty="originalNFiles">
<arg
line="${sshUser} ls -l ${stagingDirectory} | wc -l"/>
</exec>
<echo
message="original Number of Files: ${originalNFiles}"/>
<exec
executable="ssh"
failonerror="true"
outputProperty="originalAttributes">
<arg
line="${sshUser} ls -l ${outputFile}"/>
</exec>
<echo
message="initial originalAttributes: ${originalAttributes}"/>
<!--invoke sign script and wait-->
<echo
message="invoke sign script and wait"/>
<exec
executable="ssh"
output="${signingHistory}"
append="true">
<arg
line="${sshUser} /usr/bin/sign ${outputFile} nomail"/>
</exec>
<!--Wait for signed build to be available -->
<antcall
target="waitForChangedAttributes"/>
<!--copy zip back to build machine -->
<echo
message="copy zip back to build machine"/>
<exec
executable="scp"
output="${signingHistory}"
append="true">
<arg
line="${sshUser}:${outputFile} ${buildDirectory}/${buildLabel}"/>
</exec>
<!--delete files on build.eclipse.org-->
<echo
message="delete temp files on build.eclipse.org"/>
<exec
executable="ssh"
output="${signingHistory}"
append="true">
<arg
line="${sshUser} /bin/rm -rf ${outputFile}"/>
</exec>
<echo
message="delete signing directory we created on build.eclipse.org"/>
<exec
executable="ssh"
output="${signingHistory}"
append="true">
<arg
line="${sshUser} /bin/rm -rf ${stagingDirectory}"/>
</exec>
</target>
<!--
======= Utility tasks ========
-->
<!--
== compareAttributes ==
The compareAttributes task and the waitForChangedAttributes task call each other repeatedly,
until attributes are changed.
TODO: we might have to adjust "outer" timeouts, if this takes a lot longer,
and we might want to have our own time or loop checks here.
-->
<target
name="compareAttributes">
<!--poll file for change in attributes-->
<echo
message="Polled Number of Files: ${polledNFiles} (pre-poll)"/>
<exec
executable="ssh"
outputProperty="polledNFiles">
<arg
line="${sshUser} ls -l ${stagingDirectory} | wc -l"/>
</exec>
<echo
message="Polled Number of Files: ${polledNFiles} (post-poll)"/>
<echo
message="polled: ${polledAttributes} (pre-poll)"/>
<exec
executable="ssh"
outputProperty="polledAttributes">
<arg
line="${sshUser} ls -l ${outputFile}"/>
</exec>
<echo
message="original: ${originalAttributes}"/>
<echo
message="polled: ${polledAttributes} (post-poll)"/>
<!--
We compare number of files, and attributes, for added safety. May not be necessary.
There should only be 1 files there, for the "count of lines" from ls -l command is 2,
one for "total bytes".
Once there signing process starts, there will be a directory and file make in the
staging area ... where the work is done ... and then that renamed to original name,
hence replacing it, and it will have a new "owner" and a new file size.
-->
<condition
property="attributesChanged">
<and>
<equals
arg1="2"
arg2="${polledNFiles}"
trim="true"/>
<not>
<equals
arg1="${originalAttributes}"
arg2="${polledAttributes}"
trim="true"/>
</not>
</and>
</condition>
<antcall
target="waitForChangedAttributes"/>
</target>
<!--
== waitForChangedAttributes ==
Wait and then compare attributes of file to see if changed.
inheritAll: false - this is critical to the workings. Otherwise it "keeps" the same
values it saw before, and then never notices a change.
Note too we check first, and then sleep. I think there are are some cases where
a (small) file is signed so quickly, it's already been signed by the time an initial
sleep is over ... and there's something, I think, that causes that case to work (it
just loops then, never detecting change) I suspect this means the initial 'originalAttributes'
are not set as I think they are ... but, hopefully sleeping afterwards will help avoid
those "missed" cases.
-->
<target
name="waitForChangedAttributes"
unless="attributesChanged">
<sleep
seconds="180"/>
<antcall
target="compareAttributes"
inheritAll="false">
<param
name="originalAttributes"
value="${originalAttributes}"/>
<param
name="stagingDirectory"
value="${stagingDirectory}"/>
<param
name="outputFile"
value="${outputFile}"/>
</antcall>
</target>
<!--
== check.sign ==
The property 'sign' is the critical attribute that determines if signing will be done.
If false, or absent, signing is not done.
We do not only rely on absence, so the "master properties" can set to false, and individual
components remain set to 'true' (for example, to have quick local builds, without changing
component properties - currently used "SKIP_JAR_SIGNING" instead, but that
doesn't feel quite right, so may change in future. SKIP_JAR_SIGNING can be
set as env variable or ant variable.
-->
<target
name="check.sign">
<echo
message="sign: ${sign}"/>
<echo
message="env skip jar signing: ${env.SKIP_JAR_SIGNING}"/>
<echo
message="skip jar signing: ${SKIP_JAR_SIGNING}"/>
<condition
property="doSign">
<and>
<equals
arg1="${sign}"
arg2="true"
trim="true"
casesensitive="false"/>
<not>
<equals
arg1="${env.SKIP_JAR_SIGNING}"
arg2="true"
trim="true"
casesensitive="false"/>
</not>
<not>
<equals
arg1="${SKIP_JAR_SIGNING}"
arg2="true"
trim="true"
casesensitive="false"/>
</not>
</and>
</condition>
</target>
</project>