commercetools-sync-java/scripts/setup-signing-key.sh at 2c90b6d1a5d58b05c152b8154492d3a63cd6575e · commercetools/commercetools-sync-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash

set -e

# Decrypt credentials
echo 'Decode decrypter'
echo ${DECRYPTER} | base64 --decode > decrypter.json
echo 'Decode signing key'
echo ${SIGNING_KEY} | base64 --decode > signing_key.enc
echo 'Decode passphrase'
echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc

gcloud auth activate-service-account --key-file decrypter.json

echo "Decrypt signing secrets"

echo "passphrase"
gcloud kms decrypt \
  --project=commercetools-platform \
  --location=global \
  --keyring=devtooling \
  --key=java-sdk-v2 \
  --ciphertext-file=signing_passphrase.enc \
  --plaintext-file=signing_passphrase.txt

echo "key"
gcloud kms decrypt \
  --project=commercetools-platform \
  --location=global \
  --keyring=devtooling \
  --key=java-sdk-v2 \
  --ciphertext-file=signing_key.enc \
  --plaintext-file=signing_key.asc


# Import the GPG key
set +e
echo "Importing the signing key"
gpg --import --no-tty --batch --yes signing_key.asc
echo " - done"
set -e

# List available GPG keys
gpg -K

KEYNAME=`gpg --with-colons --keyid-format long --list-keys devtooling@commercetools.com | grep fpr | cut -d ':' -f 10`

mkdir -p ~/.gradle
touch ~/.gradle/gradle.properties

echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
echo "signing.gnupg.keyName=$KEYNAME" >> ~/.gradle/gradle.properties
echo "signing.gnupg.passphrase=$(<signing_passphrase.txt)" >> ~/.gradle/gradle.properties

rm -rf signing_passphrase.txt signing_passphrase.enc signing_key.enc decrypter.json signing_key.asc