Started by user Mikaël Barbero Replayed #34 Running as Mikaël Barbero [Pipeline] Start of Pipeline [Pipeline] node Still waiting to schedule task ‘fmlw3-ubuntu1804’ is reserved for jobs with matching label expression Agent basic-n8g1x is provisioned from template basic --- apiVersion: "v1" kind: "Pod" metadata: labels: jenkins: "slave" jenkins/label-digest: "61a7508ed1b04e9ada836fcd14d4d8ef5687c7dd" jenkins/label: "basic" name: "basic-n8g1x" namespace: "cbi" spec: containers: - env: - name: "JENKINS_SECRET" value: "********" - name: "JENKINS_TUNNEL" value: "jenkins-discovery.cbi.svc.cluster.local:50000" - name: "JENKINS_AGENT_NAME" value: "basic-n8g1x" - name: "JENKINS_REMOTING_JAVA_OPTS" value: "-showversion -XshowSettings:vm -Xmx256m -Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true\ \ -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID=true" - name: "JAVA_TOOL_OPTIONS" value: "" - name: "_JAVA_OPTIONS" value: "" - name: "OPENJ9_JAVA_OPTIONS" value: "-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningCompactOnIdle -XX:+IdleTuningGcOnIdle" - name: "JENKINS_NAME" value: "basic-n8g1x" - name: "JENKINS_AGENT_WORKDIR" value: "/home/jenkins/agent" - name: "JENKINS_URL" value: "http://jenkins-ui.cbi.svc.cluster.local/cbi/" image: "docker.io/eclipsecbi/jiro-agent-basic:remoting-3160.vd76b_9ddd10cc" imagePullPolicy: "Always" name: "jnlp" resources: limits: cpu: "2000m" memory: "4096Mi" requests: cpu: "1000m" memory: "4096Mi" tty: true volumeMounts: - mountPath: "/home/jenkins/.gradle/daemon" name: "volume-6" readOnly: false - mountPath: "/home/jenkins/.gradle/caches" name: "volume-5" readOnly: false - mountPath: "/home/jenkins/.mavenrc" name: "m2-dir" readOnly: true subPath: ".mavenrc" - mountPath: "/home/jenkins/.m2/repository" name: "volume-3" readOnly: false - mountPath: "/home/jenkins/.m2/settings-security.xml" name: "m2-secret-dir" readOnly: true subPath: "settings-security.xml" - mountPath: "/home/jenkins/.gradle/gradle.properties" name: "gradle-secret-dir" readOnly: true subPath: "gradle.properties" - mountPath: "/home/jenkins/.gradle/workers" name: "volume-8" readOnly: false - mountPath: "/home/jenkins/.m2/toolchains.xml" name: "m2-dir" readOnly: true subPath: "toolchains.xml" - mountPath: "/opt/tools" name: "volume-0" readOnly: false - mountPath: "/home/jenkins" name: "volume-2" readOnly: false - mountPath: "/home/jenkins/.gradle/native" name: "volume-7" readOnly: false - mountPath: "/home/jenkins/.m2/wrapper" name: "volume-4" readOnly: false - mountPath: "/home/jenkins/.m2/settings.xml" name: "m2-secret-dir" readOnly: true subPath: "settings.xml" - mountPath: "/home/jenkins/.ssh" name: "volume-1" readOnly: false subPath: "" - mountPath: "/home/jenkins/.gradle/wrapper" name: "volume-9" readOnly: false - mountPath: "/home/jenkins/agent" name: "workspace-volume" readOnly: false workingDir: "/home/jenkins/agent" nodeSelector: kubernetes.io/os: "linux" restartPolicy: "Never" volumes: - name: "m2-secret-dir" secret: secretName: "m2-secret-dir" - emptyDir: medium: "" name: "volume-8" - emptyDir: medium: "" name: "volume-7" - emptyDir: medium: "" name: "volume-9" - emptyDir: medium: "" name: "workspace-volume" - emptyDir: medium: "" name: "volume-4" - emptyDir: medium: "" name: "volume-3" - emptyDir: medium: "" name: "volume-6" - emptyDir: medium: "" name: "volume-5" - name: "volume-0" persistentVolumeClaim: claimName: "tools-claim-jiro-cbi" readOnly: true - emptyDir: medium: "" name: "volume-2" - configMap: name: "m2-dir" name: "m2-dir" - configMap: name: "known-hosts" name: "volume-1" - name: "gradle-secret-dir" secret: secretName: "gradle-secret-dir" Running on basic-n8g1x in /home/jenkins/agent/workspace/sigstore-demo/demo-blog-sign-verify [Pipeline] { [Pipeline] stage [Pipeline] { (Prepare) [Pipeline] sh + echo 'Hello World' + curl -sSL -o cosign https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 + chmod u+x cosign [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Sign) [Pipeline] withCredentials Masking supported pattern matches of $_BOT__PASSWORD [Pipeline] { [Pipeline] sh ++ mktemp + IDP_DATA=/tmp/tmp.rLFO0zDr3O ++ mktemp + OID_TOKEN=/tmp/tmp.wL5vBXDKrg + chmod 600 /tmp/tmp.rLFO0zDr3O /tmp/tmp.wL5vBXDKrg + trap 'rm -vf "${IDP_DATA}" "${OID_TOKEN}"' EXIT + cat + curl --no-progress-bar -L -X POST --url https://auth.eclipse.org/auth/realms/sigstore/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data @/tmp/tmp.rLFO0zDr3O + jq -r .access_token + head -c -1 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 1931 100 1836 100 95 11845 612 --:--:-- --:--:-- --:--:-- 12458 100 1931 100 1836 100 95 11845 612 --:--:-- --:--:-- --:--:-- 12378 + ./cosign sign-blob README -y --bundle README.bundle --oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --identity-token=/tmp/tmp.wL5vBXDKrg Using payload from: README Generating ephemeral keys... Retrieving signed certificate... Successfully verified SCT... The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. This may include the email address associated with the account with which you authenticate your contractual Agreement. This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. using ephemeral certificate: -----BEGIN CERTIFICATE----- MIIC7zCCAnagAwIBAgIUfm+j/ND8SAdbfkOT/vcX2KCFZjowCgYIKoZIzj0EAwMw NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl cm1lZGlhdGUwHhcNMjMxMjI4MjIxNDEwWhcNMjMxMjI4MjIyNDEwWjAAMFkwEwYH KoZIzj0CAQYIKoZIzj0DAQcDQgAEC+VR8OBYgp0oAbnLJhDrwHIRfE6rJzsJKSVj ar4WnEX0EyBdOG45MospOyjEDSS5B1vl54KosHQvOPwYuNM9l6OCAZUwggGRMA4G A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvE7f pAG1nYgMEQFFBnnnrhC6ZMAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y ZD8wIQYDVR0RAQH/BBcwFYETY2JpLWRldkBlY2xpcHNlLm9yZzA7BgorBgEEAYO/ MAEBBC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0aC9yZWFsbXMvc2lnc3Rv cmUwPQYKKwYBBAGDvzABCAQvDC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0 aC9yZWFsbXMvc2lnc3RvcmUwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscR MmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYyyffwPAAAEAwBHMEUCIHtitHtH Z6dVyp4Uu4hskLgJzlsP2senO21JnpSwOnNMAiEAtmmfp8T1rSLh8AWX6G9QoKAI lcKMqCGz8YDfs2XoH/AwCgYIKoZIzj0EAwMDZwAwZAIwIxI3WcenuxkjcdaN/zO8 xmwF5T345sxsTwMbn+QQstCWH99HsUDuOdhosHU/uZ1BAjBM99dlc4GSJxE5Geqx vZa4p8IjNSxUWO5pZyXpxB8r39Uz5vhmRYqQS+zSrdp/3ik= -----END CERTIFICATE----- tlog entry created with index: 59909121 using ephemeral certificate: -----BEGIN CERTIFICATE----- MIIC7zCCAnagAwIBAgIUfm+j/ND8SAdbfkOT/vcX2KCFZjowCgYIKoZIzj0EAwMw NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl cm1lZGlhdGUwHhcNMjMxMjI4MjIxNDEwWhcNMjMxMjI4MjIyNDEwWjAAMFkwEwYH KoZIzj0CAQYIKoZIzj0DAQcDQgAEC+VR8OBYgp0oAbnLJhDrwHIRfE6rJzsJKSVj ar4WnEX0EyBdOG45MospOyjEDSS5B1vl54KosHQvOPwYuNM9l6OCAZUwggGRMA4G A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvE7f pAG1nYgMEQFFBnnnrhC6ZMAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y ZD8wIQYDVR0RAQH/BBcwFYETY2JpLWRldkBlY2xpcHNlLm9yZzA7BgorBgEEAYO/ MAEBBC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0aC9yZWFsbXMvc2lnc3Rv cmUwPQYKKwYBBAGDvzABCAQvDC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0 aC9yZWFsbXMvc2lnc3RvcmUwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscR MmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYyyffwPAAAEAwBHMEUCIHtitHtH Z6dVyp4Uu4hskLgJzlsP2senO21JnpSwOnNMAiEAtmmfp8T1rSLh8AWX6G9QoKAI lcKMqCGz8YDfs2XoH/AwCgYIKoZIzj0EAwMDZwAwZAIwIxI3WcenuxkjcdaN/zO8 xmwF5T345sxsTwMbn+QQstCWH99HsUDuOdhosHU/uZ1BAjBM99dlc4GSJxE5Geqx vZa4p8IjNSxUWO5pZyXpxB8r39Uz5vhmRYqQS+zSrdp/3ik= -----END CERTIFICATE----- Wrote bundle to file README.bundle MEQCIAHpQitmTNJ0U0b6+Sa7vDYos1hOeHIwVlzZHbklZ0vQAiANwmIGYhMQJ96lqwWhAtY84zZ3RHNEMghJ7Nl4I8jgSw== + rm -vf /tmp/tmp.rLFO0zDr3O /tmp/tmp.wL5vBXDKrg removed '/tmp/tmp.rLFO0zDr3O' removed '/tmp/tmp.wL5vBXDKrg' [Pipeline] } [Pipeline] // withCredentials [Pipeline] sh + ./cosign verify-blob README --bundle README.bundle --certificate-oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --certificate-identity=cbi-dev@eclipse.org Verified OK [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS