Skip to content
[Jenkins]Jenkins
log in
Success

Console Output

Started by user Mikaël Barbero
Replayed #34
Running as Mikaël Barbero
[Pipeline] Start of Pipeline
[Pipeline] node
Still waiting to schedule task
‘fmlw3-ubuntu1804’ is reserved for jobs with matching label expression
Agent basic-n8g1x is provisioned from template basic
---
apiVersion: "v1"
kind: "Pod"
metadata:
  labels:
    jenkins: "slave"
    jenkins/label-digest: "61a7508ed1b04e9ada836fcd14d4d8ef5687c7dd"
    jenkins/label: "basic"
  name: "basic-n8g1x"
  namespace: "cbi"
spec:
  containers:
  - env:
    - name: "JENKINS_SECRET"
      value: "********"
    - name: "JENKINS_TUNNEL"
      value: "jenkins-discovery.cbi.svc.cluster.local:50000"
    - name: "JENKINS_AGENT_NAME"
      value: "basic-n8g1x"
    - name: "JENKINS_REMOTING_JAVA_OPTS"
      value: "-showversion -XshowSettings:vm -Xmx256m -Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true\
        \ -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID=true"
    - name: "JAVA_TOOL_OPTIONS"
      value: ""
    - name: "_JAVA_OPTIONS"
      value: ""
    - name: "OPENJ9_JAVA_OPTIONS"
      value: "-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningCompactOnIdle -XX:+IdleTuningGcOnIdle"
    - name: "JENKINS_NAME"
      value: "basic-n8g1x"
    - name: "JENKINS_AGENT_WORKDIR"
      value: "/home/jenkins/agent"
    - name: "JENKINS_URL"
      value: "http://jenkins-ui.cbi.svc.cluster.local/cbi/"
    image: "docker.io/eclipsecbi/jiro-agent-basic:remoting-3160.vd76b_9ddd10cc"
    imagePullPolicy: "Always"
    name: "jnlp"
    resources:
      limits:
        cpu: "2000m"
        memory: "4096Mi"
      requests:
        cpu: "1000m"
        memory: "4096Mi"
    tty: true
    volumeMounts:
    - mountPath: "/home/jenkins/.gradle/daemon"
      name: "volume-6"
      readOnly: false
    - mountPath: "/home/jenkins/.gradle/caches"
      name: "volume-5"
      readOnly: false
    - mountPath: "/home/jenkins/.mavenrc"
      name: "m2-dir"
      readOnly: true
      subPath: ".mavenrc"
    - mountPath: "/home/jenkins/.m2/repository"
      name: "volume-3"
      readOnly: false
    - mountPath: "/home/jenkins/.m2/settings-security.xml"
      name: "m2-secret-dir"
      readOnly: true
      subPath: "settings-security.xml"
    - mountPath: "/home/jenkins/.gradle/gradle.properties"
      name: "gradle-secret-dir"
      readOnly: true
      subPath: "gradle.properties"
    - mountPath: "/home/jenkins/.gradle/workers"
      name: "volume-8"
      readOnly: false
    - mountPath: "/home/jenkins/.m2/toolchains.xml"
      name: "m2-dir"
      readOnly: true
      subPath: "toolchains.xml"
    - mountPath: "/opt/tools"
      name: "volume-0"
      readOnly: false
    - mountPath: "/home/jenkins"
      name: "volume-2"
      readOnly: false
    - mountPath: "/home/jenkins/.gradle/native"
      name: "volume-7"
      readOnly: false
    - mountPath: "/home/jenkins/.m2/wrapper"
      name: "volume-4"
      readOnly: false
    - mountPath: "/home/jenkins/.m2/settings.xml"
      name: "m2-secret-dir"
      readOnly: true
      subPath: "settings.xml"
    - mountPath: "/home/jenkins/.ssh"
      name: "volume-1"
      readOnly: false
      subPath: ""
    - mountPath: "/home/jenkins/.gradle/wrapper"
      name: "volume-9"
      readOnly: false
    - mountPath: "/home/jenkins/agent"
      name: "workspace-volume"
      readOnly: false
    workingDir: "/home/jenkins/agent"
  nodeSelector:
    kubernetes.io/os: "linux"
  restartPolicy: "Never"
  volumes:
  - name: "m2-secret-dir"
    secret:
      secretName: "m2-secret-dir"
  - emptyDir:
      medium: ""
    name: "volume-8"
  - emptyDir:
      medium: ""
    name: "volume-7"
  - emptyDir:
      medium: ""
    name: "volume-9"
  - emptyDir:
      medium: ""
    name: "workspace-volume"
  - emptyDir:
      medium: ""
    name: "volume-4"
  - emptyDir:
      medium: ""
    name: "volume-3"
  - emptyDir:
      medium: ""
    name: "volume-6"
  - emptyDir:
      medium: ""
    name: "volume-5"
  - name: "volume-0"
    persistentVolumeClaim:
      claimName: "tools-claim-jiro-cbi"
      readOnly: true
  - emptyDir:
      medium: ""
    name: "volume-2"
  - configMap:
      name: "m2-dir"
    name: "m2-dir"
  - configMap:
      name: "known-hosts"
    name: "volume-1"
  - name: "gradle-secret-dir"
    secret:
      secretName: "gradle-secret-dir"

Running on basic-n8g1x in /home/jenkins/agent/workspace/sigstore-demo/demo-blog-sign-verify
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Prepare)
[Pipeline] sh
+ echo 'Hello World'
+ curl -sSL -o cosign https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
+ chmod u+x cosign
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Sign)
[Pipeline] withCredentials
Masking supported pattern matches of $_BOT__PASSWORD
[Pipeline] {
[Pipeline] sh
++ mktemp
+ IDP_DATA=/tmp/tmp.rLFO0zDr3O
++ mktemp
+ OID_TOKEN=/tmp/tmp.wL5vBXDKrg
+ chmod 600 /tmp/tmp.rLFO0zDr3O /tmp/tmp.wL5vBXDKrg
+ trap 'rm -vf "${IDP_DATA}" "${OID_TOKEN}"' EXIT
+ cat
+ curl --no-progress-bar -L -X POST --url https://auth.eclipse.org/auth/realms/sigstore/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data @/tmp/tmp.rLFO0zDr3O
+ jq -r .access_token
+ head -c -1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  1931  100  1836  100    95  11845    612 --:--:-- --:--:-- --:--:-- 12458
100  1931  100  1836  100    95  11845    612 --:--:-- --:--:-- --:--:-- 12378
+ ./cosign sign-blob README -y --bundle README.bundle --oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --identity-token=/tmp/tmp.wL5vBXDKrg
Using payload from: README
Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...

	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
	This may include the email address associated with the account with which you authenticate your contractual Agreement.
	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.

By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
using ephemeral certificate:
-----BEGIN CERTIFICATE-----
MIIC7zCCAnagAwIBAgIUfm+j/ND8SAdbfkOT/vcX2KCFZjowCgYIKoZIzj0EAwMw
NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl
cm1lZGlhdGUwHhcNMjMxMjI4MjIxNDEwWhcNMjMxMjI4MjIyNDEwWjAAMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEC+VR8OBYgp0oAbnLJhDrwHIRfE6rJzsJKSVj
ar4WnEX0EyBdOG45MospOyjEDSS5B1vl54KosHQvOPwYuNM9l6OCAZUwggGRMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvE7f
pAG1nYgMEQFFBnnnrhC6ZMAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y
ZD8wIQYDVR0RAQH/BBcwFYETY2JpLWRldkBlY2xpcHNlLm9yZzA7BgorBgEEAYO/
MAEBBC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0aC9yZWFsbXMvc2lnc3Rv
cmUwPQYKKwYBBAGDvzABCAQvDC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0
aC9yZWFsbXMvc2lnc3RvcmUwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscR
MmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYyyffwPAAAEAwBHMEUCIHtitHtH
Z6dVyp4Uu4hskLgJzlsP2senO21JnpSwOnNMAiEAtmmfp8T1rSLh8AWX6G9QoKAI
lcKMqCGz8YDfs2XoH/AwCgYIKoZIzj0EAwMDZwAwZAIwIxI3WcenuxkjcdaN/zO8
xmwF5T345sxsTwMbn+QQstCWH99HsUDuOdhosHU/uZ1BAjBM99dlc4GSJxE5Geqx
vZa4p8IjNSxUWO5pZyXpxB8r39Uz5vhmRYqQS+zSrdp/3ik=
-----END CERTIFICATE-----

tlog entry created with index: 59909121
using ephemeral certificate:
-----BEGIN CERTIFICATE-----
MIIC7zCCAnagAwIBAgIUfm+j/ND8SAdbfkOT/vcX2KCFZjowCgYIKoZIzj0EAwMw
NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl
cm1lZGlhdGUwHhcNMjMxMjI4MjIxNDEwWhcNMjMxMjI4MjIyNDEwWjAAMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEC+VR8OBYgp0oAbnLJhDrwHIRfE6rJzsJKSVj
ar4WnEX0EyBdOG45MospOyjEDSS5B1vl54KosHQvOPwYuNM9l6OCAZUwggGRMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvE7f
pAG1nYgMEQFFBnnnrhC6ZMAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y
ZD8wIQYDVR0RAQH/BBcwFYETY2JpLWRldkBlY2xpcHNlLm9yZzA7BgorBgEEAYO/
MAEBBC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0aC9yZWFsbXMvc2lnc3Rv
cmUwPQYKKwYBBAGDvzABCAQvDC1odHRwczovL2F1dGguZWNsaXBzZS5vcmcvYXV0
aC9yZWFsbXMvc2lnc3RvcmUwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscR
MmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYyyffwPAAAEAwBHMEUCIHtitHtH
Z6dVyp4Uu4hskLgJzlsP2senO21JnpSwOnNMAiEAtmmfp8T1rSLh8AWX6G9QoKAI
lcKMqCGz8YDfs2XoH/AwCgYIKoZIzj0EAwMDZwAwZAIwIxI3WcenuxkjcdaN/zO8
xmwF5T345sxsTwMbn+QQstCWH99HsUDuOdhosHU/uZ1BAjBM99dlc4GSJxE5Geqx
vZa4p8IjNSxUWO5pZyXpxB8r39Uz5vhmRYqQS+zSrdp/3ik=
-----END CERTIFICATE-----

Wrote bundle to file README.bundle
MEQCIAHpQitmTNJ0U0b6+Sa7vDYos1hOeHIwVlzZHbklZ0vQAiANwmIGYhMQJ96lqwWhAtY84zZ3RHNEMghJ7Nl4I8jgSw==
+ rm -vf /tmp/tmp.rLFO0zDr3O /tmp/tmp.wL5vBXDKrg
removed '/tmp/tmp.rLFO0zDr3O'
removed '/tmp/tmp.wL5vBXDKrg'
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] sh
+ ./cosign verify-blob README --bundle README.bundle --certificate-oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --certificate-identity=cbi-dev@eclipse.org
Verified OK
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS