From 8c73ae8201bcbbac8d4582957b1f68ed70e7be4d Mon Sep 17 00:00:00 2001 From: Haroon Khel Date: Mon, 16 Dec 2024 13:19:06 +0000 Subject: [PATCH] java classpath --- pipelines/build/common/sign_temurin_jsf.groovy | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pipelines/build/common/sign_temurin_jsf.groovy b/pipelines/build/common/sign_temurin_jsf.groovy index 1f0c8d67f..98ec2ff47 100644 --- a/pipelines/build/common/sign_temurin_jsf.groovy +++ b/pipelines/build/common/sign_temurin_jsf.groovy @@ -54,7 +54,7 @@ stage('Signing SBOM') { selector: specific("${buildSBOMLibrariesJob.getNumber()}"), filter: 'cyclonedx-lib/build/jar/*.jar', fingerprintArtifacts: true, - target: 'artifacts', + target: 'artifacts/cyclonedx-lib/build/jar', flatten: true ) @@ -71,16 +71,15 @@ stage('Signing SBOM') { ls -la for ARTIFACT in $(find . -name "*sbom*.json" | grep -v metadata.json); do echo "Signing ${ARTIFACT}" - java -cp "./*.jar" temurin.sbom.TemurinSignSBOM --verbose --signSBOM --jsonFile "${ARTIFACT}" --privateKeyFile "$PRIVATE_KEY" + java -cp "cyclonedx-lib/build/jar/*" temurin.sbom.TemurinSignSBOM --verbose --signSBOM --jsonFile "${ARTIFACT}" --privateKeyFile "$PRIVATE_KEY" echo "Verifying Signature on ${ARTIFACT}" - java -cp "./*.jar" temurin.sbom.TemurinSignSBOM --verbose --verifySignature --jsonFile "${ARTIFACT}" --publicKeyFile "$PUBLIC_KEY" + java -cp "cyclonedx-lib/build/jar/*" temurin.sbom.TemurinSignSBOM --verbose --verifySignature --jsonFile "${ARTIFACT}" --publicKeyFile "$PUBLIC_KEY" done ''' } timeout(time: 1, unit: 'HOURS') { - archiveArtifacts artifacts: 'artifacts/*sbom*.json', - excludes: '*metadata*' + archiveArtifacts artifacts: 'artifacts/*sbom*.json' } } catch (FlowInterruptedException e) {