The issue was:
Currently building the ISO and signing the ISO are part of the same Jenkins (sub-)job. This makes it difficult to re-run or troubleshoot failures related to signing.
Solution:
Pipeline Jobs
pipelines/parts/build-iso.Jenkinsfile - MODIFIED
- Removed the sign-iso stage (now a separate job)
- Keeps only the build-iso stage
pipelines/parts/sign-iso.Jenkinsfile - NEW
- Independent job for signing only
- Validates ISOs before signing calling signing-preflight.sh
- Executes signing with the original script
Scripts
scripts/build-iso.sh - MODIFIED
- Added detailed build logging
- Keeps SECUREBOOT_FORMAL for packages
- Compatible with all existing configurations
scripts/sign-iso.sh - MODIFIED
- A log line was informing a wrong message that could dificult the interpretation
- Line 30 SECUREBOOT_FORMAL requires SIGNING_SERVER changed to SIGN_ISO_FORMAL requires SIGNING_SERVER
scripts/signing-preflight.sh - NEW
- Full validation before signing
- Checks ISOs, configuration, connectivity
- Detailed validation logs
Main Pipeline
pipelines/monolithic.Jenkinsfile - MODIFIED
- Lines 325–327: Changed to use build-iso + sign-iso
- Flow: build-iso → sign-iso → publish-iso
TEST PLAN: Create a new Job in Jenkins to validate the new pipeline structure pointing to a fork of the main repository where we can push and adjust the new pipeline structure separatedly from the original pipeline
Closes-Bug: 2122544
Change-Id: I3d44702063974ae23ea3a4f54a82b526f1df5b22
Signed-off-by: Ladislau <Ladislau.Felisbino@windriver.com>
0090785d63