ci: continue to support SPACK_SIGNING_KEY (#39170)

2023-08-12 09:52:46 -06:00 · 2023-08-12 09:52:46 -06:00 · 1b1ed1b1fa
commit 1b1ed1b1fa
parent ec0e51316b
1 changed files with 5 additions and 6 deletions
--- a/lib/spack/spack/cmd/ci.py
+++ b/lib/spack/spack/cmd/ci.py
@ -289,6 +289,10 @@ def ci_rebuild(args):
    rebuild_everything = os.environ.get("SPACK_REBUILD_EVERYTHING")
    require_signing = os.environ.get("SPACK_REQUIRE_SIGNING")

+    # If signing key was provided via "SPACK_SIGNING_KEY", then try to import it.
+    if signing_key:
+        spack_ci.import_signing_key(signing_key)
+
    # Fail early if signing is required but we don't have a signing key
    sign_binaries = require_signing is not None and require_signing.lower() == "true"
    if sign_binaries and not spack_ci.can_sign_binaries():
@ -418,11 +422,6 @@ def ci_rebuild(args):
                dst_file = os.path.join(repro_dir, file_name)
                shutil.copyfile(src_file, dst_file)

-    # If signing key was provided via "SPACK_SIGNING_KEY", then try to
-    # import it.
-    if signing_key:
-        spack_ci.import_signing_key(signing_key)
-
    # Write this job's spec json into the reproduction directory, and it will
    # also be used in the generated "spack install" command to install the spec
    tty.debug("job concrete spec path: {0}".format(job_spec_json_path))
@ -679,7 +678,7 @@ def ci_rebuild(args):
                input_spec=job_spec,
                buildcache_mirror_url=buildcache_mirror_url,
                pipeline_mirror_url=pipeline_mirror_url,
-                sign_binaries=sign_binaries,
+                sign_binaries=spack_ci.can_sign_binaries(),
            ):
                msg = tty.msg if result.success else tty.warn
                msg(