Skip to content

Commit

Permalink
build: backport tools/release.sh
Browse files Browse the repository at this point in the history
PR-URL: #3642
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
  • Loading branch information
rvagg committed Nov 24, 2015
1 parent 78c5b4c commit d939956
Showing 1 changed file with 196 additions and 0 deletions.
196 changes: 196 additions & 0 deletions tools/release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
#!/usr/bin/env bash

# To promote and sign a release that has been prepared by the build slaves, use:
# release.sh

# To _only_ sign an existing release, use:
# release.sh -s vx.y.z

set -e

webhost=direct.nodejs.org
webuser=dist
promotablecmd=dist-promotable
promotecmd=dist-promote
signcmd=dist-sign


################################################################################
## Select a GPG key to use

echo "# Selecting GPG key ..."

gpgkey=$(gpg --list-secret-keys | grep '^sec' | awk -F'( +|/)' '{print $3}')
keycount=$(echo $gpgkey | wc -w)

if [ $keycount -eq 0 ]; then
echo 'Need at least one GPG key, please make one with `gpg --gen-key`'
echo 'You will also need to submit your key to a public keyserver, e.g.'
echo ' https://sks-keyservers.net/i/#submit'
exit 1
elif [ $keycount -ne 1 ]; then
echo -e 'You have multiple GPG keys:\n'

gpg --list-secret-keys

while true; do
echo $gpgkey | awk '{ for(i = 1; i <= NF; i++) { print i ") " $i; } }'
echo -n 'Select a key: '
read keynum

if $(test "$keynum" -eq "$keynum" > /dev/null 2>&1); then
_gpgkey=$(echo $gpgkey | awk '{ print $'${keynum}'}')
keycount=$(echo $_gpgkey | wc -w)
if [ $keycount -eq 1 ]; then
echo ""
gpgkey=$_gpgkey
break
fi
fi
done
fi

gpgfing=$(gpg --fingerprint $gpgkey | grep 'Key fingerprint =' | awk -F' = ' '{print $2}' | tr -d ' ')

if ! test "$(grep $gpgfing README.md)"; then
echo 'Error: this GPG key fingerprint is not listed in ./README.md'
exit 1
fi

echo "Using GPG key: $gpgkey"
echo " Fingerprint: $gpgfing"


################################################################################
## Create and sign checksums file for a given version

function sign {
echo -e "\n# Creating SHASUMS256.txt ..."

local version=$1

gpgtagkey=$(git tag -v $version 2>&1 | grep 'key ID' | awk '{print $NF}')

if [ "X${gpgtagkey}" == "X" ]; then
echo "Could not find signed tag for \"${version}\""
exit 1
fi

if [ "${gpgtagkey}" != "${gpgkey}" ]; then
echo "GPG key for \"${version}\" tag is not yours, cannot sign"
fi

shapath=$(ssh ${webuser}@${webhost} $signcmd nodejs $version)

if ! [[ ${shapath} =~ ^/.+/SHASUMS256.txt$ ]]; then
echo 'Error: No SHASUMS file returned by sign!'
exit 1
fi

echo -e "\n# Signing SHASUMS for ${version}..."

shadir=$(dirname $shapath)
tmpdir="/tmp/_node_release.$$"

mkdir -p $tmpdir

scp ${webuser}@${webhost}:${shadir}/SHASUMS*.txt ${tmpdir}/

for i in $(ls ${tmpdir}/SHASUMS*.txt); do
echo "Signing $i..."
gpg --default-key $gpgkey --clearsign ${i}
if [[ $version =~ ^v[0] ]]; then
echo "Encrpting $i..."
gpg --default-key $gpgkey -s ${i}
fi
done

echo "Wrote to ${tmpdir}/"

echo -e "Your signed SHASUMS256.txt.asc:\n"

cat ${tmpdir}/SHASUMS256.txt.asc

echo ""

while true; do
echo -n "Upload files? [y/n] "
yorn=""
read yorn

if [ "X${yorn}" == "Xn" ]; then
break
fi

if [ "X${yorn}" == "Xy" ]; then
if [[ $version =~ ^v[0] ]]; then
scp ${tmpdir}/SHASUMS* ${webuser}@${webhost}:${shadir}/
else
scp ${tmpdir}/SHASUMS256.txt ${tmpdir}/SHASUMS256.txt.asc ${webuser}@${webhost}:${shadir}/
fi
break
fi
done

rm -rf $tmpdir
}


if [ "X${1}" == "X-s" ]; then
if [ "X${2}" == "X" ]; then
echo "Please supply a version string to sign"
exit 1
fi

sign $2
exit 0
fi


# else: do a normal release & promote

################################################################################
## Look for releases to promote

echo -e "\n# Checking for releases ..."

promotable=$(ssh ${webuser}@${webhost} $promotablecmd nodejs)

if [ "X${promotable}" == "X" ]; then
echo "No releases to promote!"
exit 0
fi

echo -e "Found the following releases / builds ready to promote:\n"
echo "$promotable" | sed 's/^/ * /'
echo ""

versions=$(echo "$promotable" | cut -d: -f1)

################################################################################
## Promote releases

for version in $versions; do
while true; do
files=$(echo "$promotable" | grep "^${version}" | sed 's/^'${version}': //')
echo -n "Promote ${version} files (${files})? [y/n] "
yorn=""
read yorn

if [ "X${yorn}" == "Xn" ]; then
break
fi

if [ "X${yorn}" != "Xy" ]; then
continue
fi

echo -e "\n# Promoting ${version}..."

ssh ${webuser}@${webhost} $promotecmd nodejs $version

sign $version

break
done
done

0 comments on commit d939956

Please sign in to comment.