This repository has been archived by the owner on Nov 29, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmake_release.sh
executable file
·102 lines (83 loc) · 4.3 KB
/
make_release.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/sh
# This script was adapted from fkooman: https://git.sr.ht/~fkooman/vpn-daemon/tree/main/item/make_release.sh. Thanks!
#
# Make a release of the version specified in internal/version/version.go and automatically release the artifacts
#
# Fail if error
set -e
# change these to your liking
BRANCH=main
IS_PRERELEASE=true
REPO="eduvpn/eduvpn-common"
# make a fresh clone
rm -rf /tmp/eduvpn-common
git clone "https://github.com/$REPO" /tmp/eduvpn-common
cd /tmp/eduvpn-common
git checkout ${BRANCH}
echo "building $(git log -n 1 | head -n 1)"
PROJECT_NAME=$(basename "${PWD}")
PROJECT_VERSION=$(grep -o 'const Version = "[^"]*' internal/version/version.go | cut -d '"' -f 2)
RELEASE_DIR="${PWD}/release"
KEY_ID=227FF3F8F829D9A9314D9EBA02BB8048BBFF222C
if [ "$IS_PRERELEASE" = true ]; then
KEY_ID=7A73D62AD0F084571A32C960D57104BF9B223CBF
fi
if ! command -v "tar" &>/dev/null; then
echo "please install tar for archiving the code"
exit 1
fi
if ! command -v "gh" &>/dev/null; then
echo "please install the GitHub CLI for creating releases"
exit 1
fi
if ! command -v "wget" &>/dev/null; then
echo "please install wget for getting the discovery files"
exit 1
fi
if ! command -v "gpg" &>/dev/null; then
echo "please install gpg for signing the archive"
exit 1
fi
if ! command -v "minisign" &>/dev/null; then
echo "please install minisign for signing the archive"
exit 1
fi
if [ "$(git tag -l "${PROJECT_VERSION}")" ]; then
echo "Version: ${PROJECT_VERSION} already has a tag"
exit 1
fi
mkdir -p "${RELEASE_DIR}"
if [ -f "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz" ]; then
echo "Version ${PROJECT_VERSION} already has a release!"
exit 1
fi
# Archive repository
git archive --prefix "${PROJECT_NAME}-${PROJECT_VERSION}/" "${BRANCH}" | tar -xf -
# We run "make vendor" in it to add all dependencies to the vendor directory
# so we have a self contained source archive.
cd "${PROJECT_NAME}-${PROJECT_VERSION}"
go mod vendor
# Get discovery files and verify signature
echo "getting and verifying discovery files..."
wget -q https://disco.eduvpn.org/v2/organization_list.json -O internal/discovery/organization_list.json
wget -q https://disco.eduvpn.org/v2/organization_list.json.minisig -O internal/discovery/organization_list.json.minisig
minisign -Vm "internal/discovery/organization_list.json" -P RWRtBSX1alxyGX+Xn3LuZnWUT0w//B6EmTJvgaAxBMYzlQeI+jdrO6KF || minisign -Vm "internal/discovery/organization_list.json" -P RWQKqtqvd0R7rUDp0rWzbtYPA3towPWcLDCl7eY9pBMMI/ohCmrS0WiM
wget -q https://disco.eduvpn.org/v2/server_list.json -O internal/discovery/server_list.json
wget -q https://disco.eduvpn.org/v2/server_list.json.minisig -O internal/discovery/server_list.json.minisig
minisign -Vm "internal/discovery/server_list.json" -P RWRtBSX1alxyGX+Xn3LuZnWUT0w//B6EmTJvgaAxBMYzlQeI+jdrO6KF || minisign -Vm "internal/discovery/server_list.json" -P RWQKqtqvd0R7rUDp0rWzbtYPA3towPWcLDCl7eY9pBMMI/ohCmrS0WiM
cd ..
tar -cJf "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz" "${PROJECT_NAME}-${PROJECT_VERSION}"
rm -rf "${PROJECT_NAME}-${PROJECT_VERSION}"
echo "signing using gpg and minisign"
gpg --default-key ${KEY_ID} --armor --detach-sign "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz"
minisign -Sm "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz"
# upload the release with the github cli tool, this also creates a tag
CHANGES_TRIM=$(sed "/^# $PROJECT_VERSION/,/^#/!d;//d" "CHANGES.md")
if [ "$IS_PRERELEASE" = true ]; then
CHANGES=$(printf "These pre-releases are signed with \`keys/[email protected]\` and \`keys/minisign-CA9409316AC93C07.pub\`\nChangelog:\n%s" "${CHANGES_TRIM}")
gh release create "${PROJECT_VERSION}" --target "${BRANCH}" --title "${PROJECT_VERSION}" --notes "${CHANGES}" --prerelease --repo "$REPO"
else
CHANGES=$(printf "These releases are signed with \`keys/[email protected]\` and \`keys/minisign-CA9409316AC93C07.pub\`\nChangelog:\n%s" "${CHANGES_TRIM}")
gh release create "${PROJECT_VERSION}" --target "${BRANCH}" --title "${PROJECT_VERSION}" --notes "${CHANGES}" --repo "$REPO"
fi
gh release upload "${PROJECT_VERSION}" "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz" --repo "$REPO" "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz.asc" "${RELEASE_DIR}/${PROJECT_NAME}-${PROJECT_VERSION}.tar.xz.minisig"