Merge pull request #462 from darko-poljak/signed-release
Make signed github releases.
This commit is contained in:
commit
001232f0d7
3 changed files with 161 additions and 2 deletions
|
@ -153,7 +153,81 @@ eof
|
|||
fi
|
||||
printf "Enter tag description for ${target_version}: "
|
||||
read tagmessage
|
||||
git tag "$target_version" -m "$$tagmessage"
|
||||
|
||||
# setup for signed tags:
|
||||
# gpg --fulL-gen-key
|
||||
# gpg --list-secret-keys --keyid-format LONG
|
||||
# git config --local user.signingkey <id>
|
||||
# for exporting pub key:
|
||||
# gpg --armor --export <id> > pubkey.asc
|
||||
# gpg --output pubkey.gpg --export <id>
|
||||
# show tag with signature
|
||||
# git show <tag>
|
||||
# verify tag signature
|
||||
# git tag -v <tag>
|
||||
#
|
||||
# gpg verify signature
|
||||
# gpg --verify <asc-file> <file>
|
||||
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
|
||||
#
|
||||
|
||||
git tag -s "$target_version" -m "$tagmessage"
|
||||
git push --tags
|
||||
;;
|
||||
|
||||
sign-git-release)
|
||||
if [ $# -lt 2 ]
|
||||
then
|
||||
printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
|
||||
printf " if ARCHIVE is not specified then it is created\n"
|
||||
exit 1
|
||||
fi
|
||||
tag="$1"
|
||||
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
|
||||
then
|
||||
printf "Tag \"${tag}\" not found.\n"
|
||||
exit 1
|
||||
fi
|
||||
token="$2"
|
||||
if [ $# -ge 2 ]
|
||||
then
|
||||
archivename="$3"
|
||||
else
|
||||
archivename="cdist-${tag}.tar.gz"
|
||||
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|
||||
|| exit 1
|
||||
fi
|
||||
gpg --armor --detach-sign "${archivename}" || exit 1
|
||||
|
||||
# make github release
|
||||
curl -H "Authorization: token ${token}" \
|
||||
--request POST \
|
||||
--data "{ \"tag_name\":\"${tag}\", \
|
||||
\"target_commitish\":\"master\", \
|
||||
\"name\": \"${tag}\", \
|
||||
\"body\":\"${tag}\", \
|
||||
\"draft\":false, \
|
||||
\"prerelease\": false}" \
|
||||
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
|
||||
|
||||
# get release ID
|
||||
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|
||||
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|
||||
|| exit 1
|
||||
|
||||
curl -H "Authorization: token ${token}" \
|
||||
-H "Accept: application/vnd.github.manifold-preview" \
|
||||
-H "Content-Type: application/pgp-signature" \
|
||||
--data-binary @${archivename}.asc \
|
||||
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|
||||
|| exit 1
|
||||
|
||||
# remove generated files (archive and asc)
|
||||
if [ $# -ge 2]
|
||||
then
|
||||
rm -f "${archivename}"
|
||||
fi
|
||||
rm -f "${archivename}.asc"
|
||||
;;
|
||||
|
||||
release)
|
||||
|
@ -219,6 +293,11 @@ eof
|
|||
# Tag the current commit
|
||||
"$0" release-git-tag
|
||||
|
||||
# sign git tag
|
||||
printf "Enter github authentication token: "
|
||||
read token
|
||||
"$0" sign-git-release "${target_version}" "${token}"
|
||||
|
||||
# Also merge back the version branch
|
||||
if [ "$masterbranch" = yes ]; then
|
||||
git checkout master
|
||||
|
|
|
@ -188,7 +188,81 @@ eof
|
|||
fi
|
||||
printf "Enter tag description for ${target_version}: "
|
||||
read tagmessage
|
||||
git tag "$target_version" -m "$$tagmessage"
|
||||
|
||||
# setup for signed tags:
|
||||
# gpg --fulL-gen-key
|
||||
# gpg --list-secret-keys --keyid-format LONG
|
||||
# git config --local user.signingkey <id>
|
||||
# for exporting pub key:
|
||||
# gpg --armor --export <id> > pubkey.asc
|
||||
# gpg --output pubkey.gpg --export <id>
|
||||
# show tag with signature
|
||||
# git show <tag>
|
||||
# verify tag signature
|
||||
# git tag -v <tag>
|
||||
#
|
||||
# gpg verify signature
|
||||
# gpg --verify <asc-file> <file>
|
||||
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
|
||||
#
|
||||
|
||||
git tag -s "$target_version" -m "$tagmessage"
|
||||
git push --tags
|
||||
;;
|
||||
|
||||
sign-git-release)
|
||||
if [ $# -lt 2 ]
|
||||
then
|
||||
printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
|
||||
printf " if ARCHIVE is not specified then it is created\n"
|
||||
exit 1
|
||||
fi
|
||||
tag="$1"
|
||||
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
|
||||
then
|
||||
printf "Tag \"${tag}\" not found.\n"
|
||||
exit 1
|
||||
fi
|
||||
token="$2"
|
||||
if [ $# -ge 2 ]
|
||||
then
|
||||
archivename="$3"
|
||||
else
|
||||
archivename="cdist-${tag}.tar.gz"
|
||||
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|
||||
|| exit 1
|
||||
fi
|
||||
gpg --armor --detach-sign "${archivename}" || exit 1
|
||||
|
||||
# make github release
|
||||
curl -H "Authorization: token ${token}" \
|
||||
--request POST \
|
||||
--data "{ \"tag_name\":\"${tag}\", \
|
||||
\"target_commitish\":\"master\", \
|
||||
\"name\": \"${tag}\", \
|
||||
\"body\":\"${tag}\", \
|
||||
\"draft\":false, \
|
||||
\"prerelease\": false}" \
|
||||
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
|
||||
|
||||
# get release ID
|
||||
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|
||||
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|
||||
|| exit 1
|
||||
|
||||
curl -H "Authorization: token ${token}" \
|
||||
-H "Accept: application/vnd.github.manifold-preview" \
|
||||
-H "Content-Type: application/pgp-signature" \
|
||||
--data-binary @${archivename}.asc \
|
||||
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|
||||
|| exit 1
|
||||
|
||||
# remove generated files (archive and asc)
|
||||
if [ $# -ge 2]
|
||||
then
|
||||
rm -f "${archivename}"
|
||||
fi
|
||||
rm -f "${archivename}.asc"
|
||||
;;
|
||||
|
||||
release)
|
||||
|
@ -254,6 +328,11 @@ eof
|
|||
# Tag the current commit
|
||||
"$0" release-git-tag
|
||||
|
||||
# sign git tag
|
||||
printf "Enter github authentication token: "
|
||||
read token
|
||||
"$0" sign-git-release "${target_version}" "${token}"
|
||||
|
||||
# Also merge back the version branch
|
||||
if [ "$masterbranch" = yes ]; then
|
||||
git checkout master
|
||||
|
|
|
@ -2,6 +2,7 @@ Changelog
|
|||
---------
|
||||
|
||||
next:
|
||||
* Build: Make github signed release (Darko Poljak)
|
||||
* Core: Fix hostdir: use hash instead of target host (Steven Armstrong)
|
||||
* Core: pep8 (Darko Poljak)
|
||||
* Documentation: Restructure and fix and improve docs and manpages (Darko Poljak)
|
||||
|
|
Loading…
Reference in a new issue