Merge pull request #462 from darko-poljak/signed-release
Make signed github releases.
This commit is contained in:
Nico Schottelius
GitHub
commit
001232f0d7
3 changed files with 161 additions and 2 deletions
|
|
@ -153,7 +153,81 @@ eof
|
||||||
fi
|
fi
|
||||||
printf "Enter tag description for ${target_version}: "
|
printf "Enter tag description for ${target_version}: "
|
||||||
read tagmessage
|
read tagmessage
|
||||||
git tag "$target_version" -m "$$tagmessage"
|
|
||||||
|
# setup for signed tags:
|
||||||
|
# gpg --fulL-gen-key
|
||||||
|
# gpg --list-secret-keys --keyid-format LONG
|
||||||
|
# git config --local user.signingkey <id>
|
||||||
|
# for exporting pub key:
|
||||||
|
# gpg --armor --export <id> > pubkey.asc
|
||||||
|
# gpg --output pubkey.gpg --export <id>
|
||||||
|
# show tag with signature
|
||||||
|
# git show <tag>
|
||||||
|
# verify tag signature
|
||||||
|
# git tag -v <tag>
|
||||||
|
#
|
||||||
|
# gpg verify signature
|
||||||
|
# gpg --verify <asc-file> <file>
|
||||||
|
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
|
||||||
|
#
|
||||||
|
|
||||||
|
git tag -s "$target_version" -m "$tagmessage"
|
||||||
|
git push --tags
|
||||||
|
;;
|
||||||
|
|
||||||
|
sign-git-release)
|
||||||
|
if [ $# -lt 2 ]
|
||||||
|
then
|
||||||
|
printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
|
||||||
|
printf " if ARCHIVE is not specified then it is created\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
tag="$1"
|
||||||
|
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
printf "Tag \"${tag}\" not found.\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
token="$2"
|
||||||
|
if [ $# -ge 2 ]
|
||||||
|
then
|
||||||
|
archivename="$3"
|
||||||
|
else
|
||||||
|
archivename="cdist-${tag}.tar.gz"
|
||||||
|
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|
||||||
|
|| exit 1
|
||||||
|
fi
|
||||||
|
gpg --armor --detach-sign "${archivename}" || exit 1
|
||||||
|
|
||||||
|
# make github release
|
||||||
|
curl -H "Authorization: token ${token}" \
|
||||||
|
--request POST \
|
||||||
|
--data "{ \"tag_name\":\"${tag}\", \
|
||||||
|
\"target_commitish\":\"master\", \
|
||||||
|
\"name\": \"${tag}\", \
|
||||||
|
\"body\":\"${tag}\", \
|
||||||
|
\"draft\":false, \
|
||||||
|
\"prerelease\": false}" \
|
||||||
|
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
|
||||||
|
|
||||||
|
# get release ID
|
||||||
|
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|
||||||
|
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|
||||||
|
|| exit 1
|
||||||
|
|
||||||
|
curl -H "Authorization: token ${token}" \
|
||||||
|
-H "Accept: application/vnd.github.manifold-preview" \
|
||||||
|
-H "Content-Type: application/pgp-signature" \
|
||||||
|
--data-binary @${archivename}.asc \
|
||||||
|
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|
||||||
|
|| exit 1
|
||||||
|
|
||||||
|
# remove generated files (archive and asc)
|
||||||
|
if [ $# -ge 2]
|
||||||
|
then
|
||||||
|
rm -f "${archivename}"
|
||||||
|
fi
|
||||||
|
rm -f "${archivename}.asc"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
release)
|
release)
|
||||||
|
|
@ -219,6 +293,11 @@ eof
|
||||||
# Tag the current commit
|
# Tag the current commit
|
||||||
"$0" release-git-tag
|
"$0" release-git-tag
|
||||||
|
|
||||||
|
# sign git tag
|
||||||
|
printf "Enter github authentication token: "
|
||||||
|
read token
|
||||||
|
"$0" sign-git-release "${target_version}" "${token}"
|
||||||
|
|
||||||
# Also merge back the version branch
|
# Also merge back the version branch
|
||||||
if [ "$masterbranch" = yes ]; then
|
if [ "$masterbranch" = yes ]; then
|
||||||
git checkout master
|
git checkout master
|
||||||
|
|
|
||||||
|
|
@ -188,7 +188,81 @@ eof
|
||||||
fi
|
fi
|
||||||
printf "Enter tag description for ${target_version}: "
|
printf "Enter tag description for ${target_version}: "
|
||||||
read tagmessage
|
read tagmessage
|
||||||
git tag "$target_version" -m "$$tagmessage"
|
|
||||||
|
# setup for signed tags:
|
||||||
|
# gpg --fulL-gen-key
|
||||||
|
# gpg --list-secret-keys --keyid-format LONG
|
||||||
|
# git config --local user.signingkey <id>
|
||||||
|
# for exporting pub key:
|
||||||
|
# gpg --armor --export <id> > pubkey.asc
|
||||||
|
# gpg --output pubkey.gpg --export <id>
|
||||||
|
# show tag with signature
|
||||||
|
# git show <tag>
|
||||||
|
# verify tag signature
|
||||||
|
# git tag -v <tag>
|
||||||
|
#
|
||||||
|
# gpg verify signature
|
||||||
|
# gpg --verify <asc-file> <file>
|
||||||
|
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
|
||||||
|
#
|
||||||
|
|
||||||
|
git tag -s "$target_version" -m "$tagmessage"
|
||||||
|
git push --tags
|
||||||
|
;;
|
||||||
|
|
||||||
|
sign-git-release)
|
||||||
|
if [ $# -lt 2 ]
|
||||||
|
then
|
||||||
|
printf "usage: $0 sign-git-release TAG TOKEN [ARCHIVE]\n"
|
||||||
|
printf " if ARCHIVE is not specified then it is created\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
tag="$1"
|
||||||
|
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
printf "Tag \"${tag}\" not found.\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
token="$2"
|
||||||
|
if [ $# -ge 2 ]
|
||||||
|
then
|
||||||
|
archivename="$3"
|
||||||
|
else
|
||||||
|
archivename="cdist-${tag}.tar.gz"
|
||||||
|
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|
||||||
|
|| exit 1
|
||||||
|
fi
|
||||||
|
gpg --armor --detach-sign "${archivename}" || exit 1
|
||||||
|
|
||||||
|
# make github release
|
||||||
|
curl -H "Authorization: token ${token}" \
|
||||||
|
--request POST \
|
||||||
|
--data "{ \"tag_name\":\"${tag}\", \
|
||||||
|
\"target_commitish\":\"master\", \
|
||||||
|
\"name\": \"${tag}\", \
|
||||||
|
\"body\":\"${tag}\", \
|
||||||
|
\"draft\":false, \
|
||||||
|
\"prerelease\": false}" \
|
||||||
|
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
|
||||||
|
|
||||||
|
# get release ID
|
||||||
|
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|
||||||
|
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|
||||||
|
|| exit 1
|
||||||
|
|
||||||
|
curl -H "Authorization: token ${token}" \
|
||||||
|
-H "Accept: application/vnd.github.manifold-preview" \
|
||||||
|
-H "Content-Type: application/pgp-signature" \
|
||||||
|
--data-binary @${archivename}.asc \
|
||||||
|
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|
||||||
|
|| exit 1
|
||||||
|
|
||||||
|
# remove generated files (archive and asc)
|
||||||
|
if [ $# -ge 2]
|
||||||
|
then
|
||||||
|
rm -f "${archivename}"
|
||||||
|
fi
|
||||||
|
rm -f "${archivename}.asc"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
release)
|
release)
|
||||||
|
|
@ -254,6 +328,11 @@ eof
|
||||||
# Tag the current commit
|
# Tag the current commit
|
||||||
"$0" release-git-tag
|
"$0" release-git-tag
|
||||||
|
|
||||||
|
# sign git tag
|
||||||
|
printf "Enter github authentication token: "
|
||||||
|
read token
|
||||||
|
"$0" sign-git-release "${target_version}" "${token}"
|
||||||
|
|
||||||
# Also merge back the version branch
|
# Also merge back the version branch
|
||||||
if [ "$masterbranch" = yes ]; then
|
if [ "$masterbranch" = yes ]; then
|
||||||
git checkout master
|
git checkout master
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ Changelog
|
||||||
---------
|
---------
|
||||||
|
|
||||||
next:
|
next:
|
||||||
|
* Build: Make github signed release (Darko Poljak)
|
||||||
* Core: Fix hostdir: use hash instead of target host (Steven Armstrong)
|
* Core: Fix hostdir: use hash instead of target host (Steven Armstrong)
|
||||||
* Core: pep8 (Darko Poljak)
|
* Core: pep8 (Darko Poljak)
|
||||||
* Documentation: Restructure and fix and improve docs and manpages (Darko Poljak)
|
* Documentation: Restructure and fix and improve docs and manpages (Darko Poljak)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue