telmich
/
cdist-mirror
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Make signed github releases.

Browse Source
remotes/origin/4.2
Darko Poljak 9 years ago
parent 81fbf48702
commit 17de2d9b79
3 changed files with 139 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 70
      bin/build-helper
  2. 70
      bin/build-helper.freebsd
  3. 1
      docs/changelog

70
bin/build-helper
Unescape View File

@ -153,7 +153,70 @@ eof
fi
printf "Enter tag description for ${target_version}: "
read tagmessage
git tag "$target_version" -m "$$tagmessage"
# setup for signed tags:
# gpg --fulL-gen-key
# gpg --list-secret-keys --keyid-format LONG
# git config --local user.signingkey <id>
# for exporting pub key:
# gpg --armor --export <id> > pubkey.asc
# gpg --output pubkey.gpg --export <id>
# show tag with signature
# git show <tag>
# verify tag signature
# git tag -v <tag>
#
# gpg verify signature
# gpg --verify <asc-file> <file>
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
#
git tag -s "$target_version" -m "$tagmessage"
git push --tags
;;
sign-git-tag)
if [ $# -lt 3 ]
then
printf "usage: $0 sign-git-tag TAG AUTHTOKEN\n"
exit 1
fi
tag="$2"
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
printf "Tag \"${tag}\" not found.\n"
exit 1
fi
token="$3"
archivename="cdist-${tag}.tar.gz"
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|| exit 1
gpg --armor --detach-sign "${archivename}" || exit 1
# make github release
curl -H "Authorization: token ${token}" \
--request POST \
--data "{ \"tag_name\":\"${tag}\", \
\"target_commitish\":\"master\", \
\"name\": \"${tag}\", \
\"body\":\"${tag}\", \
\"draft\":false, \
\"prerelease\": false}" \
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
# get release ID
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|| exit 1
curl -H "Authorization: token ${token}" \
-H "Accept: application/vnd.github.manifold-preview" \
-H "Content-Type: application/pgp-signature" \
--data-binary @${archivename}.asc \
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|| exit 1
# remove generated files (archive and asc)
rm -f "${archivename}" "${archivename}.asc"
;;
release)
@ -219,6 +282,11 @@ eof
# Tag the current commit
"$0" release-git-tag
# sign git tag
printf "Enter github authentication token: "
read token
"$0" sign-git-tag "${target_version}" "${token}"
# Also merge back the version branch
if [ "$masterbranch" = yes ]; then
git checkout master

70
bin/build-helper.freebsd
Unescape View File

@ -188,7 +188,70 @@ eof
fi
printf "Enter tag description for ${target_version}: "
read tagmessage
git tag "$target_version" -m "$$tagmessage"
# setup for signed tags:
# gpg --fulL-gen-key
# gpg --list-secret-keys --keyid-format LONG
# git config --local user.signingkey <id>
# for exporting pub key:
# gpg --armor --export <id> > pubkey.asc
# gpg --output pubkey.gpg --export <id>
# show tag with signature
# git show <tag>
# verify tag signature
# git tag -v <tag>
#
# gpg verify signature
# gpg --verify <asc-file> <file>
# gpg --no-default-keyring --keyring <pubkey.gpg> --verify <asc-file> <file>
#
git tag -s "$target_version" -m "$tagmessage"
git push --tags
;;
sign-git-tag)
if [ $# -lt 3 ]
then
printf "usage: $0 sign-git-tag TAG TOKEN\n"
exit 1
fi
tag="$2"
if ! git rev-parse -q --verify "${tag}" >/dev/null 2>&1
printf "Tag \"${tag}\" not found.\n"
exit 1
fi
token="$3"
archivename="cdist-${tag}.tar.gz"
git archive --prefix="cdist-${tag}" -o "${archivename}" "${tag}" \
|| exit 1
gpg --armor --detach-sign "${archivename}" || exit 1
# make github release
curl -H "Authorization: token ${token}" \
--request POST \
--data "{ \"tag_name\":\"${tag}\", \
\"target_commitish\":\"master\", \
\"name\": \"${tag}\", \
\"body\":\"${tag}\", \
\"draft\":false, \
\"prerelease\": false}" \
"https://api.github.com/repos/ungleich/cdist/releases" || exit 1
# get release ID
repoid=$(curl "https://api.github.com/repos/ungleich/cdist/releases/tags/${tag}" \
|| python3 -c 'import json; import sys; print(json.loads(sys.stdin.read())["id"])') \
|| exit 1
curl -H "Authorization: token ${token}" \
-H "Accept: application/vnd.github.manifold-preview" \
-H "Content-Type: application/pgp-signature" \
--data-binary @${archivename}.asc \
"https://uploads.github.com/repos/ungleich/cdist/releases/${repoid}/assets?name=${archivename}.asc" \
|| exit 1
# remove generated files (archive and asc)
rm -f "${archivename}" "${archivename}.asc"
;;
release)
@ -254,6 +317,11 @@ eof
# Tag the current commit
"$0" release-git-tag
# sign git tag
printf "Enter github authentication token: "
read token
"$0" sign-git-tag "${target_version}" "${token}"
# Also merge back the version branch
if [ "$masterbranch" = yes ]; then
git checkout master

1
docs/changelog
Unescape View File

@ -2,6 +2,7 @@ Changelog
---------
next:
* Build: Make github signed release (Darko Poljak)
* Core: pep8 (Darko Poljak)
* Documentation: Restructure and fix and improve docs and manpages (Darko Poljak)
* Core: Add files directory for static files (Darko Poljak)

Write Preview
Loading…
Cancel
Save