Skip to content

Commit e19af3b

Browse files
shesekshesek
committed
Add release script
1 parent 3169443 commit e19af3b

2 files changed

Lines changed: 120 additions & 0 deletions

File tree

scripts/release-footer.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
2+
------------
3+
4+
### Verifying signatures
5+
6+
The releases are signed by Nadav Ivgi (@shesek). The public key can be verified on the [PGP WoT](http://keys.gnupg.net/pks/lookup?op=vindex&fingerprint=on&search=0x81F6104CD0F150FC), [github](https://api.github.com/users/shesek/gpg_keys), [twitter](https://twitter.com/shesek), [keybase](https://keybase.io/nadav), [hacker news](https://news.ycombinator.com/user?id=nadaviv) and [this video presentation](https://youtu.be/SXJaN2T3M10?t=4) (bottom of slide).
7+
8+
```bash
9+
# Download (change x86_64-linux to your platform)
10+
$ wget https://github.com/bwt-dev/libbwt/releases/download/vVERSION/libbwt-VERSION-x86_64-linux.tar.gz
11+
12+
# Fetch public key
13+
$ gpg --keyserver keyserver.ubuntu.com --recv-keys FCF19B67866562F08A43AAD681F6104CD0F150FC
14+
15+
# Verify signature
16+
$ wget -qO - https://github.com/bwt-dev/libbwt/releases/download/vVERSION/SHA256SUMS.asc \
17+
| gpg --decrypt - | grep x86_64-linux | sha256sum -c -
18+
```
19+
20+
The signature verification should show `Good signature from "Nadav Ivgi <nadav@shesek.info>" ... Primary key fingerprint: FCF1 9B67 ...` and `libbwt-VERSION-x86_64-linux.tar.gz: OK`.
21+
22+
### Reproducible builds
23+
24+
The builds are fully reproducible.
25+
26+
You can verify the checksums against the vVERSION builds on Travis CI: https://travis-ci.org/github/bwt-dev/libbwt/builds/TRAVIS_JOB
27+
28+
See [more details here](https://github.com/bwt-dev/libbwt#reproducible-builds).

scripts/release.sh

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
#!/bin/bash
2+
set -xeo pipefail
3+
shopt -s expand_aliases
4+
5+
gh_repo=bwt-dev/libbwt
6+
7+
git diff-index --quiet HEAD || (echo >&2 git working directory is dirty && exit 1)
8+
9+
[ -n "$BWT_COMMIT" ] || (echo >&2 BWT_COMMIT is required && exit 1)
10+
11+
(cd bwt && git fetch local && git reset --hard $BWT_COMMIT)
12+
13+
version=$(grep -E '^version =' bwt/Cargo.toml | cut -d'"' -f2)
14+
15+
echo -e "Releasing libbwt v$version\n"
16+
17+
# Update version number to match that of bwt
18+
sed -i -s "s/^version = .*/version = "\""$version"\""/" Cargo.toml
19+
20+
# Prepare unreleased changelog
21+
changelog=$(sed -nr '/^## (Unreleased|'$version' )/{n;:a;n;/^## /q;p;ba}' CHANGELOG.md)
22+
changelog="- Update to [bwt v$version](https://github.com/bwt-dev/bwt/releases/tag/v$version)"$'\n'$changelog
23+
grep '## Unreleased' CHANGELOG.md > /dev/null \
24+
&& sed -i "s/^## Unreleased/## $version - $(date +%Y-%m-%d)/" CHANGELOG.md
25+
26+
# Update version number in README
27+
sed -i -r "s~libbwt-[0-9a-z.-]+-x86_64-linux\.~libbwt-$version-x86_64-linux.~g; s~/(download|tag)/v[0-9a-z.-]+~/\1/v$version~;" README.md
28+
29+
# Check
30+
if [ -z "$SKIP_CHECK" ]; then
31+
echo Checking...
32+
cargo fmt -- --check
33+
cargo check
34+
fi
35+
36+
# Build
37+
if [ -z "$SKIP_BUILD" ]; then
38+
echo Building...
39+
rm -rf dist/*
40+
41+
docker_run() {
42+
docker run -it --rm -u $(id -u) -v $(pwd):/usr/src/libbwt \
43+
-v ${CARGO_HOME:-$HOME/.cargo}:/usr/local/cargo \
44+
-v ${SCCACHE_DIR:-$HOME/.cache/sccache}:/usr/local/sccache \
45+
-w /usr/src/libbwt --entrypoint scripts/build.sh $1
46+
}
47+
docker_run bwt-builder
48+
docker_run bwt-builder-osx
49+
50+
rm -rf dist/*/ # remove subdirectories, keep files only
51+
fi
52+
53+
# Sign
54+
(cd dist && sha256sum *) | sort | gpg --clearsign --digest-algo sha256 > SHA256SUMS.asc
55+
56+
# Git tag and push
57+
if [ -z "$SKIP_GIT" ]; then
58+
git add Cargo.{toml,lock} {CHANGELOG,README}.md SHA256SUMS.asc bwt
59+
git commit -S -m v$version
60+
git tag --sign -m "$changelog" v$version
61+
git branch -f latest HEAD
62+
git push gh master latest
63+
git push gh --tags
64+
fi
65+
66+
# Upload distribution files to GitHub releases
67+
if [[ -z "$SKIP_UPLOAD" && -n "$GH_TOKEN" ]]; then
68+
echo Uploading to github...
69+
gh_auth="Authorization: token $GH_TOKEN"
70+
gh_base=https://api.github.com/repos/$gh_repo
71+
72+
sleep 3 # allow some time for the job to show up on travis
73+
travis_job=$(curl -s "https://api.travis-ci.org/v3/repo/${gh_repo/\//%2F}/branch/v$version" | jq -r '.last_build.id // ""')
74+
75+
release_text="### Changelog"$'\n'$'\n'$changelog$'\n'$'\n'$(sed "s/VERSION/$version/g; s/TRAVIS_JOB/$travis_job/g;" scripts/release-footer.md)
76+
release_opt=$(jq -n --arg version v$version --arg text "$release_text" \
77+
'{ tag_name: $version, name: $version, body: $text, draft:true }')
78+
gh_release=$(curl -sf -H "$gh_auth" $gh_base/releases/tags/v$version \
79+
|| curl -sf -H "$gh_auth" -d "$release_opt" $gh_base/releases)
80+
gh_upload=$(echo "$gh_release" | jq -r .upload_url | sed -e 's/{?name,label}//')
81+
82+
for file in SHA256SUMS.asc dist/*; do
83+
echo ">> Uploading $file"
84+
85+
curl -f --progress-bar -H "$gh_auth" -H "Content-Type: application/octet-stream" \
86+
--data-binary @"$file" "$gh_upload?name=$(basename "$file")" | (grep -v browser_download_url || true)
87+
done
88+
89+
# mark release as public once everything is ready
90+
curl -sf -H "$gh_auth" -X PATCH "$gh_base/releases/$(echo "$gh_release" | jq -r .id)" \
91+
-d '{"draft":false}' > /dev/null
92+
fi

0 commit comments

Comments
 (0)