Skip to content

Commit

Permalink
tools: remove bashisms from release script
Browse files Browse the repository at this point in the history
PR-URL: #36123
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
  • Loading branch information
aduh95 authored and danielleadams committed Dec 7, 2020
1 parent b885409 commit 2868ffb
Showing 1 changed file with 67 additions and 69 deletions.
136 changes: 67 additions & 69 deletions tools/release.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env bash
#!/bin/sh

# To promote and sign a release that has been prepared by the build slaves, use:
# release.sh
Expand Down Expand Up @@ -28,7 +28,7 @@ while getopts ":i:s:" option; do
echo "Invalid option -$OPTARG."
exit 1
;;
:)
*)
echo "Option -$OPTARG takes a parameter."
exit 1
;;
Expand All @@ -42,109 +42,107 @@ shift $((OPTIND-1))
echo "# Selecting GPG key ..."

gpgkey=$(gpg --list-secret-keys --keyid-format SHORT | awk -F'( +|/)' '/^(sec|ssb)/{print $3}')
keycount=$(echo $gpgkey | wc -w)
keycount=$(echo "$gpgkey" | wc -w)

if [ $keycount -eq 0 ]; then
if [ "$keycount" -eq 0 ]; then
# shellcheck disable=SC2016
echo 'Need at least one GPG key, please make one with `gpg --gen-key`'
echo 'You will also need to submit your key to a public keyserver, e.g.'
echo ' https://sks-keyservers.net/i/#submit'
exit 1
elif [ $keycount -ne 1 ]; then
echo -e 'You have multiple GPG keys:\n'
elif [ "$keycount" -ne 1 ]; then
printf "You have multiple GPG keys:\n\n"

gpg --list-secret-keys

while true; do
echo $gpgkey | awk '{ for(i = 1; i <= NF; i++) { print i ") " $i; } }'
echo -n 'Select a key: '
read keynum

if $(test "$keynum" -eq "$keynum" > /dev/null 2>&1); then
_gpgkey=$(echo $gpgkey | awk '{ print $'${keynum}'}')
keycount=$(echo $_gpgkey | wc -w)
if [ $keycount -eq 1 ]; then
echo ""
gpgkey=$_gpgkey
break
fi
fi
keynum=
while [ -z "${keynum##*[!0-9]*}" ] || [ "$keynum" -le 0 ] || [ "$keynum" -gt "$keycount" ]; do
echo "$gpgkey" | awk '{ for(i = 1; i <= NF; i++) { print i ") " $i; } }'
printf 'Select a key: '
read -r keynum
done
echo ""
gpgkey=$(echo "$gpgkey" | awk "{ print \$${keynum}}")
fi

gpgfing=$(gpg --keyid-format 0xLONG --fingerprint $gpgkey | grep 'Key fingerprint =' | awk -F' = ' '{print $2}' | tr -d ' ')
gpgfing=$(gpg --keyid-format 0xLONG --fingerprint "$gpgkey" | grep 'Key fingerprint =' | awk -F' = ' '{print $2}' | tr -d ' ')

grep "$gpgfing" README.md || (\
echo 'Error: this GPG key fingerprint is not listed in ./README.md' && \
exit 1 \
)

if ! test "$(grep $gpgfing README.md)"; then
echo 'Error: this GPG key fingerprint is not listed in ./README.md'
exit 1
fi

echo "Using GPG key: $gpgkey"
echo " Fingerprint: $gpgfing"

function checktag {
local version=$1
checktag() {
# local version=$1

if ! git tag -v $version 2>&1 | grep "${gpgkey}" | grep key > /dev/null; then
echo "Could not find signed tag for \"${version}\" or GPG key is not yours"
if ! git tag -v "$1" 2>&1 | grep "${gpgkey}" | grep key > /dev/null; then
echo "Could not find signed tag for \"$1\" or GPG key is not yours"
exit 1
fi
}

################################################################################
## Create and sign checksums file for a given version

function sign {
echo -e "\n# Creating SHASUMS256.txt ..."
sign() {
printf "\n# Creating SHASUMS256.txt ...\n"

local version=$1
# local version=$1

ghtaggedversion=$(curl -sL https://raw.githubusercontent.com/nodejs/node/${version}/src/node_version.h \
ghtaggedversion=$(curl -sL https://raw.githubusercontent.com/nodejs/node/"$1"/src/node_version.h \
| awk '/define NODE_(MAJOR|MINOR|PATCH)_VERSION/{ v = v "." $3 } END{ v = "v" substr(v, 2); print v }')
if [ "${version}" != "${ghtaggedversion}" ]; then
if [ "$1" != "${ghtaggedversion}" ]; then
echo "Could not find tagged version on github.com/nodejs/node, did you push your tag?"
exit 1
fi

shapath=$(ssh ${customsshkey} ${webuser}@${webhost} $signcmd nodejs $version)
# shellcheck disable=SC2029
shapath=$(ssh "${customsshkey}" "${webuser}@${webhost}" $signcmd nodejs "$1")

if ! [[ ${shapath} =~ ^/.+/SHASUMS256.txt$ ]]; then
echo 'Error: No SHASUMS file returned by sign!'
echo "${shapath}" | grep -q '^/.*/SHASUMS256.txt$' || \
echo 'Error: No SHASUMS file returned by sign!' \
exit 1
fi

echo -e "\n# Signing SHASUMS for ${version}..."
echo ""
echo "# Signing SHASUMS for $1..."

shafile=$(basename $shapath)
shadir=$(dirname $shapath)
shafile=$(basename "$shapath")
shadir=$(dirname "$shapath")
tmpdir="/tmp/_node_release.$$"

mkdir -p $tmpdir

scp ${customsshkey} ${webuser}@${webhost}:${shapath} ${tmpdir}/${shafile}
scp "${customsshkey}" "${webuser}@${webhost}:${shapath}" "${tmpdir}/${shafile}"

gpg --default-key $gpgkey --clearsign --digest-algo SHA256 ${tmpdir}/${shafile}
gpg --default-key $gpgkey --detach-sign --digest-algo SHA256 ${tmpdir}/${shafile}
gpg --default-key "$gpgkey" --clearsign --digest-algo SHA256 ${tmpdir}/"${shafile}"
gpg --default-key "$gpgkey" --detach-sign --digest-algo SHA256 ${tmpdir}/"${shafile}"

echo "Wrote to ${tmpdir}/"

echo -e "Your signed ${shafile}.asc:\n"
echo "Your signed ${shafile}.asc:"
echo ""

cat ${tmpdir}/${shafile}.asc
cat "${tmpdir}/${shafile}.asc"

echo ""

while true; do
echo -n "Upload files? [y/n] "
printf "Upload files? [y/n] "
yorn=""
read yorn
read -r yorn

if [ "X${yorn}" == "Xn" ]; then
if [ "X${yorn}" = "Xn" ]; then
break
fi

if [ "X${yorn}" == "Xy" ]; then
scp ${customsshkey} ${tmpdir}/${shafile} ${tmpdir}/${shafile}.asc ${tmpdir}/${shafile}.sig ${webuser}@${webhost}:${shadir}/
ssh ${customsshkey} ${webuser}@${webhost} chmod 644 ${shadir}/${shafile}.asc ${shadir}/${shafile}.sig
if [ "X${yorn}" = "Xy" ]; then
scp "${customsshkey}" "${tmpdir}/${shafile}" "${tmpdir}/${shafile}.asc" "${tmpdir}/${shafile}.sig" "${webuser}@${webhost}:${shadir}/"
#shellcheck disable=SC2029
ssh "${customsshkey}" "${webuser}@${webhost}" chmod 644 "${shadir}/${shafile}.asc" "${shadir}/${shafile}.sig"
break
fi
done
Expand All @@ -154,8 +152,8 @@ function sign {


if [ -n "${signversion}" ]; then
checktag $signversion
sign $signversion
checktag "$signversion"
sign "$signversion"
exit 0
fi

Expand All @@ -164,16 +162,17 @@ fi
################################################################################
## Look for releases to promote

echo -e "\n# Checking for releases ..."
printf "\n# Checking for releases ...\n"

promotable=$(ssh ${customsshkey} ${webuser}@${webhost} $promotablecmd nodejs)
promotable=$(ssh "${customsshkey}" "$webuser@$webhost" $promotablecmd nodejs)

if [ "X${promotable}" == "X" ]; then
if [ "X${promotable}" = "X" ]; then
echo "No releases to promote!"
exit 0
fi

echo -e "Found the following releases / builds ready to promote:\n"
echo "Found the following releases / builds ready to promote:"
echo ""
echo "$promotable" | sed 's/^/ * /'
echo ""

Expand All @@ -184,28 +183,27 @@ versions=$(echo "$promotable" | cut -d: -f1)

for version in $versions; do
while true; do
files=$(echo "$promotable" | grep "^${version}" | sed 's/^'${version}': //')
echo -n "Promote ${version} files (${files})? [y/n] "
files=$(echo "$promotable" | grep "^${version}" | sed 's/^'"${version}"': //')
printf "Promote %s files (%s)? [y/n] " "${version}" "${files}"
yorn=""
read yorn
read -r yorn

if [ "X${yorn}" == "Xn" ]; then
if [ "X${yorn}" = "Xn" ]; then
break
fi

if [ "X${yorn}" != "Xy" ]; then
continue
fi

checktag $version

echo -e "\n# Promoting ${version}..."
checktag "$version"

ssh ${customsshkey} ${webuser}@${webhost} $promotecmd nodejs $version
echo ""
echo "# Promoting ${version}..."

if [ $? -eq 0 ];then
sign $version
fi
# shellcheck disable=SC2029
ssh "${customsshkey}" "$webuser@$webhost" $promotecmd nodejs "$version" && \
sign "$version"

break
done
Expand Down

0 comments on commit 2868ffb

Please sign in to comment.