From 549144450bb975957b58e3086a396c51bff60b4e Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 3 May 2018 11:44:47 +0200 Subject: release: create, sign and upload tar ball --- release | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100755 release diff --git a/release b/release new file mode 100755 index 0000000..17eac93 --- /dev/null +++ b/release @@ -0,0 +1,123 @@ +#!/bin/sh + +base_dir=$( + dirname "$( + readlink -f "$0" + )" +) +git_dir=$( + pwd +) + +api_url='https://api.github.com' +auth='Authorization: token '"$( + gpg -d -o - "${base_dir}/pw.gpg" 2>/dev/null +)" + +if [ -n "$(git status --porcelain 2>&1)" ]; then + >&2 echo 'Error: git state is not clean.' + exit 1 +fi + +if [ -n "$1" ]; then + tag="$1" + shift +else + tag="v$(date +'%Y%m%d')" +fi + +if [ $# -ne 0 ] || [ -z "${tag}" ]; then + >&2 echo 'usage:' + >&2 echo ' release $tag' + >&2 echo 'or' + >&2 echo ' release' + exit 1 +fi + +owner=$(basename "$(dirname "${git_dir}")") +repo=$(basename "${git_dir}") + +repo_url="${api_url}/repos/${owner}/${repo}" +tags_url="${repo_url}/releases/tags/${tag}" + +>&2 printf 'Try to authenticate ...' +response=$( + curl -sH "${auth}" "${repo_url}" +) + +if echo "${response}" | \ + grep -qF '"Bad credentials"'; then + >&2 printf '\nError: Bad credentials.\n' + >&2 printf '%s\n' "${response}" + exit 1 +fi +>&2 printf ' ok.\n' + +>&2 printf 'Creating tag ...' +if ! git tag -s -m "Release ${tag}" "${tag}"; then + >&2 printf '\nError: Failed to create tag %s.\n' "${tag}" + exit 1 +fi +>&2 printf ' ok.\n' + +tmp_dir=$(mktemp -d) +trap 'rm -rf --one-file-system "${tmp_dir:?}"' EXIT + +>&2 printf 'Creating and signing tarball ...' +git archive "${tag}" | \ + xz -9 > \ + "${tmp_dir}/${repo}-${tag}.tar.xz" +if ! gpg --detach-sign --local-user erich@eckner.net --local-user arch@eckner.net "${tmp_dir}/${repo}-${tag}.tar.xz"; then + >&2 printf '\nError: Failed to sign release tarball.\n' + exit 1 +fi +>&2 printf ' ok.\n' + +>&2 printf 'Pushing tags ...' +if ! git push --tags; then + >&2 printf '\nError: Failed to push tags.\n' + exit 1 +fi +>&2 printf ' ok.\n' + +>&2 printf 'Creating release from tag ...' +response=$( + printf '"%s": "%s"\n' \ + 'tag_name' "${tag}" \ + 'name' "${tag}" \ + 'body' "Release ${tag}" | \ + sed ' + s/^/ / + 1 i { + $! s/$/,/ + $ a } + ' | \ + curl -sH "${auth}" -d @- "${repo_url}/releases" +) +eval $( + printf '%s\n' "${response}" | \ + grep -m1 '"id":' | \ + tr : = | \ + tr -cd '[[:alnum:]]=' +) +if [ -z "${id}" ]; then + >&2 printf '\nError: Failed to create/get release id for tag %s.\n' "${tag}" + >&2 printf '%s\n' "${response}" + exit 1 +fi +>&2 printf ' ok.\n' + +>&2 printf 'Uploading tarball and signature ...' +for suffix in '' '.sig'; do + + upload_url="https://uploads.github.com/repos/${owner}/${repo}/releases/${id}/assets?name=${repo}-${tag}.tar.xz${suffix}" + + curl \ + --data-binary @"${tmp_dir}/${repo}-${tag}.tar.xz${suffix}" \ + -H "${auth}" \ + -H "Content-Type: application/octet-stream" \ + "${upload_url}" + printf '\n' + +done +>&2 printf ' ok.\n' -- cgit v1.2.3-70-g09d2