summaryrefslogtreecommitdiff
path: root/release
blob: 17eac930fb0fc58e8e8e52d5f722ceb114ce2892 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/sh

base_dir=$(
  dirname "$(
    readlink -f "$0"
  )"
)
git_dir=$(
  pwd
)

api_url='https://api.github.com'
auth='Authorization: token '"$(
  gpg -d -o - "${base_dir}/pw.gpg" 2>/dev/null
)"

if [ -n "$(git status --porcelain 2>&1)" ]; then
  >&2 echo 'Error: git state is not clean.'
  exit 1
fi

if [ -n "$1" ]; then
  tag="$1"
  shift
else
  tag="v$(date +'%Y%m%d')"
fi

if [ $# -ne 0 ] || [ -z "${tag}" ]; then
  >&2 echo 'usage:'
  >&2 echo '  release $tag'
  >&2 echo 'or'
  >&2 echo '  release'
  exit 1
fi

owner=$(basename "$(dirname "${git_dir}")")
repo=$(basename "${git_dir}")

repo_url="${api_url}/repos/${owner}/${repo}"
tags_url="${repo_url}/releases/tags/${tag}"

>&2 printf 'Try to authenticate ...'
response=$(
  curl -sH "${auth}" "${repo_url}"
)

if echo "${response}" | \
  grep -qF '"Bad credentials"'; then
  >&2 printf '\nError: Bad credentials.\n'
  >&2 printf '%s\n' "${response}"
  exit 1
fi
>&2 printf ' ok.\n'

>&2 printf 'Creating tag ...'
if ! git tag -s -m "Release ${tag}" "${tag}"; then
  >&2 printf '\nError: Failed to create tag %s.\n' "${tag}"
  exit 1
fi
>&2 printf ' ok.\n'

tmp_dir=$(mktemp -d)
trap 'rm -rf --one-file-system "${tmp_dir:?}"' EXIT

>&2 printf 'Creating and signing tarball ...'
git archive "${tag}" | \
  xz -9 > \
  "${tmp_dir}/${repo}-${tag}.tar.xz"
if ! gpg --detach-sign --local-user erich@eckner.net --local-user arch@eckner.net "${tmp_dir}/${repo}-${tag}.tar.xz"; then
  >&2 printf '\nError: Failed to sign release tarball.\n'
  exit 1
fi
>&2 printf ' ok.\n'

>&2 printf 'Pushing tags ...'
if ! git push --tags; then
  >&2 printf '\nError: Failed to push tags.\n'
  exit 1
fi
>&2 printf ' ok.\n'

>&2 printf 'Creating release from tag ...'
response=$(
  printf '"%s": "%s"\n' \
    'tag_name' "${tag}" \
    'name' "${tag}" \
    'body' "Release ${tag}" | \
    sed '
      s/^/  /
      1 i {
      $! s/$/,/
      $ a }
    ' | \
    curl -sH "${auth}" -d @- "${repo_url}/releases"
)
eval $(
  printf '%s\n' "${response}" | \
    grep -m1 '"id":' | \
    tr : = | \
    tr -cd '[[:alnum:]]='
)
if [ -z "${id}" ]; then
  >&2 printf '\nError: Failed to create/get release id for tag %s.\n' "${tag}"
  >&2 printf '%s\n' "${response}"
  exit 1
fi
>&2 printf ' ok.\n'

>&2 printf 'Uploading tarball and signature ...'
for suffix in '' '.sig'; do

  upload_url="https://uploads.github.com/repos/${owner}/${repo}/releases/${id}/assets?name=${repo}-${tag}.tar.xz${suffix}"

  curl \
    --data-binary @"${tmp_dir}/${repo}-${tag}.tar.xz${suffix}" \
    -H "${auth}" \
    -H "Content-Type: application/octet-stream" \
    "${upload_url}"
  printf '\n'

done
>&2 printf ' ok.\n'