2 # SPDX-License-Identifier: EPL-1.0
3 ##############################################################################
4 # Copyright (c) 2019 The Linux Foundation and others.
6 # All rights reserved. This program and the accompanying materials
7 # are made available under the terms of the Eclipse Public License v1.0
8 # which accompanies this distribution, and is available at
9 # http://www.eclipse.org/legal/epl-v10.html
10 ##############################################################################
11 echo "---> release-job.sh"
14 # shellcheck disable=SC1090
17 # Version controlled by JJB_VERSION
18 lf-activate-venv lftools pip idna==2.9 lftools jsonschema twine yq readline
20 # show installed versions
21 python -m pip --version
26 set_variables_common(){
27 echo "INFO: Setting common variables"
28 if [[ -z ${LOGS_SERVER:-} ]]; then
29 echo "ERROR: LOGS_SERVER not defined"
32 NEXUS_PATH="${SILO}/${JENKINS_HOSTNAME}/"
33 # Verify if using release file or parameters
34 if $USE_RELEASE_FILE ; then
35 release_files=$(git diff-tree -m --no-commit-id -r "$GIT_COMMIT" "$GIT_COMMIT^1" \
36 --name-only -- "releases/" ".releases/")
37 if (( $(grep -c . <<<"$release_files") > 1 )); then
38 echo "INFO: RELEASE FILES ARE AS FOLLOWS: $release_files"
39 echo "ERROR: Adding multiple release files in the same commit"
40 echo "ERROR: OR rename/amend/delete of existing files is not supported."
43 release_file="$release_files"
44 echo "INFO: RELEASE FILE: $release_files"
47 echo "INFO: This job is built with parameters, no release file needed."
51 # Jenkins parameter drop-down defaults DISTRIBUTION_TYPE to None
52 # in the contain/maven release job; get value from release yaml.
53 # Packagecloud and PyPI jobs set the appropriate value.
54 DISTRIBUTION_TYPE="${DISTRIBUTION_TYPE:-None}"
55 if [[ $DISTRIBUTION_TYPE == "None" ]]; then
56 if ! DISTRIBUTION_TYPE=$(yq -r ".distribution_type" "$release_file"); then
57 echo "ERROR: Failed to get distribution_type from $release_file"
62 PATCH_DIR=$(mktemp -d)
64 TAG_RELEASE="${TAG_RELEASE:-None}"
65 if [[ $TAG_RELEASE == "None" ]]; then
66 if grep -q "tag_release" $release_file ; then
67 TAG_RELEASE=$(yq -r .tag_release "$release_file")
73 # Displaying Release Information (Common variables)
74 printf "\t%-30s\n" RELEASE_ENVIRONMENT_INFO:
75 printf "\t%-30s %s\n" RELEASE_FILE: "$release_file"
76 printf "\t%-30s %s\n" LOGS_SERVER: "$LOGS_SERVER"
77 printf "\t%-30s %s\n" NEXUS_PATH: "$NEXUS_PATH"
78 printf "\t%-30s %s\n" JENKINS_HOSTNAME: "$JENKINS_HOSTNAME"
79 printf "\t%-30s %s\n" SILO: "$SILO"
80 printf "\t%-30s %s\n" PROJECT: "$PROJECT"
81 printf "\t%-30s %s\n" PROJECT-DASHED: "${PROJECT//\//-}"
82 printf "\t%-30s %s\n" TAG_RELEASE: "$TAG_RELEASE"
83 printf "\t%-30s %s\n" DISTRIBUTION_TYPE: "$DISTRIBUTION_TYPE"
84 printf "\t%-30s %s\n" OVERRIDE_SEMVER_REGEX: "${OVERRIDE_SEMVER_REGEX:-None}"
87 set_variables_maven(){
88 echo "INFO: Setting maven variables"
89 if [[ -z ${VERSION:-} ]]; then
90 VERSION=$(yq -r ".version" "$release_file")
92 if [[ -z ${GIT_TAG:-} ]]; then
93 if grep -q "git_tag" "$release_file" ; then
94 GIT_TAG=$(yq -r ".git_tag" "$release_file")
99 if [[ -z ${LOG_DIR:-} ]]; then
100 LOG_DIR=$(yq -r ".log_dir" "$release_file")
102 LOGS_URL="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
103 LOGS_URL=${LOGS_URL%/} # strip any trailing '/'
105 # Continuing displaying Release Information (Maven)
106 printf "\t%-30s\n" RELEASE_MAVEN_INFO:
107 printf "\t%-30s %s\n" VERSION: "$VERSION"
108 printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
109 printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
110 printf "\t%-30s %s\n" LOGS_URL: "$LOGS_URL"
113 set_variables_container(){
114 echo "INFO: Setting container variables"
115 if [[ -z ${VERSION:-} ]]; then
116 VERSION=$(yq -r ".container_release_tag" "$release_file")
118 if [[ -z ${GIT_TAG:-} ]]; then
119 if grep -q "git_tag" "$release_file" ; then
120 GIT_TAG=$(yq -r ".git_tag" "$release_file")
125 if grep -q "container_pull_registry" "$release_file" ; then
126 CONTAINER_PULL_REGISTRY=$(yq -r ".container_pull_registry" "$release_file")
128 if grep -q "container_push_registry" "$release_file" ; then
129 CONTAINER_PUSH_REGISTRY=$(yq -r ".container_push_registry" "$release_file")
131 # Make sure both pull and push registries are defined
132 if [ -z ${CONTAINER_PULL_REGISTRY+x} ] || [ -z ${CONTAINER_PUSH_REGISTRY+x} ]; then
133 echo "ERROR: CONTAINER_PULL_REGISTRY and CONTAINER_PUSH_REGISTRY need to be defined"
136 ref=$(yq -r ".ref" "$release_file")
138 # Continuing displaying Release Information (Container)
139 printf "\t%-30s\n" RELEASE_CONTAINER_INFO:
140 printf "\t%-30s %s\n" CONTAINER_RELEASE_TAG: "$VERSION"
141 printf "\t%-30s %s\n" CONTAINER_PULL_REGISTRY: "$CONTAINER_PULL_REGISTRY"
142 printf "\t%-30s %s\n" CONTAINER_PUSH_REGISTRY: "$CONTAINER_PUSH_REGISTRY"
143 printf "\t%-30s %s\n" GERRIT_REF_TO_TAG: "$ref"
144 printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
147 set_variables_pypi(){
148 echo "INFO: Setting pypi variables"
149 if [[ -z ${LOG_DIR:-} ]]; then
150 LOG_DIR=$(yq -r ".log_dir" "$release_file")
152 LOGS_URL="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
153 LOGS_URL=${LOGS_URL%/} # strip any trailing '/'
154 if [[ -z ${PYPI_PROJECT:-} ]]; then
155 PYPI_PROJECT=$(yq -r ".pypi_project" "$release_file")
157 if [[ -z ${PYTHON_VERSION:-} ]]; then
158 PYTHON_VERSION=$(yq -r ".python_version" "$release_file")
160 if [[ -z ${VERSION:-} ]]; then
161 VERSION=$(yq -r ".version" "$release_file")
163 if [[ -z ${GIT_TAG:-} ]]; then
164 if grep -q "git_tag" "$release_file" ; then
165 GIT_TAG=$(yq -r ".git_tag" "$release_file")
171 # Continuing displaying Release Information (pypi)
172 printf "\t%-30s\n" RELEASE_PYPI_INFO:
173 printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
174 printf "\t%-30s %s\n" LOGS_URL: "$LOGS_URL"
175 printf "\t%-30s %s\n" PYPI_INDEX: "$PYPI_INDEX" # from job configuration
176 printf "\t%-30s %s\n" PYPI_PROJECT: "$PYPI_PROJECT"
177 printf "\t%-30s %s\n" PYTHON_VERSION: "$PYTHON_VERSION"
178 printf "\t%-30s %s\n" VERSION: "$VERSION"
179 printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
182 set_variables_packagecloud(){
183 echo "INFO: Setting packagecloud variables"
184 if [[ -z ${VERSION:-} ]]; then
185 VERSION=$(yq -r ".version" "$release_file")
187 if [[ -z ${GIT_TAG:-} ]]; then
188 if grep -q "git_tag" $release_file ; then
189 GIT_TAG=$(yq -r ".git_tag" "$release_file")
194 if [[ -z ${LOG_DIR:-} ]]; then
195 LOG_DIR=$(yq -r ".log_dir" "$release_file")
197 if [[ -z ${REF:-} ]]; then
198 REF=$(yq -r ".ref" "$release_file")
200 if [[ -z ${PACKAGE_NAME:-} ]]; then
201 PACKAGE_NAME=$(yq -r ".package_name" "$release_file")
203 logs_url="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
204 logs_url=${logs_url%/} # strip any trailing '/'
206 printf "\t%-30s %s\n" PACKAGE_NAME: "$PACKAGE_NAME"
207 printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
208 printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
209 printf "\t%-30s %s\n" GERRIT_REF_TO_TAG: "$REF"
210 printf "\t%-30s %s\n" VERSION: "$VERSION"
211 printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
215 echo "INFO: Verifying $release_file against schema $release_schema"
216 lftools schema verify "$release_file" "$release_schema"
221 # Override the regex for projects that do not follow https://semver.org
222 OVERRIDE_SEMVER_REGEX="${OVERRIDE_SEMVER_REGEX:-None}"
223 if [[ $OVERRIDE_SEMVER_REGEX == "None" ]]; then
224 # Use the semver regex taken from https://github.com/fsaintjacques/semver-tool
225 semver_regex="^[vV]?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(\-(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)(\.(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*))*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$"
227 semver_regex="${OVERRIDE_SEMVER_REGEX}"
230 # Verify SemVer "#.#.#" (SemVer) or "v#.#.#"
231 echo "INFO: Verifying version $VERSION"
232 if [[ $VERSION =~ $semver_regex ]]; then
233 echo "INFO: The version $VERSION is valid"
235 echo "ERROR: The version $VERSION is not valid"
236 echo "ERROR: Valid versions are \"#.#.#\" (SemVer) or \"v#.#.#\""
237 echo "ERROR: Valid version will be matched against \"${semver_regex}\""
238 echo "ERROR: Refer to https://semver.org/ for more details on SemVer"
239 echo "ERROR: Refer SemVer examples from https://github.com/fsaintjacques/semver-tool/#examples"
244 verify_version_match_release(){
245 echo "INFO: Fetching console log from $LOGS_URL"
246 wget -P /tmp "${LOGS_URL}/"console.log.gz
247 echo "INFO: Searching for uploaded step and version $VERSION in job log"
248 if zgrep "Successfully uploaded" /tmp/console.log.gz | grep "$VERSION"; then
249 echo "INFO: found expected strings in job log"
251 echo "ERROR: Defined version in release file does not match staging repo artifacts version to be released"
252 echo "ERROR: Please make sure maven stage job log dir and release version are both correct"
257 # check prerequisites to detect mistakes in the release YAML file
258 verify_pypi_match_release(){
259 echo "INFO: Fetching console log from $LOGS_URL"
260 wget -q -P /tmp "${LOGS_URL}/"console.log.gz
261 echo "INFO: Searching for uploaded step, project $PYPI_PROJECT and version $VERSION in job log"
262 # pypi-upload.sh generates success message with file list
263 if zgrep -i "uploaded" /tmp/console.log.gz | grep "$PYPI_PROJECT" | grep "$VERSION" ; then
264 echo "INFO: found expected strings in job log"
266 echo "ERROR: failed to find expected strings in job log"
271 verify_packagecloud_match_release(){
272 echo "INFO: Fetching console log from $logs_url"
273 wget -q -P /tmp "${logs_url}/"console.log.gz
274 echo "INFO: Searching for uploaded step, package name $PACKAGE_NAME and version $VERSION in job log"
275 if zgrep -E "Pushing.*$PACKAGE_NAME.*$VERSION.*success\!" /tmp/console.log.gz; then
276 echo "INFO: found expected strings in job log"
278 echo "ERROR: failed to find expected strings in job log"
283 # sigul is only available on Centos
284 # TODO: write tag-github-repo function
286 if [[ $TAG_RELEASE == false ]]; then
287 echo "INFO: Skipping gerrit repo tag"
291 echo "INFO: tag gerrit with $GIT_TAG"
292 # Import public signing key
293 gpg --import "$SIGNING_PUBKEY"
294 if type=$(git cat-file -t "$GIT_TAG"); then
295 if [[ $type == "tag" ]]; then
296 echo "INFO: Repo already has signed tag $GIT_TAG, nothing to do"
298 echo "ERROR: Repo has lightweight tag $GIT_TAG, blocks push of signed tag"
302 echo "INFO: Repo has not yet been tagged $GIT_TAG"
303 git tag -am "${PROJECT//\//-} $GIT_TAG" "$GIT_TAG"
304 sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$GIT_TAG" < "$SIGUL_PASSWORD"
305 echo "INFO: Showing latest signature for $PROJECT:"
306 echo "INFO: git tag -v $GIT_TAG"
307 git tag -v "$GIT_TAG"
309 ########## Merge Part ##############
310 if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
311 echo "INFO: Running merge, pushing tag"
312 gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}')
313 git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/"$PROJECT"
314 git config user.name "$RELEASE_USERNAME"
315 git config user.email "$RELEASE_EMAIL"
316 echo -e "Host $gerrit_ssh\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
317 chmod 600 ~/.ssh/config
318 git push origin "$GIT_TAG"
324 echo "INFO: Processing nexus release"
325 for staging_url in $(zcat "$PATCH_DIR"/staging-repo.txt.gz | awk -e '{print $2}'); do
326 # extract the domain name from URL
327 NEXUS_URL=$(echo "$staging_url" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
328 echo "INFO: NEXUS_URL: $NEXUS_URL"
329 # extract the staging repo from URL
330 STAGING_REPO=${staging_url#*repositories/}
331 echo "INFO: Running Nexus Verify"
332 lftools nexus release -v --server https://"$NEXUS_URL" "$STAGING_REPO"
333 echo "INFO: Merge will run:"
334 echo "lftools nexus release --server https://$NEXUS_URL $STAGING_REPO"
337 #Run the loop twice, to catch errors on either nexus repo
338 if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
339 for staging_url in $(zcat "$PATCH_DIR"/staging-repo.txt.gz | awk -e '{print $2}'); do
340 NEXUS_URL=$(echo "$staging_url" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
341 STAGING_REPO=${staging_url#*repositories/}
342 echo "INFO: Promoting $STAGING_REPO on $NEXUS_URL."
343 lftools nexus release --server https://"$NEXUS_URL" "$STAGING_REPO"
348 container_release_file(){
349 echo "INFO: Processing container release"
352 lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
354 for namequoted in $(yq '.containers[].name' $release_file); do
355 versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" $release_file)
357 #Remove extra yaml quotes
358 name="${namequoted#\"}"
360 version="${versionquoted#\"}"
361 version="${version%\"}"
365 echo "INFO: Merge will release $name $version as $VERSION"
366 # Attempt to pull from releases registry to see if the image has been released.
367 if docker pull "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"; then
368 echo "INFO: $VERSION is already released for image $name, Continuing..."
370 echo "INFO: $VERSION not found in releases, release will be prepared. Continuing..."
371 docker pull "$CONTAINER_PULL_REGISTRY"/"$lfn_umbrella"/"$name":"$version"
372 container_image_id=$(docker images | grep "$name" | grep "$version" | awk '{print $3}')
373 echo "INFO: Merge will run the following commands:"
374 echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
375 echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
376 if [[ "$JOB_NAME" =~ "merge" ]]; then
377 docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
378 docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
380 echo "#########################"
384 echo "INFO: Merge will tag ref: $ref"
389 maven_release_file(){
390 echo "INFO: Processing maven release"
391 echo "INFO: wget -P $PATCH_DIR ${LOGS_URL}/staging-repo.txt.gz"
392 wget -P "$PATCH_DIR" "${LOGS_URL}/"staging-repo.txt.gz
394 echo "INFO: wget ${LOGS_URL}/patches/{${PROJECT//\//-}.bundle,taglist.log.gz}"
395 wget "${LOGS_URL}"/patches/{"${PROJECT//\//-}".bundle,taglist.log.gz}
396 gunzip taglist.log.gz
397 cat "$PATCH_DIR"/taglist.log
399 git checkout "$(awk '{print $NF}' "$PATCH_DIR/taglist.log")"
400 git fetch "$PATCH_DIR/${PROJECT//\//-}.bundle"
401 git merge --ff-only FETCH_HEAD
406 # calls pip to download binary and source distributions from the specified index,
407 # which requires a recent-in-2019 version. Uploads the files it received.
409 echo "INFO: Processing pypi release"
412 pip_pfx="pip download -d $tgtdir --no-deps --python-version $PYTHON_VERSION -i $PYPI_INDEX"
413 module="$PYPI_PROJECT==$VERSION"
414 pip_bin="$pip_pfx $module"
415 echo "INFO: downloading binary: $pip_bin"
417 echo "WARN: failed to download binary distribution"
419 pip_src="$pip_pfx --no-binary=:all: $module"
420 echo "INFO: downloading source: $pip_src"
422 echo "WARN: failed to download source distribution"
424 echo "INFO: Checking files in $tgtdir"
425 # shellcheck disable=SC2012
426 filecount=$(ls $tgtdir | wc -l)
427 if [[ $filecount = 0 ]] ; then
428 echo "ERROR: no files downloaded"
431 # shellcheck disable=SC2046
432 echo "INFO: downloaded $filecount distributions: " $(ls $tgtdir)
435 if [[ ! "$JOB_NAME" =~ "merge" ]] ; then
436 echo "INFO: not a merge job, not uploading files"
440 cmd="twine upload -r $REPOSITORY $tgtdir/*"
442 echo "INFO: dry-run is set, echoing command only"
445 echo "INFO: uploading $filecount distributions to repo $REPOSITORY"
451 packagecloud_verify(){
452 echo "INFO: Verifying $1 exists in staging..."
453 if [[ $1 == $(curl --netrc-file ~/packagecloud_api --silent \
454 https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
455 | yq -r .[].filename) ]]; then
456 echo "INFO: $1 exists in staging!"
457 echo "INFO: Existing package location: https://packagecloud.io$(curl \
458 --netrc-file ~/packagecloud_api --silent \
459 https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
460 | yq -r .[].package_html_url)"
462 echo "ERROR: $1 does not exist in staging"
467 packagecloud_promote(){
468 echo "INFO: Preparing to promote $1..."
469 promote_url="https://packagecloud.io$(curl --netrc-file ~/packagecloud_api \
470 --silent https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
471 | yq -r .[].promote_url)"
472 echo "INFO: Promoting $1 from staging to release"
473 curl --netrc-file ~/packagecloud_api -X POST -F \
474 destination="$2/release" "$promote_url" \
475 | echo "INFO: Promoted package location: \
476 https://packagecloud.io$(yq -r .package_html_url)"
481 ############################## End Function Declarations ################################
483 # Set common environment variables
486 # Determine the type of release:
487 # - container, release-container-schema.yaml
488 # - maven, release-schema.yaml
489 # - pypi, release-pypi-schema.yaml
491 case $DISTRIBUTION_TYPE in
494 if $USE_RELEASE_FILE ; then
495 release_schema="release-schema.yaml"
496 echo "INFO: Fetching schema $release_schema"
497 wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/$release_schema
502 verify_version_match_release
507 if $USE_RELEASE_FILE ; then
508 release_schema="release-container-schema.yaml"
509 echo "INFO: Fetching schema $release_schema"
510 wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
513 set_variables_container
515 container_release_file
519 if $USE_RELEASE_FILE ; then
520 release_schema="release-pypi-schema.yaml"
521 echo "INFO: Fetching schema $release_schema"
522 wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
527 verify_pypi_match_release
532 if $USE_RELEASE_FILE ; then
533 release_schema="release-packagecloud-schema.yaml"
534 packagecloud_account=$(cat "$ACCOUNT_NAME_FILE")
535 echo "INFO: Fetching schema $release_schema"
536 wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
539 set_variables_packagecloud
540 verify_packagecloud_match_release
541 for name in $(yq -r '.packages[].name' $release_file); do
543 packagecloud_verify "$package" "$packagecloud_account"
544 if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then
545 packagecloud_promote "$package" "$packagecloud_account"
551 echo "ERROR: distribution_type: $DISTRIBUTION_TYPE not supported"
556 echo "---> release-job.sh ends"