+set_variables_packagecloud(){
+ echo "INFO: Setting packagecloud variables"
+ if [[ -z ${VERSION:-} ]]; then
+ VERSION=$(yq -r ".version" "$release_file")
+ fi
+ if [[ -z ${GIT_TAG:-} ]]; then
+ if grep -q "git_tag" $release_file ; then
+ GIT_TAG=$(yq -r ".git_tag" "$release_file")
+ else
+ GIT_TAG="$VERSION"
+ fi
+ fi
+ if [[ -z ${LOG_DIR:-} ]]; then
+ LOG_DIR=$(yq -r ".log_dir" "$release_file")
+ fi
+ if [[ -z ${REF:-} ]]; then
+ REF=$(yq -r ".ref" "$release_file")
+ fi
+ if [[ -z ${PACKAGE_NAME:-} ]]; then
+ PACKAGE_NAME=$(yq -r ".package_name" "$release_file")
+ fi
+
+ printf "\t%-30s %s\n" PACKAGE_NAME: "$PACKAGE_NAME"
+ printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
+ printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
+ printf "\t%-30s %s\n" GIT_REF_TO_TAG: "$REF"
+ printf "\t%-30s %s\n" VERSION: "$VERSION"
+ printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
+}
+
+set_variables_pypi(){
+ echo "INFO: Setting pypi variables"
+ if [[ -z ${LOG_DIR:-} ]]; then
+ LOG_DIR=$(yq -r ".log_dir" "$release_file")
+ fi
+
+ if [[ -z ${PYPI_PROJECT:-} ]]; then
+ PYPI_PROJECT=$(yq -r ".pypi_project" "$release_file")
+ fi
+ if [[ -z ${PYTHON_VERSION:-} ]]; then
+ PYTHON_VERSION=$(yq -r ".python_version" "$release_file")
+ fi
+ if [[ -z ${VERSION:-} ]]; then
+ VERSION=$(yq -r ".version" "$release_file")
+ fi
+ if [[ -z ${GIT_TAG:-} ]]; then
+ if grep -q "git_tag" "$release_file" ; then
+ GIT_TAG=$(yq -r ".git_tag" "$release_file")
+ else
+ GIT_TAG="$VERSION"
+ fi
+ fi
+
+ # Continuing displaying Release Information (pypi)
+ printf "\t%-30s\n" RELEASE_PYPI_INFO:
+ printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
+ printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
+ printf "\t%-30s %s\n" PYPI_INDEX: "$PYPI_INDEX" # from job configuration
+ printf "\t%-30s %s\n" PYPI_PROJECT: "$PYPI_PROJECT"
+ printf "\t%-30s %s\n" PYTHON_VERSION: "$PYTHON_VERSION"
+ printf "\t%-30s %s\n" VERSION: "$VERSION"
+ printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
+}
+
+##########################
+# Verify Schema Functions.
+##########################
+
+verify_packagecloud_match_release(){
+ echo "INFO: Fetching console log from $logs_url"
+ wget -q -P /tmp "${logs_url}/"console.log.gz
+ echo "INFO: Searching for uploaded step, package name $PACKAGE_NAME and version $VERSION in job log"
+ if zgrep -E "Pushing.*$PACKAGE_NAME.*$VERSION.*success\!" /tmp/console.log.gz; then
+ echo "INFO: found expected strings in job log"
+ else
+ echo "ERROR: failed to find expected strings in job log"
+ exit 1
+ fi
+}
+
+verify_pypi_match_release(){
+ echo "INFO: Fetching console log from $logs_url"
+ wget -q -P /tmp "${logs_url}/"console.log.gz
+ echo "INFO: Searching for uploaded step, project $PYPI_PROJECT and version $VERSION in job log"
+ # pypi-upload.sh generates success message with file list
+ if zgrep -i "uploaded" /tmp/console.log.gz | grep "$PYPI_PROJECT" | grep "$VERSION" ; then
+ echo "INFO: found expected strings in job log"
+ else
+ echo "ERROR: failed to find expected strings in job log"
+ exit 1
+ fi
+}
+
+verify_schema(){
+ echo "INFO: Verifying $release_file against schema $release_schema"
+ lftools schema verify "$release_file" "$release_schema"
+}
+
+verify_version(){
+ # Override the regex for projects that do not follow https://semver.org
+ OVERRIDE_SEMVER_REGEX="${OVERRIDE_SEMVER_REGEX:-None}"
+ if [[ $OVERRIDE_SEMVER_REGEX == "None" ]]; then
+ # Use the semver regex taken from https://github.com/fsaintjacques/semver-tool
+ pat1="(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)"
+ pat2="(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)"
+ pat3="(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)"
+ semver_regex="^[vV]?${pat1}(\-${pat2}(\.${pat2})*)?${pat3}?$"
+ else
+ semver_regex="${OVERRIDE_SEMVER_REGEX}"
+ fi
+
+ # Verify SemVer "#.#.#" (SemVer) or "v#.#.#"
+ echo "INFO: Verifying version $VERSION"
+ if [[ $VERSION =~ $semver_regex ]]; then
+ echo "INFO: The version $VERSION is valid"
+ else
+ echo "ERROR: The version $VERSION is not valid"
+ echo "ERROR: Valid versions are \"#.#.#\" (SemVer) or \"v#.#.#\""
+ echo "ERROR: Valid version will be matched against \"${semver_regex}\""
+ echo "ERROR: Refer to https://semver.org/ for more details on SemVer"
+ echo "ERROR: Refer SemVer examples from https://github.com/fsaintjacques/semver-tool/#examples"
+ exit 1
+ fi
+}
+
+verify_version_match_release(){
+ echo "INFO: Fetching console log from $logs_url"
+ wget -P /tmp "${logs_url}/"console.log.gz
+ echo "INFO: Searching for uploaded step and version $VERSION in job log"
+ if zgrep "Successfully uploaded" /tmp/console.log.gz | grep "$VERSION"; then
+ echo "INFO: found expected strings in job log"
+ else
+ echo "ERROR: Defined version in release file does not match staging repo artifacts version to be released"
+ echo "ERROR: Please make sure maven stage job log dir and release version are both correct"
+ exit 1
+ fi
+}
+
+
+#####################
+# Tag Repo Functions.
+#####################
+
+# sigul is only available on Centos
+# TODO: write tag-github-repo function
+tag-git-repo(){
+ if [[ $TAG_RELEASE == false ]]; then
+ echo "INFO: Skipping code repo tag"
+ return
+ fi
+
+ if [[ -z ${GERRIT_URL:-} ]]; then
+ GIT_REPO_BASE=github
+ else
+ GIT_REPO_BASE=gerrit
+ fi
+
+ echo "INFO: tag repo with $GIT_TAG"
+ # Import public signing key
+ gpg --import "$SIGNING_PUBKEY"
+ if type=$(git cat-file -t "$GIT_TAG"); then
+ if [[ $type == "tag" ]]; then
+ echo "INFO: Repo already has signed tag $GIT_TAG, nothing to do"
+ else
+ echo "ERROR: Repo has lightweight tag $GIT_TAG, blocks push of signed tag"
+ exit 1
+ fi
+ else
+ echo "INFO: Repo has not yet been tagged $GIT_TAG"
+ git tag -am "${PROJECT//\//-} $GIT_TAG" "$GIT_TAG"
+ sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$GIT_TAG" < "$SIGUL_PASSWORD"
+ echo "INFO: Showing latest signature for $PROJECT:"
+ echo "INFO: git tag -v $GIT_TAG"
+ git tag -v "$GIT_TAG"
+
+ ########## Merge Part ##############
+ if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
+ echo "INFO: Running merge, pushing tag"
+ if [[ $GIT_REPO_BASE == "gerrit" ]]; then
+ gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}')
+ git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/"$PROJECT"
+ echo -e "Host $gerrit_ssh\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
+ chmod 600 ~/.ssh/config
+ else
+ git remote set-url origin "$GIT_CLONE_URL""$RELEASE_USERNAME"/"$PROJECT".git
+ fi
+ git config user.name "$RELEASE_USERNAME"
+ git config user.email "$RELEASE_EMAIL"
+ echo "INFO: push tag: $GIT_TAG"
+ git push origin "$GIT_TAG"
+ # Check if sentinal file exists
+ if [[ -f .testhash ]]; then
+ echo "INFO: push code bundle"
+ git push origin "HEAD:${GERRIT_REFSPEC}"
+ fi
+ fi
+ fi
+}
+
+###############################
+# Release Processing Functions.
+###############################
+
+artifact_release_file(){
+ echo "INFO: Processing artifact release"
+ mkdir artifacts
+ ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}')
+
+ for namequoted in $(yq '.artifacts[].name' $release_file); do
+ pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" $release_file)
+
+ #Remove extra yaml quotes
+ name="${namequoted#\"}"
+ name="${name%\"}"
+ path="${pathquoted#\"}"
+ path="${path%\"}"
+
+ echo "$name"
+ echo "$path"
+ echo "INFO: Merge will post artifact: $name"
+ # Attempt to pull from releases to see if the artifact has been released.
+ if "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"$name"; then
+ echo "INFO: $name is already released as version:$VERSION, Continuing..."
+ else
+ echo "INFO: $name not found in releases, release will be prepared. Continuing..."
+ wget "${path}"/"${name}" -o artifacts/"${name}"
+ if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
+ #lftools sign sigul artifacts
+ # shellcheck disable=SC2261
+ curl -v -u <NEXUSUSER>:<NEXUSPASS> --upload-file \
+ "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \;
+ fi
+ echo "#########################"
+ fi
+ done
+}
+
+container_release_file(){
+ echo "INFO: Processing container release"
+ docker --version
+ local lfn_umbrella
+ lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
+
+ for namequoted in $(yq '.containers[].name' $release_file); do
+ versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" $release_file)
+
+ #Remove extra yaml quotes
+ name="${namequoted#\"}"
+ name="${name%\"}"
+ version="${versionquoted#\"}"
+ version="${version%\"}"
+
+ echo "$name"
+ echo "$version"
+ echo "INFO: Merge will release $name $version as $VERSION"
+ # Attempt to pull from releases registry to see if the image has been released.
+ if docker pull "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"; then
+ echo "INFO: $VERSION is already released for image $name, Continuing..."
+ else
+ echo "INFO: $VERSION not found in releases, release will be prepared. Continuing..."
+ docker pull "$CONTAINER_PULL_REGISTRY"/"$lfn_umbrella"/"$name":"$version"
+ container_image_id=$(docker images | grep "$name" | grep "$version" | awk '{print $3}')
+ echo "INFO: Merge will run the following commands:"
+ echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
+ echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
+ if [[ "$JOB_NAME" =~ "merge" ]]; then
+ curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
+ sudo mv cosign-linux-amd64 /usr/local/bin/cosign
+ sudo chmod +x /usr/local/bin/cosign
+ export COSIGN_PASSWORD
+ docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
+ docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
+ image_sha=$(docker images --no-trunc --quiet \
+ "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION")
+ image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha"
+ cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest"
+ fi
+ echo "#########################"
+ fi
+ done
+
+ echo "INFO: Merge will tag ref: $ref"
+ git checkout "$ref"
+ tag-git-repo
+}
+
+maven_release_file(){
+ echo "INFO: Processing maven release"
+ echo "INFO: wget -P $PATCH_DIR ${logs_url}/staging-repo.txt.gz"
+ wget -P "$PATCH_DIR" "${logs_url}/"staging-repo.txt.gz