X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Frelease-job.sh;h=57e40387065e520cae11f92b21e7fa817ad82e14;hb=532e97b5b965cab5ace406d8ecc845afc98920ac;hp=3a732e0be2801217d80875b0270137f5ccd34814;hpb=5beb45586451cb772982de881cd09fd97360be87;p=releng%2Fglobal-jjb.git diff --git a/shell/release-job.sh b/shell/release-job.sh index 3a732e0b..57e40387 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -280,7 +280,10 @@ verify_version(){ OVERRIDE_SEMVER_REGEX="${OVERRIDE_SEMVER_REGEX:-None}" if [[ $OVERRIDE_SEMVER_REGEX == "None" ]]; then # Use the semver regex taken from https://github.com/fsaintjacques/semver-tool - semver_regex="^[vV]?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(\-(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)(\.(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*))*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$" + pat1="(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)" + pat2="(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)" + pat3="(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)" + semver_regex="^[vV]?${pat1}(\-${pat2}(\.${pat2})*)?${pat3}?$" else semver_regex="${OVERRIDE_SEMVER_REGEX}" fi @@ -362,7 +365,13 @@ tag-git-repo(){ fi git config user.name "$RELEASE_USERNAME" git config user.email "$RELEASE_EMAIL" + echo "INFO: push tag: $GIT_TAG" git push origin "$GIT_TAG" + # Check if sentinal file exists + if [[ -f .testhash ]]; then + echo "INFO: push code bundle" + git push origin "HEAD:${GERRIT_REFSPEC}" + fi fi fi } @@ -396,7 +405,9 @@ artifact_release_file(){ wget "${path}"/"${name}" -o artifacts/"${name}" if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then #lftools sign sigul artifacts - curl -v -u : --upload-file "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \; + # shellcheck disable=SC2261 + curl -v -u : --upload-file \ + "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \; fi echo "#########################" fi @@ -432,8 +443,16 @@ container_release_file(){ echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" if [[ "$JOB_NAME" =~ "merge" ]]; then + curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64" + sudo mv cosign-linux-amd64 /usr/local/bin/cosign + sudo chmod +x /usr/local/bin/cosign + export COSIGN_PASSWORD docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" + image_sha=$(docker images --no-trunc --quiet \ + "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION") + image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha" + cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest" fi echo "#########################" fi @@ -454,9 +473,25 @@ maven_release_file(){ gunzip taglist.log.gz cat "$PATCH_DIR"/taglist.log popd - git checkout "$(awk '{print $NF}' "$PATCH_DIR/taglist.log")" + + # compare if the commit sha1 from taglist is the same origin/${GERRIT_BRANCH} + # ensure that the tag lands on the target branch + # forward from the tagging point, then a spur commit is created + # for the tag + taghash="$(awk '{print $NF}' "$PATCH_DIR/taglist.log")" + # shellcheck disable=SC2046 + if [ "${taghash}" = $(git rev-parse "origin/${GERRIT_BRANCH}") ]; then + git checkout "origin/${GERRIT_BRANCH}" + # sentinal file + touch .testhash + else + git checkout "${taghash}" + fi + git fetch "$PATCH_DIR/${PROJECT//\//-}.bundle" git merge --ff-only FETCH_HEAD + # print last few changes to see how the bundle is applied + git log --graph --all --decorate --pretty=oneline -n10 nexus_release tag-git-repo }