X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Frelease-job.sh;h=e01d3a93c89d73c0202cf9025c924f63a846bd72;hb=refs%2Fchanges%2F02%2F72702%2F3;hp=792cbdd3cf3b088b86b3f63dde93bac1f2e25234;hpb=cf343b44e356c5f89f673c4331249179c5bd85c9;p=releng%2Fglobal-jjb.git diff --git a/shell/release-job.sh b/shell/release-job.sh index 792cbdd3..e01d3a93 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -97,7 +97,7 @@ set_variables_common(){ TAG_RELEASE="${TAG_RELEASE:-None}" if [[ $TAG_RELEASE == "None" ]]; then - if grep -q "tag_release" $release_file ; then + if grep -q "tag_release" "$release_file"; then TAG_RELEASE=$(yq -r .tag_release "$release_file") else TAG_RELEASE=true @@ -183,7 +183,7 @@ set_variables_packagecloud(){ VERSION=$(yq -r ".version" "$release_file") fi if [[ -z ${GIT_TAG:-} ]]; then - if grep -q "git_tag" $release_file ; then + if grep -q "git_tag" "$release_file"; then GIT_TAG=$(yq -r ".git_tag" "$release_file") else GIT_TAG="$VERSION" @@ -365,11 +365,12 @@ tag-git-repo(){ fi git config user.name "$RELEASE_USERNAME" git config user.email "$RELEASE_EMAIL" + echo "INFO: push tag: $GIT_TAG" + git push origin "$GIT_TAG" # Check if sentinal file exists if [[ -f .testhash ]]; then - git push origin "${GERRIT_BRANCH}" "$GIT_TAG" - else - git push origin "$GIT_TAG" + echo "INFO: push code bundle" + git push origin "HEAD:${GERRIT_REFSPEC}" fi fi fi @@ -384,8 +385,8 @@ artifact_release_file(){ mkdir artifacts ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}') - for namequoted in $(yq '.artifacts[].name' $release_file); do - pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" $release_file) + for namequoted in $(yq '.artifacts[].name' "$release_file"); do + pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" "$release_file") #Remove extra yaml quotes name="${namequoted#\"}" @@ -419,8 +420,8 @@ container_release_file(){ local lfn_umbrella lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')" - for namequoted in $(yq '.containers[].name' $release_file); do - versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" $release_file) + for namequoted in $(yq '.containers[].name' "$release_file"); do + versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" "$release_file") #Remove extra yaml quotes name="${namequoted#\"}" @@ -442,8 +443,16 @@ container_release_file(){ echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION" if [[ "$JOB_NAME" =~ "merge" ]]; then + curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64" + sudo mv cosign-linux-amd64 /usr/local/bin/cosign + sudo chmod +x /usr/local/bin/cosign + export COSIGN_PASSWORD docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION" + image_sha=$(docker images --no-trunc --quiet \ + "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION") + image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha" + cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest" fi echo "#########################" fi @@ -481,6 +490,8 @@ maven_release_file(){ git fetch "$PATCH_DIR/${PROJECT//\//-}.bundle" git merge --ff-only FETCH_HEAD + # print last few changes to see how the bundle is applied + git log --graph --all --decorate --pretty=oneline -n10 nexus_release tag-git-repo } @@ -646,7 +657,7 @@ case $DISTRIBUTION_TYPE in fi set_variables_packagecloud verify_packagecloud_match_release - for name in $(yq -r '.packages[].name' $release_file); do + for name in $(yq -r '.packages[].name' "$release_file"); do package=$name packagecloud_verify "$package" "$packagecloud_account" if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then