Extend tag feature of release jobs 03/62603/7
authorLott, Christopher (cl778h) <cl778h@att.com>
Wed, 11 Dec 2019 17:08:07 +0000 (12:08 -0500)
committerLott, Christopher (cl778h) <cl778h@att.com>
Thu, 12 Dec 2019 12:40:39 +0000 (07:40 -0500)
Extend release-yaml schema files to allow git_tag entry.
Extend lf-build-with-parameters-maven-release macro with GIT_TAG.
Extend release-job.sh:
  * detect and use optional git_tag string.
  * detect and reject an existing lightweight tag that blocks
    push of a gpg-signed tag.
  * change GERRIT_HOST to GERRIT_URL in method for obtaining LF
    umbrella project to allow testing in the sandbox.
  * rename function from tag to tag-gerrit-repo.
  * simplify tests for presence of Jenkins parameter values
  * show more details about steps as INFO statements
Include schema file contents into documentation; remove the copies.

Change-Id: Iee2167b059c7f0ecf86ab6eb8dead36ec96be1b5
Issue-ID: RELENG-2568, RELENG-2586
Signed-off-by: Lott, Christopher (cl778h) <cl778h@att.com>
docs/jjb/lf-release-jobs.rst
jjb/lf-macros.yaml
jjb/lf-release-jobs.yaml
releasenotes/notes/add-optional-git-tag-in-release-2e9b641b8f2c525a.yaml [new file with mode: 0644]
schema/release-container-schema.yaml
schema/release-pypi-schema.yaml
schema/release-schema.yaml
shell/release-job.sh

index 7ab1681..2413190 100644 (file)
@@ -3,29 +3,33 @@
 Self-Serve Release Jobs
 =======================
 
-Self-serve release jobs allow project committers to direct Jenkins to
-promote a jar file, container image or Python package from a staging
-area to a release area.
+Self-serve release jobs allow project committers to promote a jar
+file, container image, Python package or PackageCloud artifact from a
+staging area to a release area. A release yaml file controls the
+process, and Jenkins promotes the artifact when a project committer
+merges the release yaml file in Gerrit.
 
 To use the self-release process, create a releases/ or .releases/
 directory at the root of the project repository, add one release yaml
 file to it, and submit a change set with that release yaml file.  The
 required contents of the release yaml file are different for each type
-of release, see the schemas and examples shown below.  The version in
-the release yaml file must be a valid Semantic Versioning (SemVer)
-string, matching either the pattern "v#.#.#" or "#.#.#" where "#" is
-one or more digits.  Upon merge of the change, Jenkins will sign the
-reference extrapolated by log_dir and promote the artifact.
+of release, see the schemas and examples shown below.  The version
+string in the release yaml file should be a valid Semantic Versioning
+(SemVer) string, matching the pattern "#.#.#" where "#" is one or more
+digits. A version string matching the pattern "v#.#.#" is also
+accepted. Upon merge of the change, a Jenkins job promotes the
+artifact and pushes a gpg-signed tag to the repository.
 
 .. note::
 
    The release file regex is: (releases\/.*\.yaml|\.releases\/.*\.yaml).
    In words, the directory name can be ".releases" or "releases"; the file
-   name can be anything with suffix ".yaml".
+   name can be anything with suffix ".yaml". Some release jobs require
+   a specific prefix on the file, as described below.
 
 The build node for all release jobs must be CentOS, which supports the
-sigul client for accessing a signing server. The build node for
-container release jobs must have Docker installed.
+sigul client for accessing a signing server to sign a tag. The build
+node for container release jobs must have Docker installed.
 
 A Jenkins admin user can also trigger a release job via the "Build
 with parameters" action, removing the need to create and merge a
@@ -74,29 +78,15 @@ The following parameters must appear in a maven release yaml file.
     :project: The name of the project.
     :version: The semantic version string used for the artifact.
 
-The JSON schema for a maven release file appears below.
+:Optional Parameters:
 
-.. code-block:: none
+    :git_tag: The tag string to sign and push to the Git repository.
+       (default: the semantic version string)
 
-    ---
-    $schema: "http://json-schema.org/schema#"
-    $id: "https://github.com/lfit/releng-global-jjb/blob/master/release-schema.yaml"
-
-    required:
-      - "distribution_type"
-      - "log_dir"
-      - "project"
-      - "version"
-
-    properties:
-      distribution_type:
-        type: "string"
-      log_dir:
-        type: "string"
-      project:
-        type: "string"
-      version:
-        type: "string"
+The JSON schema for a maven release file appears below.
+
+.. literalinclude:: ../../schema/release-schema.yaml
+   :language: yaml
 
 
 Container Release Files
@@ -138,42 +128,15 @@ The following parameters must appear in a container release yaml file.
         Docker images in the container-pull registry to promote to the
         container-push registry.
 
-The JSON schema for a container release file appears below.
+:Optional Parameters:
 
-.. code-block:: none
+    :git_tag: The tag string to sign and push to the Git repository.
+       (default: the semantic version string)
 
-    ---
-    $schema: "http://json-schema.org/schema#"
-    $id: "https://github.com/lfit/releng-global-jjb/blob/master/release-container-schema.yaml"
-
-    required:
-      - "containers"
-      - "distribution_type"
-      - "project"
-      - "container_release_tag"
-      - "ref"
-
-    properties:
-      containers:
-        type: "array"
-        properties:
-          name:
-            type: "string"
-          version:
-            type: "string"
-        additionalProperties: false
-      distribution_type:
-        type: "string"
-      project:
-        type: "string"
-      container_release_tag:
-        type: "string"
-      container_pull_registry"
-        type: "string"
-      container_push_registry"
-        type: "string"
-      ref:
-        type: "string"
+The JSON schema for a container release file appears below.
+
+.. literalinclude:: ../../schema/release-container-schema.yaml
+   :language: yaml
 
 
 PyPI Release Files
@@ -212,29 +175,15 @@ packages.
     :version: The semantic version string used for the package in the
         setup.py file.
 
-The JSON schema for a PyPI release file appears below.
+:Optional Parameters:
 
-.. code-block:: none
+    :git_tag: The tag string to sign and push to the Git repository.
+       (default: the semantic version string)
 
-    ---
-    $schema: "http://json-schema.org/schema#"
-    $id: "https://github.com/lfit/releng-global-jjb/blob/master/release-pypi-schema.yaml"
-
-    required:
-      - "log_dir"
-      - "pypi_project"
-      - "python_version"
-      - "version"
-
-    properties:
-      log_dir:
-        type: "string"
-      pypi_project:
-        type: "string"
-      python_version:
-        type: "string"
-      version:
-        type: "string"
+The JSON schema for a PyPI release file appears below.
+
+.. literalinclude:: ../../schema/release-pypi-schema.yaml
+   :language: yaml
 
 
 PackageCloud Release Files
@@ -265,23 +214,12 @@ packages.
         "curl https://packagecloud.io/api/v1/repos/test_user/test_repo/search?q=
         | yq -r .[].filename"
 
+
 The JSON schema for a PackageCloud release file appears below.
 
-.. code-block:: none
+.. literalinclude:: ../../schema/release-packagecloud-schema.yaml
+   :language: yaml
 
-    ---
-    $schema: "http://json-schema.org/schema#"
-    $id: "https://github.com/lfit/releng-global-jjb/blob/master/packagecloud-release-schema"
-
-    required:
-      - "package_name"
-
-    properties:
-      package_name:
-        type: "array"
-        properties:
-          name:
-            type: "string"
 
 Jenkins Jobs
 ------------
index 529254c..6984811 100644 (file)
       - string:
           name: VERSION
           default: ""
-          description: "This is the tag, Example: 1.0.0"
+          description: "Version to release, for example: 1.0.0"
+      - string:
+          name: GIT_TAG
+          default: ""
+          description: "Tag to push to git repo; optional, defaults to VERSION"
       - string:
           name: LOG_DIR
           default: ""
-          description: "Log dir, example: project-maven-stage-master/17/"
+          description: "Log dir, for example: project-maven-stage-master/17/"
       - choice:
           name: DISTRIBUTION_TYPE
           choices:
index 4d4a9ca..6be717d 100644 (file)
           name: LOG_DIR
           default: ""
           description: "The partial path of logs from the PyPI merge job."
+      - string:
+          name: GIT_TAG
+          default: ""
+          description: "Tag to push to git repo; optional, defaults to VERSION."
       - string:
           name: PYPI_PROJECT
           default: ""
diff --git a/releasenotes/notes/add-optional-git-tag-in-release-2e9b641b8f2c525a.yaml b/releasenotes/notes/add-optional-git-tag-in-release-2e9b641b8f2c525a.yaml
new file mode 100644 (file)
index 0000000..2050fce
--- /dev/null
@@ -0,0 +1,16 @@
+---
+features:
+  - |
+    Extend tag feature of release jobs:
+    Extend release-yaml schema files to allow git_tag entry.
+    Extend lf-build-with-parameters-maven-release macro with GIT_TAG.
+    Extend release-job.sh:
+    detect and use optional git_tag string.
+    detect and reject an existing lightweight tag that blocks
+    push of a gpg-signed tag.
+    change GERRIT_HOST to GERRIT_URL in method for obtaining LF
+    umbrella project to allow testing in the sandbox.
+    rename function from tag to tag-gerrit-repo.
+    simplify tests for presence of Jenkins parameter values
+    show more details about steps as INFO statements
+    Include schema file contents into documentation; remove the copies.
index e3b7358..0b1fe0a 100644 (file)
@@ -27,15 +27,17 @@ properties:
       version:
         type: "string"
     additionalProperties: false
-  distribution_type:
-    type: "string"
-  project:
-    type: "string"
   container_release_tag:
     type: "string"
   container_pull_registry:
     type: "string"
   container_push_registry:
     type: "string"
+  distribution_type:
+    type: "string"
+  git_tag:
+    type: "string"
+  project:
+    type: "string"
   ref:
     type: "string"
index 734198c..20240ed 100644 (file)
@@ -18,6 +18,8 @@ required:
   - "version"
 
 properties:
+  git_tag:
+    type: "string"
   log_dir:
     type: "string"
   pypi_project:
index 3c0b966..1c95eb9 100644 (file)
@@ -20,6 +20,8 @@ required:
 properties:
   distribution_type:
     type: "string"
+  git_tag:
+    type: "string"
   log_dir:
     type: "string"
   project:
index f8837e8..aa347e2 100644 (file)
@@ -14,17 +14,16 @@ set -eu -o pipefail
 echo "INFO: creating virtual environment"
 virtualenv -p python3 /tmp/venv
 PATH=/tmp/venv/bin:$PATH
-pipup="python -m pip install -q --upgrade pip lftools[nexus] jsonschema niet twine yq"
+pipup="python -m pip install -q --upgrade pip lftools jsonschema niet twine yq"
 echo "INFO: $pipup"
 $pipup
 
 #Functions.
 
 set_variables_common(){
-    echo "INFO: Setting all common variables"
-    LOGS_SERVER="${LOGS_SERVER:-None}"
-    if [ "${LOGS_SERVER}" == 'None' ]; then
-        echo "ERROR: log server not found"
+    echo "INFO: Setting common variables"
+    if [[ -z ${LOGS_SERVER:-} ]]; then
+        echo "ERROR: LOGS_SERVER not defined"
         exit 1
     fi
     NEXUS_PATH="${SILO}/${JENKINS_HOSTNAME}/"
@@ -40,10 +39,11 @@ set_variables_common(){
           echo "INFO: RELEASE FILE: $release_files"
         fi
     else
-        echo "INFO: This job is built with parameters, no release file needed. Continuing..."
+        echo "INFO: This job is built with parameters, no release file needed."
         release_file="None"
     fi
 
+    # Jenkins parameter drop-down defaults DISTRIBUTION_TYPE to None
     DISTRIBUTION_TYPE="${DISTRIBUTION_TYPE:-None}"
     if [[ $DISTRIBUTION_TYPE == "None" ]]; then
         DISTRIBUTION_TYPE="$(niet ".distribution_type" "$release_file")"
@@ -64,12 +64,18 @@ set_variables_common(){
 }
 
 set_variables_maven(){
-    VERSION="${VERSION:-None}"
-    if [[ $VERSION == "None" ]]; then
+    echo "INFO: Setting maven variables"
+    if [[ -z ${VERSION:-} ]]; then
         VERSION="$(niet ".version" "$release_file")"
     fi
-    LOG_DIR="${LOG_DIR:-None}"
-    if [[ $LOG_DIR == "None" ]]; then
+    if [[ -z ${GIT_TAG:-} ]]; then
+        if grep -q "git_tag" "$release_file" ; then
+            GIT_TAG="$(niet ".git_tag" "$release_file")"
+        else
+            GIT_TAG="$VERSION"
+        fi
+    fi
+    if [[ -z ${LOG_DIR:-} ]]; then
         LOG_DIR="$(niet ".log_dir" "$release_file")"
     fi
     LOGS_URL="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
@@ -78,15 +84,23 @@ set_variables_maven(){
     # Continuing displaying Release Information (Maven)
     printf "\t%-30s\n" RELEASE_MAVEN_INFO:
     printf "\t%-30s %s\n" VERSION: $VERSION
+    printf "\t%-30s %s\n" GIT_TAG: $GIT_TAG
     printf "\t%-30s %s\n" LOG_DIR: $LOG_DIR
     printf "\t%-30s %s\n" LOGS_URL: $LOGS_URL
 }
 
 set_variables_container(){
-    VERSION="${VERSION:-None}"
-    if [[ $VERSION == "None" ]]; then
+    echo "INFO: Setting container variables"
+    if [[ -z ${VERSION:-} ]]; then
         VERSION="$(niet ".container_release_tag" "$release_file")"
     fi
+    if [[ -z ${GIT_TAG:-} ]]; then
+        if grep -q "git_tag" "$release_file" ; then
+            GIT_TAG="$(niet ".git_tag" "$release_file")"
+        else
+            GIT_TAG="$VERSION"
+        fi
+   fi
     if grep -q "container_pull_registry" "$release_file" ; then
         CONTAINER_PULL_REGISTRY="$(niet ".container_pull_registry" "$release_file")"
     fi
@@ -106,29 +120,32 @@ set_variables_container(){
     printf "\t%-30s %s\n" CONTAINER_PULL_REGISTRY: $CONTAINER_PULL_REGISTRY
     printf "\t%-30s %s\n" CONTAINER_PUSH_REGISTRY: $CONTAINER_PUSH_REGISTRY
     printf "\t%-30s %s\n" GERRIT_REF_TO_TAG: $ref
+    printf "\t%-30s %s\n" GIT_TAG: $GIT_TAG
 }
 
 set_variables_pypi(){
-    # use Jenkins parameter if set; else get value from release file
     echo "INFO: Setting pypi variables"
-    LOG_DIR="${LOG_DIR:-None}"
-    if [[ $LOG_DIR == "None" ]]; then
-        LOG_DIR="$(yq -er .log_dir "$release_file")"
+    if [[ -z ${LOG_DIR:-} ]]; then
+        LOG_DIR="$(niet ".log_dir" "$release_file")"
     fi
     LOGS_URL="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
     LOGS_URL=${LOGS_URL%/}  # strip any trailing '/'
-    PYPI_PROJECT="${PYPI_PROJECT:-None}"
-    if [[ $PYPI_PROJECT == "None" ]]; then
-        PYPI_PROJECT="$(yq -er .pypi_project "$release_file")"
+    if [[ -z ${PYPI_PROJECT:-} ]]; then
+        PYPI_PROJECT="$(niet ".pypi_project" "$release_file")"
     fi
-    PYTHON_VERSION="${PYTHON_VERSION:-None}"
-    if [[ $PYTHON_VERSION == "None" ]]; then
-        PYTHON_VERSION="$(yq -er .python_version "$release_file")"
+    if [[ -z ${PYTHON_VERSION:-} ]]; then
+        PYTHON_VERSION="$(niet ".python_version" "$release_file")"
     fi
-    VERSION="${VERSION:-None}"
-    if [[ $VERSION == "None" ]]; then
-        VERSION="$(yq -er .version "$release_file")"
+    if [[ -z ${VERSION:-} ]]; then
+        VERSION="$(niet ".version" "$release_file")"
     fi
+    if [[ -z ${GIT_TAG:-} ]]; then
+        if grep -q "git_tag" "$release_file" ; then
+            GIT_TAG="$(niet ".git_tag" "$release_file")"
+        else
+            GIT_TAG="$VERSION"
+        fi
+   fi
 
     # Continuing displaying Release Information (pypi)
     printf "\t%-30s\n" RELEASE_PYPI_INFO:
@@ -138,43 +155,46 @@ set_variables_pypi(){
     printf "\t%-30s %s\n" PYPI_PROJECT: "$PYPI_PROJECT"
     printf "\t%-30s %s\n" PYTHON_VERSION: "$PYTHON_VERSION"
     printf "\t%-30s %s\n" VERSION: "$VERSION"
+    printf "\t%-30s %s\n" GIT_TAG: $GIT_TAG
 }
 
 verify_schema(){
-    echo "INFO: Verifying $release_file schema."
+    echo "INFO: Verifying $release_file against schema $release_schema"
     lftools schema verify "$release_file" "$release_schema"
 }
 
 verify_version(){
-    # Verify allowed patterns "v#.#.#" or "#.#.#" aka SemVer
-    echo "INFO: Verifying version string $VERSION"
+    # Verify allowed patterns "#.#.#" (SemVer) or "v#.#.#"
+    echo "INFO: Verifying version $VERSION"
     allowed_version_regex="^((v?)([0-9]+)\.([0-9]+)\.([0-9]+))$"
     if [[ $VERSION =~ $allowed_version_regex ]]; then
-        echo "INFO: The version $VERSION is a valid semantic version"
+        echo "INFO: The version $VERSION is valid"
     else
-        echo "INFO: The version $VERSION is not a semantic valid version"
-        echo "INFO: Allowed versions are \"v#.#.#\" or \"#.#.#\" aka SemVer"
-        echo "INFO: See https://semver.org/ for more details on SemVer"
+        echo "ERROR: The version $VERSION is not valid"
+        echo "ERROR: Valid versions are \"#.#.#\" (SemVer) or \"v#.#.#\""
+        echo "ERROR: See https://semver.org/ for more details on SemVer"
         exit 1
     fi
 }
 
 verify_version_match_release(){
+    echo "INFO: Fetching console log from $LOGS_URL"
     wget -P /tmp "${LOGS_URL}/"console.log.gz
-    echo "INFO: Comparing version $VERSION with log snippet from maven-stage:"
+    echo "INFO: Searching for uploaded step and version $VERSION in job log"
     if zgrep "Successfully uploaded" /tmp/console.log.gz | grep "$VERSION"; then
-        echo "INFO: version $VERSION matches maven-stage artifacts"
+        echo "INFO: found expected strings in job log"
     else
         echo "ERROR: Defined version in release file does not match staging repo artifacts version to be released"
-        echo "       Please make sure maven-stage job selected as candidate and release version are correct"
+        echo "ERROR: Please make sure maven stage job log dir and release version are both correct"
         exit 1
     fi
 }
 
 # check prerequisites to detect mistakes in the release YAML file
 verify_pypi_match_release(){
+    echo "INFO: Fetching console log from $LOGS_URL"
     wget -q -P /tmp "${LOGS_URL}/"console.log.gz
-    echo "INFO: Searching for strings >$PYPI_PROJECT< and >$VERSION< in job log"
+    echo "INFO: Searching for uploaded step, project $PYPI_PROJECT and version $VERSION in job log"
     # pypi-upload.sh generates success message with file list
     if zgrep -i "uploaded" /tmp/console.log.gz | grep "$PYPI_PROJECT" | grep "$VERSION" ; then
         echo "INFO: found expected strings in job log"
@@ -185,19 +205,25 @@ verify_pypi_match_release(){
 }
 
 # sigul is only available on Centos
-# TODO: write tag_github function
-tag(){
+# TODO: write tag-github-repo function
+tag-gerrit-repo(){
+    echo "INFO: tag gerrit with $GIT_TAG"
     # Import public signing key
     gpg --import "$SIGNING_PUBKEY"
-    if git tag -v "$VERSION"; then
-        echo "OK: Repo already tagged $VERSION Continuting to release"
+    if type=$(git cat-file -t "$GIT_TAG"); then
+        if [[ $type == "tag" ]]; then
+            echo "INFO: Repo already has signed tag $GIT_TAG, nothing to do"
+        else
+            echo "ERROR: Repo has lightweight tag $GIT_TAG, blocks push of signed tag"
+            exit 1
+        fi
     else
-        echo "INFO: Repo has not yet been tagged $VERSION"
-        git tag -am "${PROJECT//\//-} $VERSION" "$VERSION"
-        sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$VERSION" < "$SIGUL_PASSWORD"
+        echo "INFO: Repo has not yet been tagged $GIT_TAG"
+        git tag -am "${PROJECT//\//-} $GIT_TAG" "$GIT_TAG"
+        sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$GIT_TAG" < "$SIGUL_PASSWORD"
         echo "INFO: Showing latest signature for $PROJECT:"
-        echo "INFO: git tag -v $VERSION"
-        git tag -v "$VERSION"
+        echo "INFO: git tag -v $GIT_TAG"
+        git tag -v "$GIT_TAG"
 
         ########## Merge Part ##############
         if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
@@ -208,12 +234,13 @@ tag(){
             git config user.email "$RELEASE_EMAIL"
             echo -e "Host $gerrit_ssh\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
             chmod 600 ~/.ssh/config
-            git push origin "$VERSION"
+            git push origin "$GIT_TAG"
         fi
     fi
 }
 
 nexus_release(){
+    echo "INFO: Processing nexus release"
     for staging_url in $(zcat "$PATCH_DIR"/staging-repo.txt.gz | awk -e '{print $2}'); do
         # extract the domain name from URL
         NEXUS_URL=$(echo "$staging_url" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
@@ -240,7 +267,7 @@ nexus_release(){
 container_release_file(){
     echo "INFO: Processing container release"
     local lfn_umbrella
-    lfn_umbrella="$(echo "$GERRIT_HOST" | awk -F"." '{print $2}')"
+    lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
 
     for namequoted in $(cat $release_file | yq '.containers[].name'); do
         versionquoted=$(cat $release_file | yq ".containers[] |select(.name==$namequoted) |.version")
@@ -256,9 +283,9 @@ container_release_file(){
         echo "INFO: Merge will release $name $version as $VERSION"
         # Attempt to pull from releases registry to see if the image has been released.
         if docker pull "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"; then
-            echo "OK: $VERSION is already released for image $name, Continuing..."
+            echo "INFO: $VERSION is already released for image $name, Continuing..."
         else
-            echo "OK: $VERSION not found in releases, release will be prepared. Continuing..."
+            echo "INFO: $VERSION not found in releases, release will be prepared. Continuing..."
             docker pull "$CONTAINER_PULL_REGISTRY"/"$lfn_umbrella"/"$name":"$version"
             container_image_id="$(docker images | grep $name | grep $version | awk '{print $3}')"
             echo "INFO: Merge will run the following commands:"
@@ -274,10 +301,11 @@ container_release_file(){
 
     echo "INFO: Merge will tag ref: $ref"
     git checkout "$ref"
-    tag
+    tag-gerrit-repo
 }
 
 maven_release_file(){
+    echo "INFO: Processing maven release"
     echo "INFO: wget -P $PATCH_DIR ${LOGS_URL}/staging-repo.txt.gz"
     wget -P "$PATCH_DIR" "${LOGS_URL}/"staging-repo.txt.gz
     pushd "$PATCH_DIR"
@@ -290,12 +318,13 @@ maven_release_file(){
     git fetch "$PATCH_DIR/${PROJECT//\//-}.bundle"
     git merge --ff-only FETCH_HEAD
     nexus_release
-    tag
+    tag-gerrit-repo
 }
 
 # calls pip to download binary and source distributions from the specified index,
 # which requires a recent-in-2019 version.  Uploads the files it received.
 pypi_release_file(){
+    echo "INFO: Processing pypi release"
     tgtdir=dist
     mkdir $tgtdir
     pip_pfx="pip download -d $tgtdir --no-deps --python-version $PYTHON_VERSION -i $PYPI_INDEX"
@@ -333,7 +362,7 @@ pypi_release_file(){
         echo "INFO: uploading $filecount distributions to repo $REPOSITORY"
         $cmd
     fi
-    tag
+    tag-gerrit-repo
 }
 
 packagecloud_verify(){