From: Jessica Wagantall Date: Tue, 15 Oct 2019 23:31:04 +0000 (-0700) Subject: Verify maven release versions X-Git-Tag: v0.46.0~3^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F02%2F62002%2F2;p=releng%2Fglobal-jjb.git Verify maven release versions Add a verification step to maven self releases to make sure the version being defined in the releases file matches the actual version produced by the maven-stage job that created the release candidate. This is to prevent releases being pushed in Nexus with a version different from what the developer intended in the releases file. Issue: RELENG-2356 Change-Id: I0555ee782f608e04d10dda5112c283783bfc2a91 Signed-off-by: Jessica Wagantall --- diff --git a/releasenotes/notes/releases-verify-version-match-b36e6c7d6fb7333e.yaml b/releasenotes/notes/releases-verify-version-match-b36e6c7d6fb7333e.yaml new file mode 100644 index 00000000..63015a92 --- /dev/null +++ b/releasenotes/notes/releases-verify-version-match-b36e6c7d6fb7333e.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Add a verification step to maven releases to make sure the version being + defined in the releases file matches the actual version produced by the + maven-stage job that created the release candidate. This is to prevent + releases being pushed in Nexus with a version different from what the + developer intended in the releases file. diff --git a/shell/release-job.sh b/shell/release-job.sh index b764ac19..7080a4e6 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -125,6 +125,18 @@ verify_version(){ fi } +verify_version_match_release(){ + wget -P /tmp "${LOGS_URL}/"console.log.gz + echo "INFO: Comparing version $VERSION with log snippet from maven-stage:" + if zgrep "Successfully uploaded" /tmp/console.log.gz | grep "$VERSION"; then + echo "INFO: version $VERSION matches maven-stage artifacts" + else + echo "ERROR: Defined version in release file does not match staging repo artifacts version to be released" + echo " Please make sure maven-stage job selected as candidate and release version are correct" + exit 1 + fi +} + tag(){ # Import public signing key gpg --import "$SIGNING_PUBKEY" @@ -249,6 +261,7 @@ if [[ "$DISTRIBUTION_TYPE" == "maven" ]]; then fi set_variables_maven verify_version + verify_version_match_release maven_release_file elif [[ "$DISTRIBUTION_TYPE" == "container" ]]; then wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/release-container-schema.yaml