shell/release-job.sh

   1 #!/bin/bash -l
   2 # SPDX-License-Identifier: EPL-1.0
   3 ##############################################################################
   4 # Copyright (c) 2019 The Linux Foundation and others.
   5 #
   6 # All rights reserved. This program and the accompanying materials
   7 # are made available under the terms of the Eclipse Public License v1.0
   8 # which accompanies this distribution, and is available at
   9 # http://www.eclipse.org/legal/epl-v10.html
  10 ##############################################################################
  11 echo "---> release-job.sh"
  12 set -eu -o pipefail
  13
  14 # shellcheck disable=SC1090
  15 source ~/lf-env.sh
  16
  17 # Version controlled by JJB_VERSION
  18 lf-activate-venv lftools pip idna==2.9 lftools jsonschema twine yq readline
  19
  20 # show installed versions
  21 python -m pip --version
  22 python -m pip freeze
  23
  24 ##########################
  25 # Set Variables Functions.
  26 ##########################
  27
  28 set_variables_artifact(){
  29     echo "INFO: Setting artifact variables"
  30     if [[ -z ${VERSION:-} ]]; then
  31         VERSION=$(yq -r ".version" "$release_file")
  32     fi
  33     if [[ -z ${GIT_TAG:-} ]]; then
  34         if grep -q "git_tag" "$release_file" ; then
  35             GIT_TAG=$(yq -r ".git_tag" "$release_file")
  36         else
  37             GIT_TAG="$VERSION"
  38         fi
  39     fi
  40     if [[ -z ${REF:-} ]]; then
  41         REF=$(yq -r ".ref" "$release_file")
  42     fi
  43
  44     printf "\t%-30s\n" RELEASE_ARTIFACT_INFO:
  45     printf "\t%-30s %s\n" GERRIT_REF_TO_TAG: "$REF"
  46     printf "\t%-30s %s\n" VERSION: "$VERSION"
  47     printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
  48 }
  49
  50 set_variables_common(){
  51     echo "INFO: Setting common variables"
  52     if [[ -z ${LOGS_SERVER:-} ]] && [[ -z ${CDN_URL:-} ]]; then
  53         echo "ERROR: LOGS_SERVER or CDN_URL not defined"
  54         exit 1
  55     fi
  56     NEXUS_PATH="${SILO}/${JENKINS_HOSTNAME}/"
  57     # Verify if using release file or parameters
  58     if $USE_RELEASE_FILE ; then
  59         release_files=$(git diff-tree -m --no-commit-id -r "$GIT_COMMIT" "$GIT_COMMIT^1" \
  60             --name-only -- "releases/" ".releases/")
  61         if (( $(grep -c . <<<"$release_files") > 1 )); then
  62             echo "INFO: RELEASE FILES ARE AS FOLLOWS: $release_files"
  63             echo "ERROR: Adding multiple release files in the same commit"
  64             echo "ERROR: OR rename/amend/delete of existing files is not supported."
  65             exit 1
  66         else
  67             release_file="$release_files"
  68             echo "INFO: RELEASE FILE: $release_files"
  69         fi
  70     else
  71         echo "INFO: This job is built with parameters, no release file needed."
  72         release_file="None"
  73     fi
  74
  75     if [[ -z ${LOG_DIR:-} ]]; then
  76         LOG_DIR=$(yq -r ".log_dir" "$release_file")
  77     fi
  78     if [[ -n ${LOGS_SERVER:-} ]]; then
  79         logs_url="${LOGS_SERVER}/${NEXUS_PATH}${LOG_DIR}"
  80     elif [[ -n ${CDN_URL:-} ]]; then
  81         logs_url="https://${CDN_URL:-}/logs/${NEXUS_PATH}${LOG_DIR}"
  82     fi
  83     logs_url=${logs_url%/}  # strip any trailing '/'
  84
  85     # Jenkins parameter drop-down defaults DISTRIBUTION_TYPE to None
  86     # in the contain/maven release job; get value from release yaml.
  87     # Packagecloud and PyPI jobs set the appropriate value.
  88     DISTRIBUTION_TYPE="${DISTRIBUTION_TYPE:-None}"
  89     if [[ $DISTRIBUTION_TYPE == "None" ]]; then
  90         if ! DISTRIBUTION_TYPE=$(yq -r ".distribution_type" "$release_file"); then
  91             echo "ERROR: Failed to get distribution_type from $release_file"
  92             exit 1
  93         fi
  94     fi
  95
  96     PATCH_DIR=$(mktemp -d)
  97
  98     TAG_RELEASE="${TAG_RELEASE:-None}"
  99     if [[ $TAG_RELEASE == "None" ]]; then
 100         if grep -q "tag_release" "$release_file"; then
 101             TAG_RELEASE=$(yq -r .tag_release "$release_file")
 102         else
 103             TAG_RELEASE=true
 104         fi
 105     fi
 106
 107     # Displaying Release Information (Common variables)
 108     printf "\t%-30s\n" RELEASE_ENVIRONMENT_INFO:
 109     printf "\t%-30s %s\n" RELEASE_FILE: "$release_file"
 110     printf "\t%-30s %s\n" LOGS_SERVER: "${LOGS_SERVER:-None}"
 111     printf "\t%-30s %s\n" CDN_URL: "${CDN_URL:-None}"
 112     printf "\t%-30s %s\n" NEXUS_PATH: "$NEXUS_PATH"
 113     printf "\t%-30s %s\n" JENKINS_HOSTNAME: "$JENKINS_HOSTNAME"
 114     printf "\t%-30s %s\n" SILO: "$SILO"
 115     printf "\t%-30s %s\n" PROJECT: "$PROJECT"
 116     printf "\t%-30s %s\n" PROJECT-DASHED: "${PROJECT//\//-}"
 117     printf "\t%-30s %s\n" TAG_RELEASE: "$TAG_RELEASE"
 118     printf "\t%-30s %s\n" DISTRIBUTION_TYPE: "$DISTRIBUTION_TYPE"
 119     printf "\t%-30s %s\n" OVERRIDE_SEMVER_REGEX: "${OVERRIDE_SEMVER_REGEX:-None}"
 120 }
 121
 122 set_variables_container(){
 123     echo "INFO: Setting container variables"
 124     if [[ -z ${VERSION:-} ]]; then
 125         VERSION=$(yq -r ".container_release_tag" "$release_file")
 126     fi
 127     if [[ -z ${GIT_TAG:-} ]]; then
 128         if grep -q "git_tag" "$release_file" ; then
 129             GIT_TAG=$(yq -r ".git_tag" "$release_file")
 130         else
 131             GIT_TAG="$VERSION"
 132         fi
 133     fi
 134     if grep -q "container_pull_registry" "$release_file" ; then
 135         CONTAINER_PULL_REGISTRY=$(yq -r ".container_pull_registry" "$release_file")
 136     fi
 137     if grep -q "container_push_registry" "$release_file" ; then
 138         CONTAINER_PUSH_REGISTRY=$(yq -r ".container_push_registry" "$release_file")
 139     fi
 140     # Make sure both pull and push registries are defined
 141     if [ -z ${CONTAINER_PULL_REGISTRY+x} ] || [ -z ${CONTAINER_PUSH_REGISTRY+x} ]; then
 142         echo "ERROR: CONTAINER_PULL_REGISTRY and CONTAINER_PUSH_REGISTRY need to be defined"
 143         exit 1
 144     fi
 145     ref=$(yq -r ".ref" "$release_file")
 146
 147     # Continuing displaying Release Information (Container)
 148     printf "\t%-30s\n" RELEASE_CONTAINER_INFO:
 149     printf "\t%-30s %s\n" CONTAINER_RELEASE_TAG: "$VERSION"
 150     printf "\t%-30s %s\n" CONTAINER_PULL_REGISTRY: "$CONTAINER_PULL_REGISTRY"
 151     printf "\t%-30s %s\n" CONTAINER_PUSH_REGISTRY: "$CONTAINER_PUSH_REGISTRY"
 152     printf "\t%-30s %s\n" GIT_REF_TO_TAG: "$ref"
 153     printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
 154 }
 155
 156 set_variables_maven(){
 157     echo "INFO: Setting maven variables"
 158     if [[ -z ${VERSION:-} ]]; then
 159         VERSION=$(yq -r ".version" "$release_file")
 160     fi
 161     if [[ -z ${GIT_TAG:-} ]]; then
 162         if grep -q "git_tag" "$release_file" ; then
 163             GIT_TAG=$(yq -r ".git_tag" "$release_file")
 164         else
 165             GIT_TAG="$VERSION"
 166         fi
 167     fi
 168     if [[ -z ${LOG_DIR:-} ]]; then
 169         LOG_DIR=$(yq -r ".log_dir" "$release_file")
 170     fi
 171
 172     # Continuing displaying Release Information (Maven)
 173     printf "\t%-30s\n" RELEASE_MAVEN_INFO:
 174     printf "\t%-30s %s\n" VERSION: "$VERSION"
 175     printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
 176     printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
 177     printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
 178 }
 179
 180 set_variables_packagecloud(){
 181     echo "INFO: Setting packagecloud variables"
 182     if [[ -z ${VERSION:-} ]]; then
 183         VERSION=$(yq -r ".version" "$release_file")
 184     fi
 185     if [[ -z ${GIT_TAG:-} ]]; then
 186         if grep -q "git_tag" "$release_file"; then
 187             GIT_TAG=$(yq -r ".git_tag" "$release_file")
 188         else
 189             GIT_TAG="$VERSION"
 190         fi
 191     fi
 192     if [[ -z ${LOG_DIR:-} ]]; then
 193         LOG_DIR=$(yq -r ".log_dir" "$release_file")
 194     fi
 195     if [[ -z ${REF:-} ]]; then
 196         REF=$(yq -r ".ref" "$release_file")
 197     fi
 198     if [[ -z ${PACKAGE_NAME:-} ]]; then
 199         PACKAGE_NAME=$(yq -r ".package_name" "$release_file")
 200     fi
 201
 202     printf "\t%-30s %s\n" PACKAGE_NAME: "$PACKAGE_NAME"
 203     printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
 204     printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
 205     printf "\t%-30s %s\n" GIT_REF_TO_TAG: "$REF"
 206     printf "\t%-30s %s\n" VERSION: "$VERSION"
 207     printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
 208 }
 209
 210 set_variables_pypi(){
 211     echo "INFO: Setting pypi variables"
 212     if [[ -z ${LOG_DIR:-} ]]; then
 213         LOG_DIR=$(yq -r ".log_dir" "$release_file")
 214     fi
 215
 216     if [[ -z ${PYPI_PROJECT:-} ]]; then
 217         PYPI_PROJECT=$(yq -r ".pypi_project" "$release_file")
 218     fi
 219     if [[ -z ${PYTHON_VERSION:-} ]]; then
 220         PYTHON_VERSION=$(yq -r ".python_version" "$release_file")
 221     fi
 222     if [[ -z ${VERSION:-} ]]; then
 223         VERSION=$(yq -r ".version" "$release_file")
 224     fi
 225     if [[ -z ${GIT_TAG:-} ]]; then
 226         if grep -q "git_tag" "$release_file" ; then
 227             GIT_TAG=$(yq -r ".git_tag" "$release_file")
 228         else
 229             GIT_TAG="$VERSION"
 230         fi
 231     fi
 232
 233     # Continuing displaying Release Information (pypi)
 234     printf "\t%-30s\n" RELEASE_PYPI_INFO:
 235     printf "\t%-30s %s\n" LOG_DIR: "$LOG_DIR"
 236     printf "\t%-30s %s\n" LOGS_URL: "$logs_url"
 237     printf "\t%-30s %s\n" PYPI_INDEX: "$PYPI_INDEX" # from job configuration
 238     printf "\t%-30s %s\n" PYPI_PROJECT: "$PYPI_PROJECT"
 239     printf "\t%-30s %s\n" PYTHON_VERSION: "$PYTHON_VERSION"
 240     printf "\t%-30s %s\n" VERSION: "$VERSION"
 241     printf "\t%-30s %s\n" GIT_TAG: "$GIT_TAG"
 242 }
 243
 244 ##########################
 245 # Verify Schema Functions.
 246 ##########################
 247
 248 verify_packagecloud_match_release(){
 249     echo "INFO: Fetching console log from $logs_url"
 250     wget -q -P /tmp "${logs_url}/"console.log.gz
 251     echo "INFO: Searching for uploaded step, package name $PACKAGE_NAME and version $VERSION in job log"
 252     if  zgrep -E "Pushing.*$PACKAGE_NAME.*$VERSION.*success\!" /tmp/console.log.gz; then
 253         echo "INFO: found expected strings in job log"
 254     else
 255         echo "ERROR: failed to find expected strings in job log"
 256         exit 1
 257     fi
 258 }
 259
 260 verify_pypi_match_release(){
 261     echo "INFO: Fetching console log from $logs_url"
 262     wget -q -P /tmp "${logs_url}/"console.log.gz
 263     echo "INFO: Searching for uploaded step, project $PYPI_PROJECT and version $VERSION in job log"
 264     # pypi-upload.sh generates success message with file list
 265     if zgrep -i "uploaded" /tmp/console.log.gz | grep "$PYPI_PROJECT" | grep "$VERSION" ; then
 266         echo "INFO: found expected strings in job log"
 267     else
 268         echo "ERROR: failed to find expected strings in job log"
 269         exit 1
 270     fi
 271 }
 272
 273 verify_schema(){
 274     echo "INFO: Verifying $release_file against schema $release_schema"
 275     lftools schema verify "$release_file" "$release_schema"
 276 }
 277
 278 verify_version(){
 279     # Override the regex for projects that do not follow https://semver.org
 280     OVERRIDE_SEMVER_REGEX="${OVERRIDE_SEMVER_REGEX:-None}"
 281     if [[ $OVERRIDE_SEMVER_REGEX == "None" ]]; then
 282         # Use the semver regex taken from https://github.com/fsaintjacques/semver-tool
 283         pat1="(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)"
 284         pat2="(0|[1-9][0-9]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)"
 285         pat3="(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)"
 286         semver_regex="^[vV]?${pat1}(\-${pat2}(\.${pat2})*)?${pat3}?$"
 287     else
 288         semver_regex="${OVERRIDE_SEMVER_REGEX}"
 289     fi
 290
 291     # Verify SemVer "#.#.#" (SemVer) or "v#.#.#"
 292     echo "INFO: Verifying version $VERSION"
 293     if [[ $VERSION =~ $semver_regex ]]; then
 294         echo "INFO: The version $VERSION is valid"
 295     else
 296         echo "ERROR: The version $VERSION is not valid"
 297         echo "ERROR: Valid versions are \"#.#.#\" (SemVer) or \"v#.#.#\""
 298         echo "ERROR: Valid version will be matched against \"${semver_regex}\""
 299         echo "ERROR: Refer to https://semver.org/ for more details on SemVer"
 300         echo "ERROR: Refer SemVer examples from https://github.com/fsaintjacques/semver-tool/#examples"
 301         exit 1
 302     fi
 303 }
 304
 305 verify_version_match_release(){
 306     echo "INFO: Fetching console log from $logs_url"
 307     wget -P /tmp "${logs_url}/"console.log.gz
 308     echo "INFO: Searching for uploaded step and version $VERSION in job log"
 309     if zgrep "Successfully uploaded" /tmp/console.log.gz | grep "$VERSION"; then
 310         echo "INFO: found expected strings in job log"
 311     else
 312         echo "ERROR: Defined version in release file does not match staging repo artifacts version to be released"
 313         echo "ERROR: Please make sure maven stage job log dir and release version are both correct"
 314         exit 1
 315     fi
 316 }
 317
 318
 319 #####################
 320 # Tag Repo Functions.
 321 #####################
 322
 323 # sigul is only available on Centos
 324 # TODO: write tag-github-repo function
 325 tag-git-repo(){
 326     if [[ $TAG_RELEASE == false ]]; then
 327         echo "INFO: Skipping code repo tag"
 328         return
 329     fi
 330
 331     if [[ -z ${GERRIT_URL:-} ]]; then
 332         GIT_REPO_BASE=github
 333     else
 334         GIT_REPO_BASE=gerrit
 335     fi
 336
 337     echo "INFO: tag repo with $GIT_TAG"
 338     # Import public signing key
 339     gpg --import "$SIGNING_PUBKEY"
 340     if type=$(git cat-file -t "$GIT_TAG"); then
 341         if [[ $type == "tag" ]]; then
 342             echo "INFO: Repo already has signed tag $GIT_TAG, nothing to do"
 343         else
 344             echo "ERROR: Repo has lightweight tag $GIT_TAG, blocks push of signed tag"
 345             exit 1
 346         fi
 347     else
 348         echo "INFO: Repo has not yet been tagged $GIT_TAG"
 349         git tag -am "${PROJECT//\//-} $GIT_TAG" "$GIT_TAG"
 350         sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$GIT_TAG" < "$SIGUL_PASSWORD"
 351         echo "INFO: Showing latest signature for $PROJECT:"
 352         echo "INFO: git tag -v $GIT_TAG"
 353         git tag -v "$GIT_TAG"
 354
 355         ########## Merge Part ##############
 356         if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
 357             echo "INFO: Running merge, pushing tag"
 358             if [[ $GIT_REPO_BASE == "gerrit" ]]; then
 359                 gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}')
 360                 git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/"$PROJECT"
 361                 echo -e "Host $gerrit_ssh\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
 362                 chmod 600 ~/.ssh/config
 363             else
 364                 git remote set-url origin "$GIT_CLONE_URL""$RELEASE_USERNAME"/"$PROJECT".git
 365             fi
 366             git config user.name "$RELEASE_USERNAME"
 367             git config user.email "$RELEASE_EMAIL"
 368             echo "INFO: push tag: $GIT_TAG"
 369             git push origin "$GIT_TAG"
 370             # Check if sentinal file exists
 371             if [[ -f .testhash ]]; then
 372                 echo "INFO: push code bundle"
 373                 git push origin "HEAD:${GERRIT_REFSPEC}"
 374             fi
 375         fi
 376     fi
 377 }
 378
 379 ###############################
 380 # Release Processing Functions.
 381 ###############################
 382
 383 artifact_release_file(){
 384     echo "INFO: Processing artifact release"
 385     mkdir artifacts
 386     ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}')
 387
 388     for namequoted in $(yq '.artifacts[].name' "$release_file"); do
 389         pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path" "$release_file")
 390
 391         #Remove extra yaml quotes
 392         name="${namequoted#\"}"
 393         name="${name%\"}"
 394         path="${pathquoted#\"}"
 395         path="${path%\"}"
 396
 397         echo "$name"
 398         echo "$path"
 399         echo "INFO: Merge will post artifact: $name"
 400         # Attempt to pull from releases to see if the artifact has been released.
 401         if "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"$name"; then
 402             echo "INFO: $name is already released as version:$VERSION, Continuing..."
 403         else
 404             echo "INFO: $name not found in releases, release will be prepared. Continuing..."
 405             wget "${path}"/"${name}" -o artifacts/"${name}"
 406             if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
 407                 #lftools sign sigul artifacts
 408                 # shellcheck disable=SC2261
 409                 curl -v -u <NEXUSUSER>:<NEXUSPASS> --upload-file \
 410                     "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \;
 411             fi
 412             echo "#########################"
 413         fi
 414     done
 415 }
 416
 417 container_release_file(){
 418     echo "INFO: Processing container release"
 419     docker --version
 420     local lfn_umbrella
 421     lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
 422
 423     for namequoted in $(yq '.containers[].name' "$release_file"); do
 424         versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version" "$release_file")
 425
 426         #Remove extra yaml quotes
 427         name="${namequoted#\"}"
 428         name="${name%\"}"
 429         version="${versionquoted#\"}"
 430         version="${version%\"}"
 431
 432         echo "$name"
 433         echo "$version"
 434         echo "INFO: Merge will release $name $version as $VERSION"
 435         # Attempt to pull from releases registry to see if the image has been released.
 436         if docker pull "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"; then
 437             echo "INFO: $VERSION is already released for image $name, Continuing..."
 438         else
 439             echo "INFO: $VERSION not found in releases, release will be prepared. Continuing..."
 440             docker pull "$CONTAINER_PULL_REGISTRY"/"$lfn_umbrella"/"$name":"$version"
 441             container_image_id=$(docker images | grep "$name" | grep "$version" | awk '{print $3}')
 442             echo "INFO: Merge will run the following commands:"
 443             echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
 444             echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
 445             if [[ "$JOB_NAME" =~ "merge" ]]; then
 446                 curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
 447                 sudo mv cosign-linux-amd64 /usr/local/bin/cosign
 448                 sudo chmod +x /usr/local/bin/cosign
 449                 export COSIGN_PASSWORD
 450                 docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
 451                 docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
 452                 image_sha=$(docker images --no-trunc --quiet \
 453                         "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION")
 454                 image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha"
 455                 cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest"
 456             fi
 457             echo "#########################"
 458         fi
 459     done
 460
 461     echo "INFO: Merge will tag ref: $ref"
 462     git checkout "$ref"
 463     tag-git-repo
 464 }
 465
 466 maven_release_file(){
 467     echo "INFO: Processing maven release"
 468     echo "INFO: wget -P $PATCH_DIR ${logs_url}/staging-repo.txt.gz"
 469     wget -P "$PATCH_DIR" "${logs_url}/"staging-repo.txt.gz
 470     pushd "$PATCH_DIR"
 471         echo "INFO: wget ${logs_url}/patches/{${PROJECT//\//-}.bundle,taglist.log.gz}"
 472         wget "${logs_url}"/patches/{"${PROJECT//\//-}".bundle,taglist.log.gz}
 473         gunzip taglist.log.gz
 474         cat "$PATCH_DIR"/taglist.log
 475     popd
 476
 477     # compare if the commit sha1 from taglist is the same origin/${GERRIT_BRANCH}
 478     # ensure that the tag lands on the target branch
 479     # forward from the tagging point, then a spur commit is created
 480     # for the tag
 481     taghash="$(awk '{print $NF}' "$PATCH_DIR/taglist.log")"
 482     # shellcheck disable=SC2046
 483     if [ "${taghash}" = $(git rev-parse "origin/${GERRIT_BRANCH}") ]; then
 484         git checkout "origin/${GERRIT_BRANCH}"
 485         # sentinal file
 486         touch .testhash
 487     else
 488         git checkout "${taghash}"
 489     fi
 490
 491     git fetch "$PATCH_DIR/${PROJECT//\//-}.bundle"
 492     git merge --ff-only FETCH_HEAD
 493     # print last few changes to see how the bundle is applied
 494     git log --graph --all --decorate --pretty=oneline -n10
 495     nexus_release
 496     tag-git-repo
 497 }
 498
 499 nexus_release(){
 500     echo "INFO: Processing nexus release"
 501     for staging_url in $(zcat "$PATCH_DIR"/staging-repo.txt.gz | awk -e '{print $2}'); do
 502         # extract the domain name from URL
 503         NEXUS_URL=$(echo "$staging_url" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
 504         echo "INFO: NEXUS_URL: $NEXUS_URL"
 505         # extract the staging repo from URL
 506         STAGING_REPO=${staging_url#*repositories/}
 507         echo "INFO: Running Nexus Verify"
 508         lftools nexus release -v --server https://"$NEXUS_URL" "$STAGING_REPO"
 509         echo "INFO: Merge will run:"
 510         echo "lftools nexus release --server https://$NEXUS_URL $STAGING_REPO"
 511     done
 512
 513     #Run the loop twice, to catch errors on either nexus repo
 514     if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
 515         for staging_url in $(zcat "$PATCH_DIR"/staging-repo.txt.gz | awk -e '{print $2}'); do
 516             NEXUS_URL=$(echo "$staging_url" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
 517             STAGING_REPO=${staging_url#*repositories/}
 518             echo "INFO: Promoting $STAGING_REPO on $NEXUS_URL."
 519             lftools nexus release --server https://"$NEXUS_URL" "$STAGING_REPO"
 520         done
 521     fi
 522 }
 523
 524 packagecloud_promote(){
 525     echo "INFO: Preparing to promote $1..."
 526     promote_url="https://packagecloud.io$(curl --netrc-file ~/packagecloud_api \
 527         --silent https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
 528         | yq -r .[].promote_url)"
 529     echo "INFO: Promoting $1 from staging to release"
 530     curl --netrc-file ~/packagecloud_api -X POST -F \
 531         destination="$2/release" "$promote_url" \
 532         | echo "INFO: Promoted package location: \
 533         https://packagecloud.io$(yq -r .package_html_url)"
 534     git checkout "$REF"
 535     tag-git-repo
 536 }
 537
 538 packagecloud_verify(){
 539     echo "INFO: Verifying $1 exists in staging..."
 540     if [[ $1 == $(curl --netrc-file ~/packagecloud_api --silent \
 541         https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
 542         | yq -r .[].filename) ]]; then
 543         echo "INFO: $1 exists in staging!"
 544         echo "INFO: Existing package location: https://packagecloud.io$(curl \
 545             --netrc-file ~/packagecloud_api --silent \
 546             https://packagecloud.io/api/v1/repos/"$2"/staging/search?q="$1" \
 547             | yq -r .[].package_html_url)"
 548     else
 549         echo "ERROR: $1 does not exist in staging"
 550         exit 1
 551     fi
 552 }
 553
 554 # calls pip to download binary and source distributions from the specified index,
 555 # which requires a recent-in-2019 version.  Uploads the files it received.
 556 pypi_release_file(){
 557     echo "INFO: Processing pypi release"
 558     tgtdir=dist
 559     mkdir $tgtdir
 560     pip_pfx="pip download -d $tgtdir --no-deps --python-version $PYTHON_VERSION -i $PYPI_INDEX"
 561     module="$PYPI_PROJECT==$VERSION"
 562     pip_bin="$pip_pfx $module"
 563     echo "INFO: downloading binary: $pip_bin"
 564     if ! $pip_bin ; then
 565         echo "WARN: failed to download binary distribution"
 566     fi
 567     pip_src="$pip_pfx --no-binary=:all: $module"
 568     echo "INFO: downloading source: $pip_src"
 569     if ! $pip_src ; then
 570         echo "WARN: failed to download source distribution"
 571     fi
 572     echo "INFO: Checking files in $tgtdir"
 573     # shellcheck disable=SC2012
 574     filecount=$(ls $tgtdir | wc -l)
 575     if [[ $filecount = 0 ]] ; then
 576         echo "ERROR: no files downloaded"
 577         exit 1
 578     else
 579         # shellcheck disable=SC2046
 580         echo "INFO: downloaded $filecount distributions: " $(ls $tgtdir)
 581     fi
 582
 583     if [[ ! "$JOB_NAME" =~ "merge" ]] ; then
 584         echo "INFO: not a merge job, not uploading files"
 585         return
 586     fi
 587
 588     cmd="twine upload -r $REPOSITORY $tgtdir/*"
 589     if $DRY_RUN; then
 590         echo "INFO: dry-run is set, echoing command only"
 591         echo "$cmd"
 592     else
 593         echo "INFO: uploading $filecount distributions to repo $REPOSITORY"
 594         $cmd
 595     fi
 596     tag-git-repo
 597 }
 598
 599 ##############################  End Function Declarations  ################################
 600
 601 # Set common environment variables
 602 set_variables_common
 603
 604 # Determine the type of release:
 605 #   - artifact, release-artifact-schema.yaml
 606 #   - container, release-container-schema.yaml
 607 #   - maven, release-schema.yaml
 608 #   - packagecloud, release-packagecloud-schema.yaml
 609 #   - pypi,  release-pypi-schema.yaml
 610
 611 case $DISTRIBUTION_TYPE in
 612
 613     artifact)
 614         if $USE_RELEASE_FILE ; then
 615             release_schema="release-artifact-schema.yaml"
 616             echo "INFO: Fetching schema $release_schema"
 617             wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
 618             verify_schema
 619         fi
 620         set_variables_artifact
 621         verify_version
 622         artifact_release_file
 623         ;;
 624
 625     container)
 626         if $USE_RELEASE_FILE ; then
 627             release_schema="release-container-schema.yaml"
 628             echo "INFO: Fetching schema $release_schema"
 629             wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
 630             verify_schema
 631         fi
 632         set_variables_container
 633         verify_version
 634         container_release_file
 635         ;;
 636
 637     maven)
 638         if $USE_RELEASE_FILE ; then
 639             release_schema="release-schema.yaml"
 640             echo "INFO: Fetching schema $release_schema"
 641             wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/$release_schema
 642             verify_schema
 643         fi
 644         set_variables_maven
 645         verify_version
 646         verify_version_match_release
 647         maven_release_file
 648         ;;
 649
 650     packagecloud)
 651         if $USE_RELEASE_FILE ; then
 652             release_schema="release-packagecloud-schema.yaml"
 653             packagecloud_account=$(cat "$ACCOUNT_NAME_FILE")
 654             echo "INFO: Fetching schema $release_schema"
 655             wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
 656             verify_schema
 657         fi
 658         set_variables_packagecloud
 659         verify_packagecloud_match_release
 660         for name in $(yq -r '.packages[].name' "$release_file"); do
 661             package=$name
 662             packagecloud_verify "$package" "$packagecloud_account"
 663             if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then
 664                 packagecloud_promote "$package" "$packagecloud_account"
 665             fi
 666         done
 667         ;;
 668
 669     pypi)
 670         if $USE_RELEASE_FILE ; then
 671             release_schema="release-pypi-schema.yaml"
 672             echo "INFO: Fetching schema $release_schema"
 673             wget -q https://raw.githubusercontent.com/lfit/releng-global-jjb/master/schema/${release_schema}
 674             verify_schema
 675         fi
 676         set_variables_pypi
 677         verify_version
 678         verify_pypi_match_release
 679         pypi_release_file
 680         ;;
 681
 682     *)
 683         echo "ERROR: distribution_type: $DISTRIBUTION_TYPE not supported"
 684         exit 1
 685         ;;
 686 esac
 687
 688 echo "---> release-job.sh ends"