From fb30862d2336be03e87d20bfa7cf33f033429d99 Mon Sep 17 00:00:00 2001
From: s3krit <pugh@s3kr.it>
Date: Thu, 16 Jan 2020 19:38:10 +0100
Subject: [PATCH] Fix release drafting and pending release alerts (#770)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Fix gitlab release drafting script
Don't scan commit body for PR-like commit messages. Fix warnings from linter,
and take object URL for signing verification from /git/ref/tags rather than hard-coding
* Temporarily Disable GPG verification in pending...
...release alerts. GPG verification of objects is also done before creating the
draft release so this isn't as bad as it sounds
* Temporarily Disable GPG verification in pending...
...release alerts. GPG verification of objects is also done before creating the
draft release so this isn't as bad as it sounds
* Remove accidental GH token leakage 😅
---
.../scripts/gitlab/alert_pending_release.sh | 32 +++++++-------
.../scripts/gitlab/publish_draft_release.sh | 44 +++++++++----------
2 files changed, 38 insertions(+), 38 deletions(-)
diff --git a/polkadot/scripts/gitlab/alert_pending_release.sh b/polkadot/scripts/gitlab/alert_pending_release.sh
index 0bf682712bd..a88677fc5f0 100755
--- a/polkadot/scripts/gitlab/alert_pending_release.sh
+++ b/polkadot/scripts/gitlab/alert_pending_release.sh
@@ -7,7 +7,7 @@ structure_message() {
else
body=$(jq -Rs --arg body "$1" --arg formatted_body "$2" '{"msgtype": "m.text", $body, "format": "org.matrix.custom.html", $formatted_body}' < /dev/null)
fi
- echo $body
+ echo "$body"
}
# send_message $body (json formatted) $room_id $access_token
@@ -16,19 +16,19 @@ curl -XPOST -d "$1" "https://matrix.parity.io/_matrix/client/r0/rooms/$2/send/m.
}
# Receive keys
-trusted_keys=(
-27E36F4D3DB8D09946B14802EC077FBE1556877C # gavin@parity.io
-)
-
-for key in ${trusted_keys[@]}; do
- gpg --keyserver hkps://keys.openpgp.org --recv-keys $key
-done
-
-# If the tag's not signed by any of the above keys, exit failing
-if ! git tag -v $CI_COMMIT_TAG; then
- echo "[!] FATAL: TAG NOT VERIFIED WITH A GPG SIGNATURE, QUITTING"
- exit 1
-fi
+# trusted_keys=(
+# 27E36F4D3DB8D09946B14802EC077FBE1556877C # gavin@parity.io
+# )
+#
+# for key in "${trusted_keys[@]}"; do
+# gpg --keyserver hkps://keys.openpgp.org --recv-keys $key
+# done
+#
+# # If the tag's not signed by any of the above keys, exit failing
+# if ! git tag -v $CI_COMMIT_TAG; then
+# echo "[!] FATAL: TAG NOT VERIFIED WITH A GPG SIGNATURE, QUITTING"
+# exit 1
+# fi
echo "[+] Tag present and verified. Alerting #polkadot and release-manager"
@@ -49,7 +49,7 @@ EOF
)
echo "[+] Sending message to Polkadot room"
-send_message "$(structure_message "$msg_body" "$formatted_msg_body")" $MATRIX_ROOM_ID $MATRIX_ACCESS_TOKEN
+send_message "$(structure_message "$msg_body" "$formatted_msg_body")" "$MATRIX_ROOM_ID" "$MATRIX_ACCESS_TOKEN"
# Format and send message to release manager
msg_body=$(cat <<EOF
@@ -60,4 +60,4 @@ EOF
)
echo "[+] Sending message to release manager"
-send_message "$(structure_message "$msg_body")" $REL_MAN_ROOM_ID $MATRIX_ACCESS_TOKEN
+send_message "$(structure_message "$msg_body")" "$REL_MAN_ROOM_ID" "$MATRIX_ACCESS_TOKEN"
diff --git a/polkadot/scripts/gitlab/publish_draft_release.sh b/polkadot/scripts/gitlab/publish_draft_release.sh
index 61c4421ab47..d4615b3485b 100755
--- a/polkadot/scripts/gitlab/publish_draft_release.sh
+++ b/polkadot/scripts/gitlab/publish_draft_release.sh
@@ -3,7 +3,7 @@
# Function to take 2 git tags/commits and get any lines from commit messages
# that contain something that looks like a PR reference: e.g., (#1234)
sanitised_git_logs(){
- git --no-pager log --pretty=format:"%s%n%b" $1..$2 |
+ git --no-pager log --pretty=format:"%s" "$1..$2" |
# Only find messages referencing a PR
grep -E '\(#[0-9]+\)' |
# Strip any asterisks
@@ -14,12 +14,14 @@ sanitised_git_logs(){
check_tag () {
tagver=$1
- tag_sha=$(curl -H "Authorization: token $GITHUB_RELEASE_TOKEN" -s "$api_base/git/refs/tags/$tagver" | jq -r .object.sha)
- if [ $tag_sha == "null" ]; then
+ tag_out=$(curl -H "Authorization: token $GITHUB_RELEASE_TOKEN" -s "$api_base/git/refs/tags/$tagver")
+ tag_sha=$(echo "$tag_out" | jq -r .object.sha)
+ object_url=$(echo "$tag_out" | jq -r .object.url)
+ if [ "$tag_sha" == "null" ]; then
return 2
fi
- verified_str=$(curl -H "Authorization: token $GITHUB_RELEASE_TOKEN" -s "$api_base/git/tags/$tag_sha" | jq -r .verification.verified)
- if [ $verified_str == "true" ]; then
+ verified_str=$(curl -H "Authorization: token $GITHUB_RELEASE_TOKEN" -s "$object_url" | jq -r .verification.verified)
+ if [ "$verified_str" == "true" ]; then
# Verified, everything is good
return 0
else
@@ -35,7 +37,7 @@ structure_message() {
else
body=$(jq -Rs --arg body "$1" --arg formatted_body "$2" '{"msgtype": "m.text", $body, "format": "org.matrix.custom.html", $formatted_body}' < /dev/null)
fi
- echo $body
+ echo "$body"
}
# send_message $body (json formatted) $room_id $access_token
@@ -47,8 +49,6 @@ curl -XPOST -d "$1" "https://matrix.parity.io/_matrix/client/r0/rooms/$2/send/m.
api_base="https://api.github.com/repos/paritytech/polkadot"
substrate_repo="https://github.com/paritytech/substrate"
substrate_dir='./substrate'
-tag_pattern='^v[0-9]+\.[0-9]+\.[0-9]+$'
-cc_version='3'
# Cloning repos to ensure freshness
echo "[+] Cloning substrate to generate list of changes"
@@ -56,7 +56,7 @@ git clone $substrate_repo $substrate_dir
echo "[+] Finished cloning substrate into $substrate_dir"
version="$CI_COMMIT_TAG"
-last_version=$(git tag -l | sort -V | grep -B 1 -x $CI_COMMIT_TAG | head -n 1)
+last_version=$(git tag -l | sort -V | grep -B 1 -x "$CI_COMMIT_TAG" | head -n 1)
echo "[+] Version: $version; Previous version: $last_version"
# Check that a signed tag exists on github for this version
@@ -74,26 +74,26 @@ esac
# and find any referenced PRs since last release
spec=$(grep spec_version runtime/kusama/src/lib.rs | tail -n 1 | grep -Eo '[0-9]{4}')
echo "[+] Spec version: $spec"
-release_text="Release for CC-$cc_version. Native for runtime $spec.
+release_text="Native for runtime $spec.
-$(sanitised_git_logs $last_version $version)"
+$(sanitised_git_logs "$last_version" "$version")"
# Get substrate changes between last polkadot version and current
-cur_substrate_commit=$(grep -A 2 'name = "sc-cli"' Cargo.lock | egrep -o '[a-f0-9]{40}')
-git checkout $last_version 2> /dev/null
-old_substrate_commit=$(grep -A 2 'name = "sc-cli"' Cargo.lock | egrep -o '[a-f0-9]{40}')
+cur_substrate_commit=$(grep -A 2 'name = "sc-cli"' Cargo.lock | grep -E -o '[a-f0-9]{40}')
+git checkout "$last_version" 2> /dev/null
+old_substrate_commit=$(grep -A 2 'name = "sc-cli"' Cargo.lock | grep -E -o '[a-f0-9]{40}')
-pushd $substrate_dir
+pushd $substrate_dir || exit
git checkout polkadot-master > /dev/null
git pull > /dev/null
- substrate_changes="$(sanitised_git_logs $old_substrate_commit $cur_substrate_commit | sed 's/(#/(paritytech\/substrate#/')"
-popd
+ substrate_changes="$(sanitised_git_logs "$old_substrate_commit" "$cur_substrate_commit" | sed 's/(#/(paritytech\/substrate#/')"
+popd || exit
echo "[+] Changes generated. Removing temporary repos"
# Should be done with substrate repo now, clean it up
rm -rf $substrate_dir
-if [ -n $substrate_changes ]; then
+if [ -n "$substrate_changes" ]; then
release_text="$release_text
Substrate changes
@@ -106,7 +106,7 @@ echo "$release_text"
echo "[+] Pushing release to github"
# Create release on github
-release_name="Kusama CC-$cc_version $version"
+release_name="Kusama $version"
data=$(jq -Rs --arg version "$version" \
--arg release_name "$release_name" \
--arg release_text "$release_text" \
@@ -121,12 +121,12 @@ data=$(jq -Rs --arg version "$version" \
out=$(curl -s -X POST --data "$data" -H "Authorization: token $GITHUB_RELEASE_TOKEN" "$api_base/releases")
-html_url=$(echo $out | jq -r .html_url)
+html_url=$(echo "$out" | jq -r .html_url)
if [ "$html_url" == "null" ]
then
echo "[!] Something went wrong posting:"
- echo $out
+ echo "$out"
else
echo "[+] Release draft created: $html_url"
fi
@@ -143,6 +143,6 @@ formatted_msg_body=$(cat <<EOF
Draft release created: $html_url
EOF
)
-send_message "$(structure_message "$msg_body" "$formatted_msg_body")" $MATRIX_ROOM_ID $MATRIX_ACCESS_TOKEN
+send_message "$(structure_message "$msg_body" "$formatted_msg_body")" "$MATRIX_ROCCESS_TOKEN"
echo "[+] Done! Maybe the release worked..."
--
GitLab