From f05192ada84b87d0a4af1fff4632addf4bf84bd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= Date: Fri, 20 Dec 2024 15:27:25 +0100 Subject: [PATCH] release.sh: release to freedesktop.org, not to GNOME GNOME has changed the process to publish releases to download.gnome.org. Now, it is required to do it from the CI of projects hosted in GNOME's repositories. As we don't have the project hosted there, we have 2 options: - Create a mirror and set up the CI so we continue using download.gnome.org. - Stop publishing the tarballs there and do it in gitlab.freedesktop.org from now on. After a brief discussion we have decided that the second makes more sense, so adapt release.sh to do that. https://discourse.gnome.org/t/gnome-release-service-ftpadmin-replacement-coming-11th-december/25487 https://handbook.gnome.org/maintainers/making-a-release.html --- MAINTAINERS.md | 6 +- contrib/fedora/rpm/release.sh | 133 +++++++++++++++++++++++++--------- 2 files changed, 103 insertions(+), 36 deletions(-) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 9e472ec14..9be6901e9 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -191,7 +191,9 @@ release type that you specify, like devel, rc1, rc, major, major-post, etc. Run the script with `--help` to see all options. Notes: -- You need access to master.gnome.org, see [here](https://handbook.gnome.org/infrastructure/accounts.html). +- You need a private token from gitlab.freedesktop.org with 'api' level access + to the project. It can be saved to `~/.config/nm-release-token` or passed to + the `--gitlab-token` argument of `release.sh`. - The GPG key used to sign the tags must be exported to a keyserver. Versioning scheme, automatically handled by the script (version numbers are @@ -203,7 +205,7 @@ called MAJOR.MINOR.MICRO): number less, and MICRO is >= 90). The main differences between the different kind of releases are: -- Development releases: for depelopment and testing purposes only. +- Development releases: for development and testing purposes only. - Release candidates (RC): stabilization phase before a stable release. Normally there are one or two RCs with ~2 weeks cadence. More RCs can be releases if they are needed. diff --git a/contrib/fedora/rpm/release.sh b/contrib/fedora/rpm/release.sh index a9e452a6a..7deb3bc16 100755 --- a/contrib/fedora/rpm/release.sh +++ b/contrib/fedora/rpm/release.sh @@ -27,7 +27,8 @@ # * Run in a "clean" environment, i.e. no unusual environment variables set, on a recent # Fedora, with suitable dependencies installed. # -# * First, ensure that you have ssh keys for "master.gnome.org" installed (and ssh-agent running). +# * First, ensure that you have a valid Gitlab's private token for gitlab.freedestkop.org +# stored in ~/.config/nm-release-token, or pass one with --gitlab-token argument. # Also, ensure you have a GPG key that you want to use for signing. Also, have gpg-agent running # and possibly configure `git config --get user.signingkey` for the proper key. # @@ -39,9 +40,13 @@ # # Run with --no-test to do the actual release. -die() { +fail_msg() { echo -n "FAIL: " echo_color 31 "$@" +} + +die() { + fail_msg "$@" exit 1 } @@ -63,6 +68,7 @@ print_usage() { echo " [--no-check-gitlab] \\" echo " [--no-check-news] \\" echo " [--no-warn-publish-docs] \\" + echo " [--gitlab-token ] \\" } die_help() { @@ -235,6 +241,11 @@ while [ "$#" -ge 1 ]; do --help|-h) die_help ;; + --gitlab-token) + [ "$#" -ge 1 ] || die_usage "provide a value for --gitlab-token" + GITLAB_TOKEN="$1" + shift + ;; devel|rc1|rc|major|major-post|minor) [ -z "$RELEASE_MODE" ] || die_usage "duplicate release-mode" RELEASE_MODE="$A" @@ -501,27 +512,23 @@ case "$RELEASE_MODE" in esac build_tag() { + local BUILD_TAG="$1" + local TAR_FILE="NetworkManager-$2.tar.xz" + local SUM_FILE="$TAR_FILE.sha256sum" + git checkout "$BUILD_TAG" || die "failed to checkout $BUILD_TAG" - ./contrib/fedora/rpm/build_clean.sh -r || die "build release failed" - - test -f "./build/meson-dist/$RELEASE_FILE" \ - || die "release file \"./build/meson-dist/$RELEASE_FILE\" not found" - - cp "./build/meson-dist/$RELEASE_FILE" /tmp/ || die "failed to copy release tarball to /tmp" - - if test -f "./build/meson-dist/$RELEASE_FILE.sig" ; then - cp "./build/meson-dist/$RELEASE_FILE.sig" /tmp/ || die "failed to copy signature for tarball to /tmp" - fi - + cp "./build/meson-dist/$TAR_FILE" /tmp/ || die "failed to copy $TAR_FILE to /tmp" + cp "./build/meson-dist/$SUM_FILE" /tmp/ || die "failed to copy $SUM_FILE to /tmp" git clean -fdx } -RELEASE_FILES=() +RELEASE_TAR_VERSIONS=() +RELEASE_TAGS=() if [ -n "$BUILD_TAG" ]; then - RELEASE_FILE="NetworkManager-$TAR_VERSION.tar.xz" - RELEASE_FILES+=("$RELEASE_FILE") - build_tag + build_tag "$BUILD_TAG" "$TAR_VERSION" + RELEASE_TAR_VERSIONS+=("$TAR_VERSION") + RELEASE_TAGS+=("$BUILD_TAG") fi git checkout -B "$CUR_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH" @@ -531,9 +538,6 @@ if [ "$RELEASE_MODE" = rc1 ]; then git branch "$RELEASE_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH" BRANCHES+=( "$RELEASE_BRANCH" ) CLEANUP_REFS+=( "refs/heads/$RELEASE_BRANCH" ) -fi - -if [ "$RELEASE_MODE" = rc1 ]; then git checkout "$TMP_BRANCH" b="${VERSION_ARR[0]}.$((${VERSION_ARR[1]} + 2)).0" set_version_number "${VERSION_ARR[0]}" "$((${VERSION_ARR[1]} + 2))" 0 @@ -543,29 +547,86 @@ if [ "$RELEASE_MODE" = rc1 ]; then CLEANUP_REFS+=("refs/tags/$b-dev") BUILD_TAG="$b-dev" TAR_VERSION="$b" - RELEASE_FILE="NetworkManager-$TAR_VERSION.tar.xz" - RELEASE_FILES+=("$RELEASE_FILE") - build_tag + build_tag "$BUILD_TAG" "$TAR_VERSION" + RELEASE_TAR_VERSIONS+=("$TAR_VERSION") + RELEASE_TAGS+=("$BUILD_TAG") git checkout -B "$CUR_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH" fi -if ! [ "$DRY_RUN" = 0 ]; then - ssh master.gnome.org true || die "failed to \`ssh master.gnome.org\`" +if [[ $GITLAB_TOKEN == "" ]]; then + [[ -r ~/.config/nm-release-token ]] || die "cannot read ~/.config/nm-release-token" + GITLAB_TOKEN=$(< ~/.config/nm-release-token) fi -for r in "${RELEASE_FILES[@]}"; do - do_command rsync -va --append-verify -P "/tmp/$r" master.gnome.org: || die "failed to rsync \"/tmp/$r\"" -done +# This step is not necessary for authentication, we use it only to provide a meaningful error message. +curl --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \ + "https://gitlab.freedesktop.org/api/v4/personal_access_tokens/self" &>/dev/null \ + || die "failed to authenticate at gitlab.freedesktop.org with the private token" do_command git push "$ORIGIN" "${BRANCHES[@]}" || die "failed to to push branches ${BRANCHES[@]} to $ORIGIN" -FAIL=0 -for r in "${RELEASE_FILES[@]}"; do - do_command ssh master.gnome.org ftpadmin install --unattended "$r" || FAIL=1 +CREATE_RELEASE_FAIL=0 +for I in "${!RELEASE_TAR_VERSIONS[@]}"; do + TAR_FILE="NetworkManager-${RELEASE_TAR_VERSIONS[$I]}.tar.xz" + SUM_FILE="$TAR_FILE.sha256sum" + BUILD_TAG="${RELEASE_TAGS["$I"]}" + FAIL=0 + + # upload tarball and checksum file as generic packages + for F in "$TAR_FILE" "$SUM_FILE"; do + do_command curl --location --fail-with-body --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \ + --upload-file "/tmp/$F" \ + "https://gitlab.freedesktop.org/api/v4/projects/411/packages/generic/NetworkManager/$BUILD_TAG/$F" \ + || FAIL=1 + + if [[ $FAIL = 1 ]]; then + fail_msg "failed to upload $F" + CREATE_RELEASE_FAIL=1 + break + fi + done + + [[ $FAIL = 1 ]] && continue + + # create release + do_command curl --location --header 'Content-Type: application/json' --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \ + --request POST "https://gitlab.freedesktop.org/api/v4/projects/411/releases" \ + --data "$(cat <