mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #15916 from mikedougherty/release-flexibility
Improve flexibility of release scripts
This commit is contained in:
Jess Frazelle
commit
80e31df3b6
4 changed files with 39 additions and 28 deletions
|
|
@ -15,6 +15,7 @@ set -e
|
|||
# ... and so on and so forth for the builds created by hack/make/build-deb
|
||||
|
||||
: ${DOCKER_RELEASE_DIR:=$DEST}
|
||||
: ${GPG_KEYID:=releasedocker}
|
||||
APTDIR=$DOCKER_RELEASE_DIR/apt/repo
|
||||
|
||||
# setup the apt repo (if it does not exist)
|
||||
|
|
@ -111,7 +112,7 @@ for dir in contrib/builder/deb/*/; do
|
|||
# dpkg-sign before copying the deb into the pool
|
||||
if [ ! -z "$GPG_PASSPHRASE" ]; then
|
||||
dpkg-sig -g "--passphrase $GPG_PASSPHRASE" \
|
||||
-k releasedocker --sign builder "${DEBFILE[@]}"
|
||||
-k "$GPG_KEYID" --sign builder "${DEBFILE[@]}"
|
||||
fi
|
||||
|
||||
# add the deb for each component for the distro version into the pool
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ set -e
|
|||
|
||||
: ${DOCKER_RELEASE_DIR:=$DEST}
|
||||
YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
|
||||
: ${GPG_KEYID:=releasedocker}
|
||||
|
||||
# manage the repos for each distribution separately
|
||||
distros=( fedora centos opensuse oraclelinux )
|
||||
|
|
@ -53,15 +54,15 @@ for distro in "${distros[@]}"; do
|
|||
# sign the rpms before adding to repo
|
||||
if [ ! -z $GPG_PASSPHRASE ]; then
|
||||
# export our key to rpm import
|
||||
gpg --armor --export releasedocker > /tmp/gpg
|
||||
gpg --armor --export "$GPG_KEYID" > /tmp/gpg
|
||||
rpm --import /tmp/gpg
|
||||
|
||||
# sign the rpms
|
||||
echo "yes" | setsid rpm \
|
||||
--define '_gpg_name releasedocker' \
|
||||
--define '_signature gpg' \
|
||||
--define '__gpg_check_password_cmd /bin/true' \
|
||||
--define '__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}' \
|
||||
--define "_gpg_name $GPG_KEYID" \
|
||||
--define "_signature gpg" \
|
||||
--define "__gpg_check_password_cmd /bin/true" \
|
||||
--define "__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u '%{_gpg_name}' --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
|
||||
--resign "${RPMFILE[@]}"
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
# with a designated GPG key.
|
||||
|
||||
: ${DOCKER_RELEASE_DIR:=$DEST}
|
||||
: ${GPG_KEYID:=releasedocker}
|
||||
APTDIR=$DOCKER_RELEASE_DIR/apt/repo
|
||||
YUMDIR=$DOCKER_RELEASE_DIR/yum/repo
|
||||
|
||||
|
|
@ -21,12 +22,12 @@ sign_packages(){
|
|||
# sign apt repo metadata
|
||||
if [ -d $APTDIR ]; then
|
||||
# create file with public key
|
||||
gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg"
|
||||
gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg"
|
||||
|
||||
# sign the repo metadata
|
||||
for F in $(find $APTDIR -name Release); do
|
||||
if test "$F" -nt "$F.gpg" ; then
|
||||
gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
|
||||
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
|
||||
--armor --sign --detach-sign \
|
||||
--batch --yes \
|
||||
--output "$F.gpg" "$F"
|
||||
|
|
@ -37,12 +38,12 @@ sign_packages(){
|
|||
# sign yum repo metadata
|
||||
if [ -d $YUMDIR ]; then
|
||||
# create file with public key
|
||||
gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg"
|
||||
gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg"
|
||||
|
||||
# sign the repo metadata
|
||||
for F in $(find $YUMDIR -name repomd.xml); do
|
||||
if test "$F" -nt "$F.asc" ; then
|
||||
gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
|
||||
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
|
||||
--armor --sign --detach-sign \
|
||||
--batch --yes \
|
||||
--output "$F.asc" "$F"
|
||||
|
|
|
|||
|
|
@ -18,12 +18,13 @@ usage() {
|
|||
To run, I need:
|
||||
- to be in a container generated by the Dockerfile at the top of the Docker
|
||||
repository;
|
||||
- to be provided with the name of an S3 bucket, in environment variable
|
||||
AWS_S3_BUCKET;
|
||||
- to be provided with the location of an S3 bucket and path, in
|
||||
environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
|
||||
- to be provided with AWS credentials for this S3 bucket, in environment
|
||||
variables AWS_ACCESS_KEY and AWS_SECRET_KEY;
|
||||
- the passphrase to unlock the GPG key which will sign the deb packages
|
||||
(passed as environment variable GPG_PASSPHRASE);
|
||||
- the passphrase to unlock the GPG key specified by the optional environment
|
||||
variable GPG_KEYID (default: releasedocker) which will sign the deb
|
||||
packages (passed as environment variable GPG_PASSPHRASE);
|
||||
- a generous amount of good will and nice manners.
|
||||
The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"
|
||||
|
||||
|
|
@ -62,6 +63,8 @@ fi
|
|||
|
||||
VERSION=$(< VERSION)
|
||||
BUCKET=$AWS_S3_BUCKET
|
||||
BUCKET_PATH=$BUCKET
|
||||
[[ -n "$AWS_S3_BUCKET_PATH" ]] && BUCKET_PATH+=/$AWS_S3_BUCKET_PATH
|
||||
|
||||
if command -v git &> /dev/null && git rev-parse &> /dev/null; then
|
||||
if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
|
||||
|
|
@ -101,10 +104,15 @@ write_to_s3() {
|
|||
s3_url() {
|
||||
case "$BUCKET" in
|
||||
get.docker.com|test.docker.com|experimental.docker.com)
|
||||
echo "https://$BUCKET"
|
||||
echo "https://$BUCKET_PATH"
|
||||
;;
|
||||
*)
|
||||
s3cmd ws-info s3://$BUCKET | awk -v 'FS=: +' '/http:\/\/'$BUCKET'/ { gsub(/\/+$/, "", $2); print $2 }'
|
||||
BASE_URL=$( s3cmd ws-info s3://$BUCKET | awk -v 'FS=: +' '/http:\/\/'$BUCKET'/ { gsub(/\/+$/, "", $2); print $2 }' )
|
||||
if [[ -n "$AWS_S3_BUCKET_PATH" ]] ; then
|
||||
echo "$BASE_URL/$AWS_S3_BUCKET_PATH"
|
||||
else
|
||||
echo "$BASE_URL"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
|
@ -231,7 +239,7 @@ release_build() {
|
|||
;;
|
||||
esac
|
||||
|
||||
s3Dir=s3://$BUCKET/builds/$s3Os/$s3Arch
|
||||
s3Dir="s3://$BUCKET_PATH/builds/$s3Os/$s3Arch"
|
||||
latest=
|
||||
latestTgz=
|
||||
if [ "$latestBase" ]; then
|
||||
|
|
@ -265,7 +273,7 @@ release_ubuntu() {
|
|||
local debfiles=( "bundles/$VERSION/ubuntu/"*.deb )
|
||||
|
||||
# Sign our packages
|
||||
dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker --sign builder "${debfiles[@]}"
|
||||
dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k "$GPG_KEYID" --sign builder "${debfiles[@]}"
|
||||
|
||||
# Setup the APT repo
|
||||
APTDIR=bundles/$VERSION/ubuntu/apt
|
||||
|
|
@ -282,14 +290,14 @@ EOF
|
|||
|
||||
# Sign
|
||||
for F in $(find $APTDIR -name Release); do
|
||||
gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \
|
||||
gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
|
||||
--armor --sign --detach-sign \
|
||||
--output "$F.gpg" "$F"
|
||||
done
|
||||
|
||||
# Upload keys
|
||||
s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"
|
||||
gpg --armor --export releasedocker > "bundles/$VERSION/ubuntu/gpg"
|
||||
gpg --armor --export "$GPG_KEYID" > "bundles/$VERSION/ubuntu/gpg"
|
||||
s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"
|
||||
|
||||
local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9
|
||||
|
|
@ -330,7 +338,7 @@ release_binaries() {
|
|||
|
||||
# TODO create redirect from builds/*/i686 to builds/*/i386
|
||||
|
||||
cat <<EOF | write_to_s3 s3://$BUCKET/builds/index
|
||||
cat <<EOF | write_to_s3 s3://$BUCKET_PATH/builds/index
|
||||
# To install, run the following command as root:
|
||||
curl -sSL -O $(s3_url)/builds/Linux/x86_64/docker-$VERSION && chmod +x docker-$VERSION && sudo mv docker-$VERSION /usr/local/bin/docker
|
||||
# Then start docker in daemon mode:
|
||||
|
|
@ -339,24 +347,24 @@ EOF
|
|||
|
||||
# Add redirect at /builds/info for URL-backwards-compatibility
|
||||
rm -rf /tmp/emptyfile && touch /tmp/emptyfile
|
||||
s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/builds/info"
|
||||
s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET_PATH/builds/info"
|
||||
|
||||
if [ -z "$NOLATEST" ]; then
|
||||
echo "Advertising $VERSION on $BUCKET as most recent version"
|
||||
echo "$VERSION" | write_to_s3 "s3://$BUCKET/latest"
|
||||
echo "Advertising $VERSION on $BUCKET_PATH as most recent version"
|
||||
echo "$VERSION" | write_to_s3 "s3://$BUCKET_PATH/latest"
|
||||
fi
|
||||
}
|
||||
|
||||
# Upload the index script
|
||||
release_index() {
|
||||
echo "Releasing index"
|
||||
sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET/index"
|
||||
sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET_PATH/index"
|
||||
}
|
||||
|
||||
release_test() {
|
||||
echo "Releasing tests"
|
||||
if [ -e "bundles/$VERSION/test" ]; then
|
||||
s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET/test/"
|
||||
s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET_PATH/test/"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -365,14 +373,14 @@ setup_gpg() {
|
|||
# Make sure that we have our keys
|
||||
mkdir -p "$HOME/.gnupg/"
|
||||
s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true
|
||||
gpg --list-keys releasedocker >/dev/null || {
|
||||
gpg --list-keys "$GPG_KEYID" >/dev/null || {
|
||||
gpg --gen-key --batch <<EOF
|
||||
Key-Type: RSA
|
||||
Key-Length: 4096
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
Name-Real: Docker Release Tool
|
||||
Name-Email: docker@docker.com
|
||||
Name-Comment: releasedocker
|
||||
Name-Comment: $GPG_KEYID
|
||||
Expire-Date: 0
|
||||
%commit
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Reference in a new issue