blob: 0f421e30b1406c92dad744d74e100b9cf205f817 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#!/usr/bin/env bash
# This script downloads the build artifacts along with the signatures, verifies the signatures and
# creates a GitHub draft release. This should be run after `3-verify-build`.
set -eu
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd "$SCRIPT_DIR"
REPO_ROOT=../../../
PRODUCT_VERSION_PATH=$REPO_ROOT/dist-assets/desktop-product-version.txt
PRODUCT_VERSION=$(cat $PRODUCT_VERSION_PATH)
$REPO_ROOT/scripts/utils/gh-ready-check
REPO_URL="git@github.com:mullvad/mullvadvpn-app"
ARTIFACT_DIR=$(mktemp -d)
REPO_DIR=$(mktemp -d)
CHANGELOG_PATH="$REPO_DIR/CHANGELOG.md"
URL_BASE="https://releases.mullvad.net/desktop/releases"
function download_and_verify {
# Find GnuPG command to use. Prefer gpg2
gpg_cmd=$(command -v gpg2 || command -v gpg)
for ext in .exe _arm64.exe _x64.exe _amd64.deb _arm64.deb _x86_64.rpm _aarch64.rpm .pkg; do
pkg_filename="MullvadVPN-${PRODUCT_VERSION}${ext}"
pkg_path="$ARTIFACT_DIR/$pkg_filename"
url="$URL_BASE/$PRODUCT_VERSION/$pkg_filename"
echo ">>> Downloading $pkg_filename - $url"
curl -o "$pkg_path" --progress-bar --fail "$url"
curl -o "$pkg_path.asc" --progress-bar --fail "$url.asc"
echo ""
echo ">>> Verifying integrity of $pkg_filename"
if ! $gpg_cmd --verify "$pkg_path.asc" "$pkg_path"; then
echo ""
echo "!!! INTEGRITY CHECKING FAILED !!!"
rm "$pkg_path" "$pkg_path.asc"
exit 1
fi
echo ""
echo "GOOD SIGNATURE IN $pkg_filename"
echo ""
done
}
function publish_release {
echo ">>> Cloning repository to extract changelog"
git clone --depth 1 --branch "$PRODUCT_VERSION" $REPO_URL "$REPO_DIR" 2> /dev/null > /dev/null
(cd "$REPO_DIR" && git verify-tag "$PRODUCT_VERSION")
echo ""
changelog_end_version_pattern="20[0-9]\{2\}\.[0-9]\{1,2\}"
if [[ $PRODUCT_VERSION == *-beta* ]]; then
changelog_end_version_pattern=".*"
fi
changelog_extract=$(sed -n "/^## \[$PRODUCT_VERSION\]/,/^## \[$changelog_end_version_pattern\]/p" "$CHANGELOG_PATH")
changelog=$(echo "$changelog_extract" | sed '$d' | \
awk 'NF { last = last ? last ORS $0 : $0 } END { print last }')
release_flags=( --draft --verify-tag --notes-file - --title "$PRODUCT_VERSION" )
previous_release=$(echo "$changelog_extract" | tail -1 | grep -oP '## \[\K[^\]]+')
body="This release is for desktop only."
if [[ $PRODUCT_VERSION == *-beta* ]]; then
body+="\n\nHere is a list of all changes since last release [$previous_release](https://github.com/mullvad/mullvadvpn-app/releases/tag/$previous_release):"
release_flags+=(--prerelease)
else
body+="\n\nHere is a list of all changes since last stable release [$previous_release](https://github.com/mullvad/mullvadvpn-app/releases/tag/$previous_release):"
release_flags+=(--latest)
fi
version_count=$(echo "$changelog" | grep -c "^## ")
if [ "$version_count" -eq 1 ]; then
changelog=$(echo "$changelog" | tail -n +2)
fi
body+="\n$changelog"
echo ">>> Creating GitHub release"
# shellcheck disable=SC2059
# shellcheck disable=SC2046
printf "$body" | gh release create "${release_flags[@]}" "$PRODUCT_VERSION" $(printf "%s " "$ARTIFACT_DIR"/*)
}
download_and_verify
publish_release
|
