blob: bef6a09e41a10d07eed7f7f58842fd0721e691e2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/usr/bin/env bash
# This script downloads the build artifacts along with the signatures, verifies the signatures and
# publishes new version metadata to Mullvads API (including latest.json).
# * This should be run after `4-make-release`.
# * You need to put the private ed25519 signing key in the clipboard before running this script.
set -eu
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd "$SCRIPT_DIR"
REPO_ROOT=../../../
PRODUCT_VERSION_PATH=$REPO_ROOT/dist-assets/desktop-product-version.txt
PRODUCT_VERSION=$(cat $PRODUCT_VERSION_PATH)
$REPO_ROOT/scripts/utils/commit-verification
"$SCRIPT_DIR/verify-version-is-release"
if [ $# -ne 2 ]; then
echo "Please provide the following arguments:"
echo " $(basename "$0") \\"
echo " <build server SSH destination> \\"
echo " <metadata server SSH destination>"
echo ""
echo "Note that the metadata server SSH destination is part of the rsync command executed on the build server and will be checked against the SSH config of build@\$buildserver_host."
exit 1
fi
# The hostname (can be the alias in your ~/.ssh/config) of the build server
BUILDSERVER_HOST=$1
# The server to upload the metadata to *from* the build server (argument above)
METADATA_SERVER_HOST=$2
# shellcheck source=desktop/scripts/release/release-config.sh
source "$SCRIPT_DIR/release-config.sh"
source $REPO_ROOT/scripts/utils/log
function publish_metadata {
local platforms
platforms=(windows macos linux)
local signed_dir="$DATA_DIR/signed/"
local work_dir="$DATA_DIR/work/"
local published_dir="$DATA_DIR/currently_published/"
local upload_dir="$DATA_DIR/upload/"
local latest_filename="latest.json"
local mullvad_release="cargo run -q --package mullvad-release --"
rm -rf "$signed_dir"
rm -rf "$work_dir"
rm -rf "$published_dir"
rm -rf "$upload_dir"
mkdir -p "$DATA_DIR"
log_header "Fetching current version metadata"
$mullvad_release pull --assume-yes --latest-file "${platforms[@]}"
log_header "Backing up released data"
cp -r "$signed_dir" "$published_dir"
cp "$DATA_DIR/$latest_filename" "$published_dir"
log_header "Replacing $work_dir directory with latest published data"
cp -rf "$signed_dir" "$work_dir"
log_header "Adding new release $PRODUCT_VERSION (rollout = 1)"
$mullvad_release add-release "$PRODUCT_VERSION" --rollout 1 "${platforms[@]}"
log "\nScript paused allow manual edits to the metadata before signing and publishing."
log "Before continuing, make sure your release metadata signing key in the clipboard."
log "Press enter to continue..."
read -rs
log_header "Signing $PRODUCT_VERSION metadata. Reading signing key from clipboard"
xclip -sensitive | $mullvad_release sign "${platforms[@]}"
log_header "Verifying signed metadata"
$mullvad_release verify "${platforms[@]}"
log_header "Creating upload dir"
cp -rf "$signed_dir" "$upload_dir"
log_header "Generating $latest_filename for current version metadata"
$mullvad_release query-latest "${platforms[@]}" > "$upload_dir/$latest_filename"
log_header "New metadata including $PRODUCT_VERSION"
git --no-pager diff --no-index -- "$published_dir" "$upload_dir" || true
read -rp "Press enter to upload if the diffs look good "
./publish-metadata-to-api "$upload_dir" "$BUILDSERVER_HOST" "$METADATA_SERVER_HOST"
}
function remove_release_artifacts {
log_header "Cleaning up $ARTIFACT_DIR"
rm -r "$ARTIFACT_DIR"
}
./download-release-artifacts "$PRODUCT_VERSION" "$ARTIFACT_DIR"
publish_metadata
remove_release_artifacts
|
