archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

tools: filter release keys to reduce interactivity

Browse source 
PR-URL: https://github.com/nodejs/node/pull/55950
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
This commit is contained in:
Antoine du Hamel 2024-11-27 20:16:10 +00:00 committed by GitHub
parent 585f7bc952
commit 5ae07d0717
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 26 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

34
tools/release.sh
View file

@ -15,15 +15,25 @@ webuser=dist
promotablecmd=dist-promotable promotablecmd=dist-promotable
promotecmd=dist-promote promotecmd=dist-promote
signcmd=dist-sign signcmd=dist-sign
allPGPKeys=""
customsshkey="" # let ssh and scp use default key customsshkey="" # let ssh and scp use default key
readmePath="README.md"
signversion="" signversion=""
cloudflare_bucket="r2:dist-prod" cloudflare_bucket="r2:dist-prod"
while getopts ":i:s:" option; do while getopts ":i:r:s:a" option; do
case "${option}" in case "${option}" in
a)
# With -a, local keys are not filtered based on the one listed in the README
# useful if you want to sign with a subkey.
allPGPKeys="true"
;;
i) i)
customsshkey="-i ${OPTARG}" customsshkey="-i ${OPTARG}"
;; ;;
r)
readmePath="${OPTARG}"
;;
s) s)
signversion="${OPTARG}" signversion="${OPTARG}"
;; ;;
@ -44,7 +54,16 @@ shift $((OPTIND-1))
echo "# Selecting GPG key ..." echo "# Selecting GPG key ..."
gpgkey=$(gpg --list-secret-keys --keyid-format SHORT | awk -F'( +|/)' '/^(sec|ssb)/{print $3}')
if [ -z "$allPGPKeys" ]; then
gpgkey="$(awk '{
if ($1 == "gpg" && $2 == "--keyserver" && $4 == "--recv-keys" && (1 == 2'"$(
gpg --list-secret-keys | awk -F' = ' '/^ +Key fingerprint/{ gsub(/ /,"",$2); print " || $5 == \"" $2 "\"" }' || true
)"')) { print substr($5, 33) }
}' "$readmePath")"
else
gpgkey=$(gpg --list-secret-keys --keyid-format SHORT | awk -F'( +|/)' '/^(sec|ssb)/{print $3}')
fi
keycount=$(echo "$gpgkey" | wc -w) keycount=$(echo "$gpgkey" | wc -w)
if [ "$keycount" -eq 0 ]; then if [ "$keycount" -eq 0 ]; then
@ -68,13 +87,12 @@ elif [ "$keycount" -ne 1 ]; then
gpgkey=$(echo "$gpgkey" | sed -n "${keynum}p") gpgkey=$(echo "$gpgkey" | sed -n "${keynum}p")
fi fi
gpgfing=$(gpg --keyid-format 0xLONG --fingerprint "$gpgkey" | grep 'Key fingerprint =' | awk -F' = ' '{print $2}' | tr -d ' ') gpgfing=$(gpg --keyid-format 0xLONG --fingerprint "$gpgkey" | awk -F' = ' '/^ +Key fingerprint/{gsub(/ /,"",$2);print $2}')
grep -q "$gpgfing" README.md || (\
echo 'Error: this GPG key fingerprint is not listed in ./README.md' && \
exit 1 \
)
grep -q "$gpgfing" "$readmePath" || {
echo "Error: this GPG key fingerprint is not listed in $readmePath"
exit 1
}
echo "Using GPG key: $gpgkey" echo "Using GPG key: $gpgkey"
echo " Fingerprint: $gpgfing" echo " Fingerprint: $gpgfing"