From ea89feae21c5842632064be691dc063cd8cc00c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Justinas=20Stankevi=C4=8Dius?= Date: Wed, 6 Apr 2022 16:35:45 +0300 Subject: [PATCH] [v9] Release pipeline improvements (#10707) --- .drone.yml | 788 ++++++++++++++++++++++++++++++-------------- dronegen/common.go | 76 +++++ dronegen/mac.go | 2 +- dronegen/mac_pkg.go | 8 +- dronegen/tag.go | 48 ++- 5 files changed, 659 insertions(+), 263 deletions(-) diff --git a/.drone.yml b/.drone.yml index e2eaca813e5f4..bc0b2964eb8d1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1053,7 +1053,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -1091,8 +1091,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1159,20 +1164,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1195,7 +1210,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -1233,8 +1248,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1300,20 +1320,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1336,7 +1366,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -1374,8 +1404,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1439,20 +1474,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1475,7 +1520,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -1513,8 +1558,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1578,20 +1628,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1614,7 +1674,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -1651,8 +1711,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1739,20 +1804,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1780,7 +1855,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -1817,8 +1892,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -1902,20 +1982,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -1943,7 +2033,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -1980,8 +2070,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -2059,20 +2154,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -2095,7 +2200,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -2132,8 +2237,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -2208,20 +2318,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -2244,7 +2364,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -2282,8 +2402,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -2347,20 +2472,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -2383,7 +2518,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -2420,8 +2555,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -2508,20 +2648,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit RPM" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -2549,7 +2699,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -2586,8 +2736,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -2665,20 +2820,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit DEB" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -2833,20 +2998,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3022,20 +3197,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3193,20 +3378,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer (tsh client only)" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3227,7 +3422,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -3265,8 +3460,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -3330,20 +3530,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit)" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3366,7 +3576,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -3404,8 +3614,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -3469,20 +3684,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit)" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3505,7 +3730,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -3542,8 +3767,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -3621,20 +3851,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) DEB" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3657,7 +3897,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -3694,8 +3934,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -3773,20 +4018,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) DEB" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3809,7 +4064,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -3846,8 +4101,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -3934,20 +4194,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) RPM" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -3975,7 +4245,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:431 +# Generated at dronegen/tag.go:451 ################################################ kind: pipeline @@ -4012,8 +4282,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -4100,20 +4375,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) RPM" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -4141,7 +4426,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:230 +# Generated at dronegen/tag.go:240 ################################################ kind: pipeline @@ -4179,8 +4464,13 @@ steps: - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; - else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - |- + VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) + if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 + fi + echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY @@ -4247,20 +4537,30 @@ steps: - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" - for file in $(find . -type f ! -iname '*.sha256'); do + for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="Windows 64-bit (tsh client only)" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done environment: RELEASES_CERT: @@ -5088,6 +5388,6 @@ volumes: name: drone-s3-debrepo-pvc --- kind: signature -hmac: 2e815286bd2a0b94ae6ca0b02bb0e7536f890b1ea9c1ad52b092aac8071237ca +hmac: a17c7787bc30da9f10246f22b11c1a35796bc18ae8996a042efda3bfad6348fa ... diff --git a/dronegen/common.go b/dronegen/common.go index 636443fc4949d..82dad449b6ea6 100644 --- a/dronegen/common.go +++ b/dronegen/common.go @@ -19,6 +19,7 @@ import ( "fmt" "log" "os/exec" + "strings" ) var ( @@ -80,6 +81,81 @@ type buildType struct { windowsUnsigned bool } +// Description provides a human-facing description of the artifact, e.g.: +// Windows 64-bit (tsh client only) +// Linux ARMv7 (32-bit) +// MacOS Intel .pkg installer +func (b *buildType) Description(packageType string, extraQualifications ...string) string { + var result string + + var os string + var arch string + var darwinArch string + var bitness int + var qualifications []string + + switch b.os { + case "linux": + os = "Linux" + case "darwin": + os = "MacOS" + case "windows": + os = "Windows" + default: + panic(fmt.Sprintf("unhandled OS: %s", b.os)) + } + + switch b.arch { + case "arm64": + arch = "ARM64/ARMv8" + darwinArch = "Apple Silicon" + bitness = 64 + case "amd64": + darwinArch = "Intel" + bitness = 64 + + case "arm": + arch = "ARMv7" + fallthrough + case "386": + bitness = 32 + + default: + panic(fmt.Sprintf("unhandled arch: %s", b.arch)) + } + + if b.centos7 { + qualifications = append(qualifications, "RHEL/CentOS 7.x compatible") + } + if b.fips { + qualifications = append(qualifications, "FedRAMP/FIPS") + } + + qualifications = append(qualifications, extraQualifications...) + + result = os + + if b.os == "darwin" { + result += fmt.Sprintf(" %s", darwinArch) + } else { + // arch is implicit for Windows/Linux i386/amd64 + if arch == "" { + result += fmt.Sprintf(" %d-bit", bitness) + } else { + result += fmt.Sprintf(" %s (%d-bit)", arch, bitness) + } + } + + if packageType != "" { + result += fmt.Sprintf(" %s", packageType) + } + + if len(qualifications) > 0 { + result += fmt.Sprintf(" (%s)", strings.Join(qualifications, ", ")) + } + return result +} + // dockerService generates a docker:dind service // It includes the Docker socket volume by default, plus any extra volumes passed in func dockerService(v ...volumeRef) service { diff --git a/dronegen/mac.go b/dronegen/mac.go index a20a831799aa1..24328a3f853ba 100644 --- a/dronegen/mac.go +++ b/dronegen/mac.go @@ -136,7 +136,7 @@ func darwinTagPipeline() pipeline { }, { Name: "Register artifacts", - Commands: tagCreateReleaseAssetCommands(b), + Commands: tagCreateReleaseAssetCommands(b, "", nil), Failure: "ignore", Environment: map[string]value{ "WORKSPACE_DIR": {raw: p.Workspace.Path}, diff --git a/dronegen/mac_pkg.go b/dronegen/mac_pkg.go index 4cecacf430746..395ce5bc9f587 100644 --- a/dronegen/mac_pkg.go +++ b/dronegen/mac_pkg.go @@ -20,7 +20,7 @@ import ( "strings" ) -func darwinPkgPipeline(name, makeTarget string, pkgGlobs []string) pipeline { +func darwinPkgPipeline(name, makeTarget string, pkgGlobs []string, extraQualifications []string) pipeline { b := buildType{ arch: "amd64", os: "darwin", @@ -88,7 +88,7 @@ func darwinPkgPipeline(name, makeTarget string, pkgGlobs []string) pipeline { }, { Name: "Register artifacts", - Commands: tagCreateReleaseAssetCommands(b), + Commands: tagCreateReleaseAssetCommands(b, ".pkg installer", extraQualifications), Failure: "ignore", Environment: map[string]value{ "WORKSPACE_DIR": {raw: p.Workspace.Path}, @@ -103,11 +103,11 @@ func darwinPkgPipeline(name, makeTarget string, pkgGlobs []string) pipeline { } func darwinTeleportPkgPipeline() pipeline { - return darwinPkgPipeline("build-darwin-amd64-pkg", "pkg", []string{"build/teleport*.pkg", "e/build/teleport-ent*.pkg"}) + return darwinPkgPipeline("build-darwin-amd64-pkg", "pkg", []string{"build/teleport*.pkg", "e/build/teleport-ent*.pkg"}, nil) } func darwinTshPkgPipeline() pipeline { - return darwinPkgPipeline("build-darwin-amd64-pkg-tsh", "pkg-tsh", []string{"build/tsh*.pkg"}) + return darwinPkgPipeline("build-darwin-amd64-pkg-tsh", "pkg-tsh", []string{"build/tsh*.pkg"}, []string{"tsh client only"}) } func darwinTagDownloadArtifactCommands() []string { diff --git a/dronegen/tag.go b/dronegen/tag.go index 470c573133d91..a2cade6f34b5d 100644 --- a/dronegen/tag.go +++ b/dronegen/tag.go @@ -45,7 +45,12 @@ func tagCheckoutCommands(fips bool) []string { // create necessary directories `mkdir -p /go/cache /go/artifacts`, // set version - `if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt`, + `VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) +if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then + echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" + exit 1 +fi +echo "$$VERSION" > /go/.version.txt`, } return commands } @@ -227,6 +232,11 @@ func tagPipeline(b buildType) pipeline { tagEnvironment["WINDOWS_SIGNING_CERT"] = value{fromSecret: "WINDOWS_SIGNING_CERT"} } + var extraQualifications []string + if b.os == "windows" { + extraQualifications = []string{"tsh client only"} + } + p := newKubePipeline(pipelineName) p.Environment = map[string]value{ "BUILDBOX_VERSION": buildboxVersion, @@ -269,8 +279,8 @@ func tagPipeline(b buildType) pipeline { { Name: "Register artifacts", Image: "docker", + Commands: tagCreateReleaseAssetCommands(b, "", extraQualifications), Failure: "ignore", - Commands: tagCreateReleaseAssetCommands(b), Environment: map[string]value{ "RELEASES_CERT": value{fromSecret: "RELEASES_CERT_STAGING"}, "RELEASES_KEY": value{fromSecret: "RELEASES_KEY_STAGING"}, @@ -322,7 +332,7 @@ func tagCopyPackageArtifactCommands(b buildType, packageType string) []string { } // createReleaseAssetCommands generates a set of commands to create release & asset in release management service -func tagCreateReleaseAssetCommands(b buildType) []string { +func tagCreateReleaseAssetCommands(b buildType, packageType string, extraQualifications []string) []string { commands := []string{ `WORKSPACE_DIR=$${WORKSPACE_DIR:-/}`, `VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")`, @@ -333,22 +343,32 @@ func tagCreateReleaseAssetCommands(b buildType) []string { `CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"`, `which curl || apk add --no-cache curl`, fmt.Sprintf(`cd "$WORKSPACE_DIR/go/artifacts" -for file in $(find . -type f ! -iname '*.sha256'); do +for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue - product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 + name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z + if [ "$name" = "tsh" ]; then + products="teleport teleport-ent"; + else + products="$name" fi - curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="%s" -F arch="%s" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets"; + shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" + + curl $CREDENTIALS --fail -o /dev/null -F description="%[1]s" -F os="%[2]s" -F arch="%[3]s" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets"; + + for product in $products; do + status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") + if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then + echo "curl HTTP status: $status_code" + cat $WORKSPACE_DIR/curl_out.txt + exit 1 + fi + curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)" + done done`, - b.os, b.arch /* TODO: fips */), + b.Description(packageType, extraQualifications...), b.os, b.arch), } return commands } @@ -478,7 +498,7 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { { Name: "Register artifacts", Image: "docker", - Commands: tagCreateReleaseAssetCommands(b), + Commands: tagCreateReleaseAssetCommands(b, strings.ToUpper(packageType), nil), Failure: "ignore", Environment: map[string]value{ "RELEASES_CERT": value{fromSecret: "RELEASES_CERT_STAGING"},