merge: branch 'ih/release-freedesktop'

release.sh: release to freedesktop.org, not to GNOME https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2091
2026-05-05 02:57:58 +02:00 · 2024-12-20 15:33:58 +00:00 · 2024-12-20 15:33:58 +00:00 · a1b44d1958
commit a1b44d1958
parent 45dad85911 f05192ada8
2 changed files with 103 additions and 36 deletions
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@ -191,7 +191,9 @@ release type that you specify, like devel, rc1, rc, major, major-post, etc.
 Run the script with `--help` to see all options.

 Notes:
- You need access to master.gnome.org, see [here](https://handbook.gnome.org/infrastructure/accounts.html).
+- You need a private token from gitlab.freedesktop.org with 'api' level access
+  to the project. It can be saved to `~/.config/nm-release-token` or passed to
+  the `--gitlab-token` argument of `release.sh`.
 - The GPG key used to sign the tags must be exported to a keyserver.

 Versioning scheme, automatically handled by the script (version numbers are
@ -203,7 +205,7 @@ called MAJOR.MINOR.MICRO):
  number less, and MICRO is >= 90).

 The main differences between the different kind of releases are:
- Development releases: for depelopment and testing purposes only.
+- Development releases: for development and testing purposes only.
 - Release candidates (RC): stabilization phase before a stable release. Normally
  there are one or two RCs with ~2 weeks cadence. More RCs can be releases if
  they are needed.
--- a/contrib/fedora/rpm/release.sh
+++ b/contrib/fedora/rpm/release.sh
@ -27,7 +27,8 @@
 #   * Run in a "clean" environment, i.e. no unusual environment variables set, on a recent
 #     Fedora, with suitable dependencies installed.
 #
-#   * First, ensure that you have ssh keys for "master.gnome.org" installed (and ssh-agent running).
+#   * First, ensure that you have a valid Gitlab's private token for gitlab.freedestkop.org
+#     stored in ~/.config/nm-release-token, or pass one with --gitlab-token argument.
 #     Also, ensure you have a GPG key that you want to use for signing. Also, have gpg-agent running
 #     and possibly configure `git config --get user.signingkey` for the proper key.
 #
@ -39,9 +40,13 @@
 #
 # Run with --no-test to do the actual release.

-die() {
+fail_msg() {
    echo -n "FAIL: "
    echo_color 31 "$@"
+}
+
+die() {
+    fail_msg "$@"
    exit 1
 }

@ -63,6 +68,7 @@ print_usage() {
    echo "     [--no-check-gitlab] \\"
    echo "     [--no-check-news] \\"
    echo "     [--no-warn-publish-docs] \\"
+    echo "     [--gitlab-token <private_gitlab_token>] \\"
 }

 die_help() {
@ -235,6 +241,11 @@ while [ "$#" -ge 1 ]; do
        --help|-h)
            die_help
            ;;
+        --gitlab-token)
+            [ "$#" -ge 1 ] || die_usage "provide a value for --gitlab-token"
+            GITLAB_TOKEN="$1"
+            shift
+            ;;
        devel|rc1|rc|major|major-post|minor)
            [ -z "$RELEASE_MODE" ] || die_usage "duplicate release-mode"
            RELEASE_MODE="$A"
@ -501,27 +512,23 @@ case "$RELEASE_MODE" in
 esac

 build_tag() {
+    local BUILD_TAG="$1"
+    local TAR_FILE="NetworkManager-$2.tar.xz"
+    local SUM_FILE="$TAR_FILE.sha256sum"
+
    git checkout "$BUILD_TAG" || die "failed to checkout $BUILD_TAG"
-
    ./contrib/fedora/rpm/build_clean.sh -r || die "build release failed"
-
-    test -f "./build/meson-dist/$RELEASE_FILE" \
-    || die "release file \"./build/meson-dist/$RELEASE_FILE\" not found"
-
-    cp "./build/meson-dist/$RELEASE_FILE" /tmp/ || die "failed to copy release tarball to /tmp"
-
-    if test -f "./build/meson-dist/$RELEASE_FILE.sig" ; then
-        cp "./build/meson-dist/$RELEASE_FILE.sig" /tmp/ || die "failed to copy signature for tarball to /tmp"
-    fi
-
+    cp "./build/meson-dist/$TAR_FILE" /tmp/ || die "failed to copy $TAR_FILE to /tmp"
+    cp "./build/meson-dist/$SUM_FILE" /tmp/ || die "failed to copy $SUM_FILE to /tmp"
    git clean -fdx
 }

-RELEASE_FILES=()
+RELEASE_TAR_VERSIONS=()
+RELEASE_TAGS=()
 if [ -n "$BUILD_TAG" ]; then
-    RELEASE_FILE="NetworkManager-$TAR_VERSION.tar.xz"
-    RELEASE_FILES+=("$RELEASE_FILE")
-    build_tag
+    build_tag "$BUILD_TAG" "$TAR_VERSION"
+    RELEASE_TAR_VERSIONS+=("$TAR_VERSION")
+    RELEASE_TAGS+=("$BUILD_TAG")
 fi
 git checkout -B "$CUR_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH"

@ -531,9 +538,6 @@ if [ "$RELEASE_MODE" = rc1 ]; then
    git branch "$RELEASE_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH"
    BRANCHES+=( "$RELEASE_BRANCH" )
    CLEANUP_REFS+=( "refs/heads/$RELEASE_BRANCH" )
-fi
-
-if [ "$RELEASE_MODE" = rc1 ]; then
    git checkout "$TMP_BRANCH"
    b="${VERSION_ARR[0]}.$((${VERSION_ARR[1]} + 2)).0"
    set_version_number "${VERSION_ARR[0]}" "$((${VERSION_ARR[1]} + 2))" 0
@ -543,29 +547,86 @@ if [ "$RELEASE_MODE" = rc1 ]; then
    CLEANUP_REFS+=("refs/tags/$b-dev")
    BUILD_TAG="$b-dev"
    TAR_VERSION="$b"
-    RELEASE_FILE="NetworkManager-$TAR_VERSION.tar.xz"
-    RELEASE_FILES+=("$RELEASE_FILE")
-    build_tag
+    build_tag "$BUILD_TAG" "$TAR_VERSION"
+    RELEASE_TAR_VERSIONS+=("$TAR_VERSION")
+    RELEASE_TAGS+=("$BUILD_TAG")
    git checkout -B "$CUR_BRANCH" "$TMP_BRANCH" || die "cannot checkout $CUR_BRANCH"
 fi

-if ! [ "$DRY_RUN" = 0 ]; then
-    ssh master.gnome.org true || die "failed to \`ssh master.gnome.org\`"
+if [[ $GITLAB_TOKEN == "" ]]; then
+    [[ -r ~/.config/nm-release-token ]] || die "cannot read ~/.config/nm-release-token"
+    GITLAB_TOKEN=$(< ~/.config/nm-release-token)
 fi

-for r in "${RELEASE_FILES[@]}"; do
-    do_command rsync -va --append-verify -P "/tmp/$r" master.gnome.org: || die "failed to rsync \"/tmp/$r\""
-done
+# This step is not necessary for authentication, we use it only to provide a meaningful error message.
+curl --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
+    "https://gitlab.freedesktop.org/api/v4/personal_access_tokens/self" &>/dev/null \
+    || die "failed to authenticate at gitlab.freedesktop.org with the private token"

 do_command git push "$ORIGIN" "${BRANCHES[@]}" || die "failed to to push branches ${BRANCHES[@]} to $ORIGIN"

-FAIL=0
-for r in "${RELEASE_FILES[@]}"; do
-    do_command ssh master.gnome.org ftpadmin install --unattended "$r" || FAIL=1
+CREATE_RELEASE_FAIL=0
+for I in "${!RELEASE_TAR_VERSIONS[@]}"; do
+    TAR_FILE="NetworkManager-${RELEASE_TAR_VERSIONS[$I]}.tar.xz"
+    SUM_FILE="$TAR_FILE.sha256sum"
+    BUILD_TAG="${RELEASE_TAGS["$I"]}"
+    FAIL=0
+
+    # upload tarball and checksum file as generic packages
+    for F in "$TAR_FILE" "$SUM_FILE"; do
+        do_command curl --location --fail-with-body --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
+            --upload-file "/tmp/$F" \
+            "https://gitlab.freedesktop.org/api/v4/projects/411/packages/generic/NetworkManager/$BUILD_TAG/$F" \
+            || FAIL=1
+
+        if [[ $FAIL = 1 ]]; then
+            fail_msg "failed to upload $F"
+            CREATE_RELEASE_FAIL=1
+            break
+        fi
+    done
+
+    [[ $FAIL = 1 ]] && continue
+
+    # create release
+    do_command curl --location  --header 'Content-Type: application/json' --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
+         --request POST "https://gitlab.freedesktop.org/api/v4/projects/411/releases" \
+         --data "$(cat <<END
+            {
+                "name": "NetworkManager $BUILD_TAG",
+                "tag_name": "$BUILD_TAG", 
+                "assets": {
+                    "links": [
+                        {
+                            "name": "NetworkManager $BUILD_TAG tarball with docs",
+                            "url": "https://gitlab.freedesktop.org/api/v4/projects/411/packages/generic/NetworkManager/$BUILD_TAG/$TAR_FILE",
+                            "direct_asset_path": "/$TAR_FILE",
+                            "link_type":"package"
+                        },
+                        {
+                            "name": "NetworkManager $BUILD_TAG tarball sha256sum",
+                            "url": "https://gitlab.freedesktop.org/api/v4/projects/411/packages/generic/NetworkManager/$BUILD_TAG/$SUM_FILE",
+                            "direct_asset_path": "/$SUM_FILE",
+                            "link_type":"package"
+                        },
+                        {
+                            "name": "NEWS",
+                            "url": "https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/$BUILD_TAG/NEWS?ref_type=tags",
+                            "direct_asset_path": "/NEWS",
+                            "link_type":"other"
+                        }
+                    ]
+                }
+            }
+END
+            )" || FAIL=1
+
+    if [[ $? != 0 ]]; then
+        fail_msg "failed to create NetworkManager $BUILD_TAG release"
+        CREATE_RELEASE_FAIL=1
+        continue
+    fi
 done
-if [ "$FAIL" = 1 ]; then
-    die "ftpadmin install failed. This was the last step. Invoke the command manually"
-fi

 CLEANUP_CHECKOUT_BRANCH=
 if [ "$DRY_RUN" = 0 ]; then
@ -576,3 +637,7 @@ else
    git checkout -B "$CUR_BRANCH" "$CUR_HEAD" || die "cannot reset $CUR_BRANCH to $CUR_HEAD"
    echo "delete reference. Restore with $(echo_color 36 -n git checkout -B "\"$CUR_BRANCH\"" "$H")"
 fi
+
+if [[ $CREATE_RELEASE_FAIL == 1 ]]; then
+    die "failed creating the release at gitlab.freedesktop.org. This was the last step, create it manually from the web UI"
+fi