From 79d07943b03aea2b76c12644b4b54733bc5958d6 Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Wed, 20 Feb 2019 10:30:31 -0800 Subject: [PATCH] add `make sign` and `make fetch-dist` (#5329) Signed-off-by: Matthew Fisher (cherry picked from commit ead111dd4f699b3cb0a56f1e6d4585e3363f925b) --- Makefile | 15 +++++++++++++++ docs/release_checklist.md | 21 +++++++++++++-------- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 20ce7e5a4..7248bbed2 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,7 @@ DEV_IMAGE ?= golang:1.11 SHORT_NAME ?= tiller SHORT_NAME_RUDDER ?= rudder TARGETS ?= darwin/amd64 linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64le linux/s390x windows/amd64 +TARGET_OBJS ?= darwin-amd64.tar.gz darwin-amd64.tar.gz.sha256 linux-amd64.tar.gz linux-amd64.tar.gz.sha256 linux-386.tar.gz linux-386.tar.gz.sha256 linux-arm.tar.gz linux-arm.tar.gz.sha256 linux-arm64.tar.gz linux-arm64.tar.gz.sha256 linux-ppc64le.tar.gz linux-ppc64le.tar.gz.sha256 linux-s390x.tar.gz linux-s390x.tar.gz.sha256 windows-amd64.zip windows-amd64.zip.sha256 DIST_DIRS = find * -type d -exec # go option @@ -44,6 +45,20 @@ dist: $(DIST_DIRS) zip -r helm-${VERSION}-{}.zip {} \; \ ) +.PHONY: fetch-dist +fetch-dist: + mkdir -p _dist + cd _dist && \ + for obj in ${TARGET_OBJS} ; do \ + curl -sSL -o helm-${VERSION}-$${obj} https://storage.googleapis.com/kubernetes-helm/helm-${VERSION}-$${obj} ; \ + done + +.PHONY: sign +sign: + for f in _dist/*.{gz,zip,sha256} ; do \ + gpg --armor --detach-sign $${f} ; \ + done + .PHONY: checksum checksum: for f in _dist/*.{gz,zip} ; do \ diff --git a/docs/release_checklist.md b/docs/release_checklist.md index e4bbe5323..cee42730d 100644 --- a/docs/release_checklist.md +++ b/docs/release_checklist.md @@ -256,13 +256,17 @@ While hashes provide a signature that the content of the downloads is what it was generated, signed packages provide traceability of where the package came from. -To do this follow the following steps: +To do this, run the following `make` commands: -1. Download each of the release bundles generated by the CI system -2. Sign each of them using GnuPG using the command `gpg --armor --detach-sign [FILE NAME]`. - This will generate a file name `[FILE NAME].asc` with an ascii armored signature. +```shell +make clean +make fetch-dist +make sign +``` -Each of the signature files needs to be uploaded to the release on GitHub. +This will generate ascii armored signature files for each of the files pushed by CI. + +All of the signature files need to be uploaded to the release on GitHub. ## 8. Write the Release Notes @@ -322,7 +326,7 @@ The [Quickstart Guide](https://docs.helm.sh/using_helm/#quickstart-guide) will g ### Features - ref(*): kubernetes v1.11 support efadbd88035654b2951f3958167afed014c46bc6 (Adam Reese) -- feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts (#4778) 1e26b5300b5166fabb90002535aacd2f9cc7d787 +- feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts (#4778) 1e26b5300b5166fabb90002535aacd2f9cc7d787 ### Bug fixes - fix circle not building tags f4f932fabd197f7e6d608c8672b33a483b4b76fa (Matthew Fisher) @@ -346,8 +350,9 @@ git log --no-merges --pretty=format:'- %s %H (%aN)' $PREVIOUS_RELEASE..$RELEASE_ After generating the changelog, you will need to categorize the changes as shown in the example above. -Once finished, go into GitHub and edit the release notes for the tagged release -with the notes written here. +Once finished, go into GitHub and edit the release notes for the tagged release with the notes written here. + +Remember to attach the ascii armored signatures generated in the previous step to the release notes. ## 9. Evangelize