add `make sign` and `make fetch-dist` (#5329)

Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
6 years ago · ead111dd4f
parent fbc89e13d1
commit ead111dd4f
2 changed files with 28 additions and 8 deletions
--- a/15
+++ b/15
@ -4,6 +4,7 @@ DEV_IMAGE         ?= golang:1.11
 SHORT_NAME        ?= tiller
 SHORT_NAME_RUDDER ?= rudder
 TARGETS           ?= darwin/amd64 linux/amd64 linux/386 linux/arm linux/arm64 linux/ppc64le linux/s390x windows/amd64
+TARGET_OBJS       ?= darwin-amd64.tar.gz darwin-amd64.tar.gz.sha256 linux-amd64.tar.gz linux-amd64.tar.gz.sha256 linux-386.tar.gz linux-386.tar.gz.sha256 linux-arm.tar.gz linux-arm.tar.gz.sha256 linux-arm64.tar.gz linux-arm64.tar.gz.sha256 linux-ppc64le.tar.gz linux-ppc64le.tar.gz.sha256 linux-s390x.tar.gz linux-s390x.tar.gz.sha256 windows-amd64.zip windows-amd64.zip.sha256
 DIST_DIRS         = find * -type d -exec

 # go option
@ -44,6 +45,20 @@ dist:
 		$(DIST_DIRS) zip -r helm-${VERSION}-{}.zip {} \; \
 	)

+.PHONY: fetch-dist
+fetch-dist:
+	mkdir -p _dist
+	cd _dist && \
+	for obj in ${TARGET_OBJS} ; do \
+		curl -sSL -o helm-${VERSION}-$${obj} https://storage.googleapis.com/kubernetes-helm/helm-${VERSION}-$${obj} ; \
+	done
+
+.PHONY: sign
+sign:
+	for f in _dist/*.{gz,zip,sha256} ; do \
+		gpg --armor --detach-sign $${f} ; \
+	done
+
 .PHONY: checksum
 checksum:
 	for f in _dist/*.{gz,zip} ; do \
--- a/docs/release_checklist.md
+++ b/docs/release_checklist.md
@ -256,13 +256,17 @@ While hashes provide a signature that the content of the downloads is what it
 was generated, signed packages provide traceability of where the package came
 from.

-To do this follow the following steps:
+To do this, run the following `make` commands:

-1. Download each of the release bundles generated by the CI system
-2. Sign each of them using GnuPG using the command `gpg --armor --detach-sign [FILE NAME]`.
-   This will generate a file name `[FILE NAME].asc` with an ascii armored signature.
+```shell
+make clean
+make fetch-dist
+make sign
+```

-Each of the signature files needs to be uploaded to the release on GitHub.
+This will generate ascii armored signature files for each of the files pushed by CI.
+
+All of the signature files need to be uploaded to the release on GitHub.

 ## 8. Write the Release Notes

@ -322,7 +326,7 @@ The [Quickstart Guide](https://docs.helm.sh/using_helm/#quickstart-guide) will g

 ### Features
 - ref(*): kubernetes v1.11 support efadbd88035654b2951f3958167afed014c46bc6 (Adam Reese)
- feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts (#4778) 1e26b5300b5166fabb90002535aacd2f9cc7d787 
+- feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts (#4778) 1e26b5300b5166fabb90002535aacd2f9cc7d787

 ### Bug fixes
 - fix circle not building tags f4f932fabd197f7e6d608c8672b33a483b4b76fa (Matthew Fisher)
@ -346,8 +350,9 @@ git log --no-merges --pretty=format:'- %s %H (%aN)' $PREVIOUS_RELEASE..$RELEASE_
 After generating the changelog, you will need to categorize the changes as shown
 in the example above.

-Once finished, go into GitHub and edit the release notes for the tagged release
-with the notes written here.
+Once finished, go into GitHub and edit the release notes for the tagged release with the notes written here.
+
+Remember to attach the ascii armored signatures generated in the previous step to the release notes.

 ## 9. Evangelize