1#!/usr/bin/env bash 2 3set -o errexit 4set -o nounset 5set -o pipefail 6 7source ./scripts/test_lib.sh 8source ./scripts/release_mod.sh 9 10DRY_RUN=${DRY_RUN:-true} 11 12# Following preparation steps help with the release process: 13 14# If you use password-protected gpg key, make sure the password is managed 15# by agent: 16# 17# % gpg-connect-agent reloadagent /bye 18# % gpg -s --default-key [git-email]@google.com -o /dev/null -s /dev/null 19# 20# Refresh your google credentials: 21# % gcloud auth login 22# or 23# % gcloud auth activate-service-account --key-file=gcp-key-etcd-development.json 24# 25# Make sure gcloud-docker plugin is configured: 26# % gcloud auth configure-docker 27 28 29help() { 30 echo "$(basename "$0") [version]" 31 echo "Release etcd using the same approach as the etcd-release-runbook (https://goo.gl/Gxwysq)" 32 echo "" 33 echo "WARNING: This does not perform the 'Add API capabilities', 'Performance testing' " 34 echo " or 'Documentation' steps. These steps must be performed manually BEFORE running this tool." 35 echo "" 36 echo "WARNING: This script does not sign releases, publish releases to github or sent announcement" 37 echo " emails. These steps must be performed manually AFTER running this tool." 38 echo "" 39 echo " args:" 40 echo " version: version of etcd to release, e.g. 'v3.2.18'" 41 echo " flags:" 42 echo " --no-upload: skip gs://etcd binary artifact uploads." 43 echo " --no-docker-push: skip docker image pushes." 44 echo "" 45 echo "One can perform a (dry-run) test release from any (uncommitted) branch using:" 46 echo " DRY_RUN=true REPOSITORY=\`pwd\` BRANCH='local-branch-name' ./scripts/release 3.5.0-foobar.2" 47} 48 49main() { 50 VERSION=$1 51 if [[ ! "${VERSION}" =~ [0-9]+.[0-9]+.[0-9]+ ]]; then 52 log_error "Expected 'version' param of the form '<major-version>.<minor-version>.<patch-version>' but got '${VERSION}'" 53 exit 1 54 fi 55 RELEASE_VERSION="v${VERSION}" 56 MINOR_VERSION=$(echo "${VERSION}" | cut -d. -f 1-2) 57 BRANCH=${BRANCH:-"release-${MINOR_VERSION}"} 58 REPOSITORY=${REPOSITORY:-"git@github.com:etcd-io/etcd.git"} 59 60 log_warning "DRY_RUN=${DRY_RUN}" 61 log_callout "RELEASE_VERSION=${RELEASE_VERSION}" 62 log_callout "MINOR_VERSION=${MINOR_VERSION}" 63 log_callout "BRANCH=${BRANCH}" 64 log_callout "REPOSITORY=${REPOSITORY}" 65 log_callout "" 66 67 # Required to enable 'docker manifest ...' 68 export DOCKER_CLI_EXPERIMENTAL=enabled 69 70 if ! command -v docker >/dev/null; then 71 log_error "cannot find docker" 72 exit 1 73 fi 74 75 # Expected umask for etcd release artifacts 76 umask 022 77 78 # Set up release directory. 79 local reldir="/tmp/etcd-release-${VERSION}" 80 log_callout "Preparing temporary directory: ${reldir}" 81 if [ ! -d "${reldir}/etcd" ]; then 82 mkdir -p "${reldir}" 83 cd "${reldir}" 84 run git clone "${REPOSITORY}" --branch "${BRANCH}" 85 fi 86 run cd "${reldir}/etcd" || exit 2 87 # mark local directory as root for test_lib scripts executions 88 set_root_dir 89 90 run git checkout "${BRANCH}" || exit 2 91 run git pull origin 92 git_assert_branch_in_sync || exit 2 93 94 # If a release version tag already exists, use it. 95 local remote_tag_exists 96 remote_tag_exists=$(run git ls-remote origin "refs/tags/${RELEASE_VERSION}" | grep -c "${RELEASE_VERSION}" || true) 97 98 if [ "${remote_tag_exists}" -gt 0 ]; then 99 log_callout "Release version tag exists on remote. Checking out refs/tags/${RELEASE_VERSION}" 100 git checkout -q "tags/${RELEASE_VERSION}" 101 fi 102 103 # Check go version. 104 local go_version current_go_version 105 go_version="go$(run_go_tool "github.com/mikefarah/yq/v3" read .travis.yml "go[0]")" 106 current_go_version=$(go version | awk '{ print $3 }') 107 if [[ "${current_go_version}" != "${go_version}" ]]; then 108 log_error "Current go version is ${current_go_version}, but etcd ${RELEASE_VERSION} requires ${go_version} (see .travis.yml)." 109 exit 1 110 fi 111 112 # If the release tag does not already exist remotely, create it. 113 if [ "${remote_tag_exists}" -eq 0 ]; then 114 # Bump version/version.go to release version. 115 local source_version 116 source_version=$(grep -E "\s+Version\s*=" api/version/version.go | sed -e "s/.*\"\(.*\)\".*/\1/g") 117 if [[ "${source_version}" != "${VERSION}" ]]; then 118 source_minor_version=$(echo "${source_version}" | cut -d. -f 1-2) 119 if [[ "${source_minor_version}" != "${MINOR_VERSION}" ]]; then 120 log_error "Wrong etcd minor version in api/version/version.go. Expected ${MINOR_VERSION} but got ${source_minor_version}. Aborting." 121 exit 1 122 fi 123 log_callout "Updating modules definitions" 124 TARGET_VERSION="v${VERSION}" update_versions_cmd 125 126 log_callout "Updating version from ${source_version} to ${VERSION} in api/version/version.go" 127 sed -i "s/${source_version}/${VERSION}/g" api/version/version.go 128 fi 129 130 131 log_callout "Building etcd and checking --version output" 132 run ./build.sh 133 local etcd_version 134 etcd_version=$(bin/etcd --version | grep "etcd Version" | awk '{ print $3 }') 135 if [[ "${etcd_version}" != "${VERSION}" ]]; then 136 log_error "Wrong etcd version in version/version.go. Expected ${etcd_version} but got ${VERSION}. Aborting." 137 exit 1 138 fi 139 140 if [[ -n $(git status -s) ]]; then 141 log_callout "Committing mods & api/version/version.go update." 142 run git add api/version/version.go 143 run git add $(find -name go.mod ! -path './release/*'| xargs) 144 run git diff --staged | cat 145 run git commit -m "version: bump up to ${VERSION}" 146 run git diff --staged | cat 147 fi 148 149 # Push the version change if it's not already been pushed. 150 if [ "$(git rev-list --count "origin/${BRANCH}..${BRANCH}")" -gt 0 ]; then 151 read -p "Push version bump up to ${VERSION} to '$(git remote get-url origin)' [y/N]? " -r confirm 152 [[ "${confirm,,}" == "y" ]] || exit 1 153 maybe_run git push 154 fi 155 156 # Tag release. 157 if [ "$(git tag --list | grep -c "${RELEASE_VERSION}")" -gt 0 ]; then 158 log_callout "Skipping tag step. git tag ${RELEASE_VERSION} already exists." 159 else 160 log_callout "Tagging release..." 161 REMOTE_REPO="origin" push_mod_tags_cmd 162 fi 163 164 # Verify the latest commit has the version tag 165 local tag="$(git describe --exact-match HEAD)" 166 if [ "${tag}" != "${RELEASE_VERSION}" ]; then 167 log_error "Error: Expected HEAD to be tagged with ${RELEASE_VERSION}, but 'git describe --exact-match HEAD' reported: ${tag}" 168 exit 1 169 fi 170 171 # Verify the version tag is on the right branch 172 local branch=$(git for-each-ref --contains "${RELEASE_VERSION}" --format="%(refname)" 'refs/heads' | cut -d '/' -f 3) 173 if [ "${branch}" != "${BRANCH}" ]; then 174 log_error "Error: Git tag ${RELEASE_VERSION} should be on branch '${BRANCH}' but is on '${branch}'" 175 exit 1 176 fi 177 fi 178 179 # Build release. 180 # TODO: check the release directory for all required build artifacts. 181 if [ -d release ]; then 182 log_warning "Skipping release build step. /release directory already exists." 183 else 184 log_callout "Building release..." 185 if ${DRY_RUN}; then 186 log_warning "In DRY_RUN mode we clone the current release directory (as there was no push)" 187 REPOSITORY=$(pwd) ./scripts/build-release.sh "${RELEASE_VERSION}" 188 else 189 REPOSITORY=${REPOSITORY} ./scripts/build-release.sh "${RELEASE_VERSION}" 190 fi 191 fi 192 193 # Sanity checks. 194 "./release/etcd-${RELEASE_VERSION}-$(go env GOOS)-amd64/etcd" --version | grep -q "etcd Version: ${VERSION}" || true 195 "./release/etcd-${RELEASE_VERSION}-$(go env GOOS)-amd64/etcdctl" version | grep -q "etcdctl version: ${VERSION}" || true 196 "./release/etcd-${RELEASE_VERSION}-$(go env GOOS)-amd64/etcdutl" version | grep -q "etcdutl version: ${VERSION}" || true 197 198 # Generate SHA256SUMS 199 log_callout "Generating sha256sums of release artifacts." 200 pushd ./release 201 ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS 202 popd 203 if [ -s ./release/SHA256SUMS ]; then 204 cat ./release/SHA256SUMS 205 else 206 log_error "sha256sums is not valid. Aborting." 207 exit 1 208 fi 209 210 # Upload artifacts. 211 if [ "${NO_UPLOAD}" == 1 ]; then 212 log_callout "Skipping artifact upload to gs://etcd. --no-upload flat is set." 213 else 214 read -p "Upload etcd ${RELEASE_VERSION} release artifacts to gs://etcd [y/N]? " -r confirm 215 [[ "${confirm,,}" == "y" ]] || exit 1 216 maybe_run gsutil -m cp ./release/SHA256SUMS "gs://etcd/${RELEASE_VERSION}/" 217 maybe_run gsutil -m cp ./release/*.zip "gs://etcd/${RELEASE_VERSION}/" 218 maybe_run gsutil -m cp ./release/*.tar.gz "gs://etcd/${RELEASE_VERSION}/" 219 maybe_run gsutil -m acl ch -u allUsers:R -r "gs://etcd/${RELEASE_VERSION}/" 220 fi 221 222 # Push images. 223 if [ "${NO_DOCKER_PUSH}" == 1 ]; then 224 log_callout "Skipping docker push. --no-docker-push flat is set." 225 else 226 read -p "Publish etcd ${RELEASE_VERSION} docker images to quay.io [y/N]? " -r confirm 227 [[ "${confirm,,}" == "y" ]] || exit 1 228 # shellcheck disable=SC2034 229 for i in {1..5}; do 230 docker login quay.io && break 231 log_warning "login failed, retrying" 232 done 233 234 for TARGET_ARCH in "amd64" "arm64" "ppc64le" "s390x"; do 235 log_callout "Pushing container images to quay.io ${RELEASE_VERSION}-${TARGET_ARCH}" 236 maybe_run docker push "quay.io/coreos/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" 237 log_callout "Pushing container images to gcr.io ${RELEASE_VERSION}-${TARGET_ARCH}" 238 maybe_run docker push "gcr.io/etcd-development/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" 239 done 240 241 log_callout "Creating manifest-list (multi-image)..." 242 243 for TARGET_ARCH in "amd64" "arm64" "ppc64le" "s390x"; do 244 maybe_run docker manifest create --amend "quay.io/coreos/etcd:${RELEASE_VERSION}" "quay.io/coreos/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" 245 maybe_run docker manifest annotate "quay.io/coreos/etcd:${RELEASE_VERSION}" "quay.io/coreos/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" --arch "${TARGET_ARCH}" 246 247 maybe_run docker manifest create --amend "gcr.io/etcd-development/etcd:${RELEASE_VERSION}" "gcr.io/etcd-development/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" 248 maybe_run docker manifest annotate "gcr.io/etcd-development/etcd:${RELEASE_VERSION}" "gcr.io/etcd-development/etcd:${RELEASE_VERSION}-${TARGET_ARCH}" --arch "${TARGET_ARCH}" 249 done 250 251 log_callout "Pushing container manifest list to quay.io ${RELEASE_VERSION}" 252 maybe_run docker manifest push "quay.io/coreos/etcd:${RELEASE_VERSION}" 253 254 log_callout "Pushing container manifest list to gcr.io ${RELEASE_VERSION}" 255 maybe_run docker manifest push "gcr.io/etcd-development/etcd:${RELEASE_VERSION}" 256 257 log_callout "Setting permissions using gsutil..." 258 maybe_run gsutil -m acl ch -u allUsers:R -r gs://artifacts.etcd-development.appspot.com 259 fi 260 261 ### Release validation 262 mkdir -p downloads 263 264 # Check image versions 265 for IMAGE in "quay.io/coreos/etcd:${RELEASE_VERSION}" "gcr.io/etcd-development/etcd:${RELEASE_VERSION}"; do 266 local image_version=$(dry_run docker run --rm "${IMAGE}" etcd --version | grep "etcd Version" | awk -F: '{print $2}' | tr -d '[:space:]') 267 if [ "${image_version}" != "${VERSION}" ]; then 268 log_error "Check failed: etcd --version output for ${IMAGE} is incorrect: ${image_version}" 269 exit 1 270 fi 271 done 272 273 # Check gsutil binary versions 274 local BINARY_TGZ="etcd-${RELEASE_VERSION}-$(go env GOOS)-amd64.tar.gz" 275 gsutil cp "gs://etcd/${RELEASE_VERSION}/${BINARY_TGZ}" downloads 276 tar -zx -C downloads -f "downloads/${BINARY_TGZ}" 277 local binary_version=$("./downloads/etcd-${RELEASE_VERSION}-$(go env GOOS)-amd64/etcd" --version | grep "etcd Version" | awk -F: '{print $2}' | tr -d '[:space:]') 278 if [ "${binary_version}" != "${VERSION}" ]; then 279 log_error "Check failed: etcd --version output for ${BINARY_TGZ} from gs://etcd/${RELEASE_VERSION} is incorrect: ${binary_version}" 280 exit 1 281 fi 282 283 # TODO: signing process 284 log_warning "" 285 log_warning "WARNING: The release has not been signed and published to github. This must be done manually." 286 log_warning "" 287 log_success "Success." 288 exit 0 289} 290 291POSITIONAL=() 292NO_UPLOAD=0 293NO_DOCKER_PUSH=0 294 295while test $# -gt 0; do 296 case "$1" in 297 -h|--help) 298 shift 299 help 300 exit 0 301 ;; 302 --no-upload) 303 NO_UPLOAD=1 304 shift 305 ;; 306 --no-docker-push) 307 NO_DOCKER_PUSH=1 308 shift 309 ;; 310 *) 311 POSITIONAL+=("$1") # save it in an array for later 312 shift # past argument 313 ;; 314 esac 315done 316set -- "${POSITIONAL[@]}" # restore positional parameters 317 318if [[ ! $# -eq 1 ]]; then 319 help 320 exit 1 321fi 322 323main "$1" 324