Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-0.3] 🌱 improve hack/verify-release.sh draft release note handling #1461

Merged
merged 1 commit into from
Nov 27, 2023
Merged

[release-0.3] 🌱 improve hack/verify-release.sh draft release note handling #1461

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 21 additions & 4 deletions hack/verify-release.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ REGISTRY="quay.io"

# if the given tag doesn't exist, we run only pre-tag checks
TAG_EXISTS=""
# we skip some checks if we cannot download release information
RELEASE_EXISTS=""


#
Expand Down Expand Up @@ -267,16 +269,29 @@ download_release_information()
{
# download release information json, requires GITHUB_TOKEN
echo "Downloading release information ..."
local release_id

if ! curl -SsL --fail \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-o "${RELEASE_JSON}" \
"https://api.github.com/repos/${PROJECT}/releases/tags/v${VERSION}" >/dev/null; then
"https://api.github.com/repos/${PROJECT}/releases" >/dev/null; then
echo "ERROR: could not download release information, check token and permissions"
exit 1
fi
release_id=$(jq '.[] | select(.name == "v'"${VERSION}"'") | .id' "${RELEASE_JSON}")

if [[ -z "${release_id}" ]] || ! curl -SsL --fail \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-o "${RELEASE_JSON}" \
"https://api.github.com/repos/${PROJECT}/releases/${release_id}" >/dev/null; then
echo "WARNING: could not download release information for tag v${VERSION} (id '${release_id}')"
echo "WARNING: will skip all release note checks"
fi
RELEASE_EXISTS=true

echo -e "Done\n"
}
Expand Down Expand Up @@ -541,7 +556,7 @@ verify_vulnerabilities()
# run osv-scanner to verify if we have open vulnerabilities in deps
echo "Verifying vulnerabilities ..."

"${OSVSCANNER_CMD[@]}" -r . > "${SCAN_LOG}"
"${OSVSCANNER_CMD[@]}" -r . > "${SCAN_LOG}" || true
if ! grep -q "No vulnerabilities found" "${SCAN_LOG}"; then
cat "${SCAN_LOG}"
fi
Expand All @@ -564,8 +579,10 @@ if [[ -n "${TAG_EXISTS}" ]]; then
download_release_information
verify_git_tags
verify_git_tag_types
verify_release_notes
verify_release_artefacts
if [[ -n "${RELEASE_EXISTS}" ]]; then
verify_release_notes
verify_release_artefacts
fi
verify_container_images
fi

Expand Down