Cirrus: Only upload tagged releases

Prior to this commit, every push to master had it's builds packaged and uploaded to google storage. This is a waste, since potential users are only ever concerned about tagged releases. Unfortunately because the release process involves humans with potentially multiple human and automation steps happening in parallel, it's easy for automation to not detect a tagged release, or trigger on development|pre-release tags. Fix this in `upload_release_archive.sh` using a new unit-tested function `is_release()`. This acts as the definitive authority on whether or not a specific commit rage or `$CIRRUS_TAG` value constitutes something worthy of upload. Signed-off-by: Chris Evich <cevich@redhat.com>
2025-05-31 15:42:48 +08:00 · 2019-10-22 12:31:30 -04:00
parent a56131fef4
commit 8303eb3037
3 changed files with 87 additions and 3 deletions
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@ -43,7 +43,7 @@ if type -P git &> /dev/null && [[ -d "$GOSRC/.git" ]]
 then
    CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-$(git show-ref --hash=8 HEAD || date +%s)}
 else # pick something unique and obviously not from Cirrus
-    CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-no_git_$(date +%s)}
+    CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-unknown_$(date +%s)}
 fi

 # Defaults when not running under CI
@ -233,6 +233,42 @@ ircmsg() {
    set -e
 }

+# This covers all possible human & CI workflow parallel & serial combinations
+# where at least one caller must definitively discover if within a commit range
+# there is at least one release tag not having any '-' characters (return 0)
+# or otherwise (return non-0).
+is_release() {
+    req_env_var CIRRUS_BASE_SHA CIRRUS_CHANGE_IN_REPO
+    local range="${CIRRUS_BASE_SHA}..${CIRRUS_CHANGE_IN_REPO}"
+    # Easy check first, default non-useful values
+    if echo "${range}$CIRRUS_TAG" | grep -iq 'unknown'; then
+        die 11 "is_release() unusable range ${range} or tag $CIRRUS_TAG"
+    fi
+    # Next easy check, is CIRRUS_TAG set
+    unset RELVER
+    if [[ -n "$CIRRUS_TAG" ]]; then
+        RELVER="$CIRRUS_TAG"
+    else # Lastly, look through the range for tags
+        git fetch --all --tags &> /dev/null|| \
+            die 12 "is_release() failed to fetch tags"
+        RELVER=$(git log --pretty='format:%d' $range | \
+                 grep '(tag:' | sed -r -e 's/\s+[(]tag:\s+(v[0-9].*)[)]/\1/' | \
+                 sort -uV | tail -1)
+        [[ "$?" -eq "0" ]] || \
+            die 13 "is_release() failed to parse tags"
+    fi
+    echo "Found \$RELVER $RELVER"
+    if [[ -n "$RELVER" ]]; then
+        if echo "$RELVER" | grep -q '-'; then
+            return 2
+        else
+            return 0
+        fi
+    else
+        return 1
+    fi
+}
+
 setup_rootless() {
    req_env_var ROOTLESS_USER GOSRC SECRET_ENV_RE ROOTLESS_ENV_RE

--- a/contrib/cirrus/lib.sh.t
+++ b/contrib/cirrus/lib.sh.t
@ -119,5 +119,42 @@ line2" "=" "line 1
 line2"

 ###############################################################################
+# tests for is_release()
+
+# N/B: Assuming tests run in their own process, so wiping out the local
+# CIRRUS_BASE_SHA CIRRUS_CHANGE_IN_REPO and CIRRUS_TAG will be okay.
+function test_is_release() {
+    CIRRUS_BASE_SHA="$1"
+    CIRRUS_CHANGE_IN_REPO="$2"
+    CIRRUS_TAG="$3"
+    local exp_status=$4
+    local exp_msg=$5
+    local msg
+    msg=$(is_release)
+    local status=$?
+
+    check_result "$msg" "$exp_msg" "is_release(CIRRUS_BASE_SHA='$1' CIRRUS_CHANGE_IN_REPO='$2' CIRRUS_TAG='$3')"
+    check_result "$status" "$exp_status" "is_release(...) returned $status"
+}
+
+#                FROM    TO    TAG    RET    MSG
+#test_is_release ""      ""    ""     ""     ""
+
+test_is_release  ""      ""    ""     "9"     "FATAL: is_release() requires \$CIRRUS_BASE_SHA to be non-empty"
+test_is_release  "x"     ""    ""     "9"     "FATAL: is_release() requires \$CIRRUS_CHANGE_IN_REPO to be non-empty"
+
+test_is_release  "unknown" "x" ""     "11"    "is_release() unusable range unknown..x or tag "
+test_is_release  "x" "unknown" ""     "11"    "is_release() unusable range x..unknown or tag "
+test_is_release  "x" "x" "unknown"    "11"    "is_release() unusable range x..x or tag unknown"
+
+# Negative-testing git with this function is very difficult, assume it works
+# test_is_release ... "is_release() failed to fetch tags"
+# test_is_release ... "is_release() failed to parse tags"
+
+BF_V1=$(git rev-parse v1.0.0^)
+AT_V1=$(git rev-parse v1.0.0)
+test_is_release  "$BF_V1" "$BF_V1" "v9.8.7-dev" "2"     "Found \$RELVER v9.8.7-dev"
+test_is_release  "$BF_V1" "$AT_V1" "v9.8.7-dev" "2"     "Found \$RELVER v9.8.7-dev"
+test_is_release  "$BF_V1" "$AT_V1" ""           "0"     "Found \$RELVER v1.0.0"

 exit $rc
--- a/contrib/cirrus/upload_release_archive.sh
+++ b/contrib/cirrus/upload_release_archive.sh
@ -17,8 +17,15 @@ then
    BUCKET="libpod-pr-releases"
 elif [[ -n "$CIRRUS_BRANCH" ]]
 then
-    PR_OR_BRANCH="$CIRRUS_BRANCH"
-    BUCKET="libpod-$CIRRUS_BRANCH-releases"
+    # Only release non-development tagged commit ranges
+    if is_release
+    then
+        PR_OR_BRANCH="$CIRRUS_BRANCH"
+        BUCKET="libpod-$CIRRUS_BRANCH-releases"
+    else
+        warn "" "Skipping release processing: Commit range|CIRRUS_TAG is development tagged."
+        exit 0
+    fi
 else
    die 1 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty."
 fi
@ -64,6 +71,10 @@ do
        echo "Warning: Not processing $filename (invalid extension '$EXT')"
        continue
    fi
+    if [[ "$EXT" =~ "gz" ]]
+    then
+        EXT="tar.gz"
+    fi

    [[ "$OS_RELEASE_ID" == "ubuntu" ]] || \
        chcon -t container_file_t "$filename"