github.com/verrazzano/verrazzano@v1.7.0/release/scripts/verify_github_release.sh

github.com/verrazzano/verrazzano@v1.7.0/release/scripts/verify_github_release.sh (about)

     1  #!/usr/bin/env bash
     2  #
     3  # Copyright (c) 2021, 2022, Oracle and/or its affiliates.
     4  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     5  #
     6  # Verifies GitHub release artifacts.
     7  set -e
     8  
     9  SCRIPT_DIR=$(cd $(dirname "$0"); pwd -P)
    10  . $SCRIPT_DIR/common.sh
    11  . $SCRIPT_DIR/common-release.sh
    12  
    13  usage() {
    14      cat <<EOM
    15    Downloads the release artifacts from GitHub and checks the SHA256 hash.
    16  
    17    Usage:
    18      $(basename $0) <release version to verify>
    19  
    20    Example:
    21      $(basename $0) v1.0.1
    22  EOM
    23      exit 0
    24  }
    25  
    26  [ -z "$1" ] || [ "$1" == "-h" ] && { usage; }
    27  
    28  VERSION=${1}
    29  
    30  TMPDIR=$(mktemp -d)
    31  trap 'rm -r "${TMPDIR}"' exit
    32  
    33  # Configure sha command based on platform
    34  SHA_CMD="sha256sum -c"
    35  
    36  if [ "$(uname)" == "Darwin" ]; then
    37      SHA_CMD="shasum -a 256 -c"
    38  fi
    39  
    40  function verify_released_artifacts() {
    41    local releaseVersionDir=${TMPDIR}/release
    42    mkdir -p $releaseVersionDir
    43    cd $releaseVersionDir
    44  
    45    # Iterate the array containing the release artifacts and download all of them
    46    echo "Downloading release artifacts for ${VERSION}"
    47    for i in "${releaseArtifacts[@]}"
    48    do
    49      local url="https://github.com/verrazzano/verrazzano/releases/download/$VERSION/$i"
    50      curl -Ss -L --show-error --fail -o $i ${url} || { echo "Unable to download ${url}"; exit; }
    51    done
    52    ${SHA_CMD} verrazzano-platform-operator.yaml.sha256
    53    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-darwin-amd64.tar.gz.sha256
    54    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-darwin-arm64.tar.gz.sha256
    55    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-linux-amd64.tar.gz.sha256
    56    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-linux-arm64.tar.gz.sha256
    57  
    58    # Latest tag is automatic, do we really need to check ? If required, better compare the files from the two directories
    59    local latestVersionDir=${TMPDIR}}/latest
    60    mkdir -p $latestVersionDir
    61    cd $latestVersionDir
    62  
    63    # Iterate the array containing the release artifacts and download all of them
    64    echo "Downloading release artifacts for latest"
    65    for i in "${releaseArtifacts[@]}"
    66    do
    67      local url="https://github.com/verrazzano/verrazzano/releases/latest/download/$i"
    68      curl -Ss -L --show-error --fail -o $i ${url} || { echo "Unable to download ${url}"; exit; }
    69    done
    70    ${SHA_CMD} verrazzano-platform-operator.yaml.sha256
    71    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-darwin-amd64.tar.gz.sha256
    72    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-darwin-arm64.tar.gz.sha256
    73    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-linux-amd64.tar.gz.sha256
    74    ${SHA_CMD} verrazzano-${RELEASE_VERSION}-linux-arm64.tar.gz.sha256
    75  }
    76  
    77  verify_released_artifacts