Skip to content

Commit

Permalink
ci: Refactor check.sh into check.py to get ready for multi components…
Browse files Browse the repository at this point in the history
… release (#4159)

refactor check.sh

Signed-off-by: Xuanwo <[email protected]>
  • Loading branch information
Xuanwo authored Feb 6, 2024
1 parent 7396c7b commit 71d7dc8
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 60 deletions.
2 changes: 1 addition & 1 deletion scripts/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ OPENDAL_VERSION=0.30.2 OPENDAL_VERSION_RC=rc1 ./scripts/release.sh
## Check

```shell
./scripts/check.sh apache-opendal-0.33.3-src.tar.gz
./scripts/check.py
```

> Before running the check, please ensure that you have completed the following preparations.
Expand Down
63 changes: 63 additions & 0 deletions scripts/check.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
#!/usr/bin/env python3
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

import subprocess
import os

# Define colors for output
YELLOW = "\033[37;1m"
GREEN = "\033[32;1m"
ENDCOLOR = "\033[0m"


def check_signature(pkg):
"""Check the GPG signature of the package."""
try:
subprocess.check_call(["gpg", "--verify", f"{pkg}.asc", pkg])
print(GREEN + "Success to verify the gpg sign for " + pkg + ENDCOLOR)
except subprocess.CalledProcessError:
print(YELLOW + "Failed to verify the gpg sign for " + pkg + ENDCOLOR)


def check_sha512sum(pkg):
"""Check the sha512 checksum of the package."""
try:
subprocess.check_call(["sha512sum", "--check", f"{pkg}.sha512"])
print(GREEN + "Success to verify the checksum for " + pkg + ENDCOLOR)
except subprocess.CalledProcessError:
print(YELLOW + "Failed to verify the checksum for " + pkg + ENDCOLOR)


def main():
# Get a list of all files in the current directory
files = [f for f in os.listdir(".") if os.path.isfile(f)]

for pkg in files:
# Skip files that don't have a corresponding .asc or .sha512 file
if not os.path.exists(f"{pkg}.asc") or not os.path.exists(f"{pkg}.sha512"):
continue

print(f"> Checking {pkg}")

# Perform the checks
check_signature(pkg)
check_sha512sum(pkg)


if __name__ == "__main__":
main()
55 changes: 0 additions & 55 deletions scripts/check.sh

This file was deleted.

8 changes: 4 additions & 4 deletions website/community/committers/verify.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,17 +93,17 @@ Now, we could start the verification.
We've provided a script to verify the checksum and signature of the release candidate.

The script is in the `scripts` directory of our repository.
You can download it directly from [here](https://raw.githubusercontent.com/apache/opendal/main/scripts/check.sh)
You can download it directly from [here](https://raw.githubusercontent.com/apache/opendal/main/scripts/check.py)
or check it out from the repository:

```shell
git clone git@github.com:apache/opendal.git
git clone https://github.com/apache/opendal
```

Run the script on a specific release candidate:
Run the script in a specific release candidate's folder:

```shell
./scripts/check.sh apache-opendal-${release_version}-${rc_version}-src.tar.gz
./scripts/check.py
```

You will see the following output if the verification is successful:
Expand Down

0 comments on commit 71d7dc8

Please sign in to comment.