This Python script helps release a new version of Django. You should run this script from the Django repo root, having checked out the stable branch that you wish to release.

#! /usr/bin/env python
"""Helper to release Django."""

import hashlib
import os
import re
import subprocess
from datetime import date
from io import StringIO

PGP_KEY_ID = "2EE82A8D9470983E"
PGP_EMAIL = "124304+nessita@users.noreply.github.com"
PATH_TO_BINARIES = "/home/nessita/fellowship/releases"
CHECKSUM_DEST_DIR = "/home/nessita/fellowship/releases/checksums"
GITHUB_USERNAME = "nessita"

checksum_file_text = """This file contains MD5, SHA1, and SHA256 checksums for the source-code
tarball and wheel files of Django {django_version}, released {release_date}.

To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
the ID ``{pgp_key_id}`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:

    gpg --keyserver pgp.mit.edu --recv-key {pgp_key_id}

or via the GitHub API:

    curl https://github.com/{github_username}.gpg | gpg --import -

Once the key is imported, verify this file:

    gpg --verify {checksum_file_name}

Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
package and compare them to the checksums listed below.

Release packages
================

https://www.djangoproject.com/download/{django_version}/tarball/
https://www.djangoproject.com/download/{django_version}/wheel/

MD5 checksums
=============

{md5_tarball}  {tarball_name}
{md5_wheel}  {wheel_name}

SHA1 checksums
==============

{sha1_tarball}  {tarball_name}
{sha1_wheel}  {wheel_name}

SHA256 checksums
================

{sha256_tarball}  {tarball_name}
{sha256_wheel}  {wheel_name}

"""

PATH_TO_DJANGO = os.path.abspath(os.path.curdir)

def build_artifacts():
    from build.__main__ import main as build_main

    build_main([])


def do_checksum(checksum_algo, release_file):
    with open(os.path.join(dist_path, release_file), "rb") as f:
        return checksum_algo(f.read()).hexdigest()


# Ensure the working directory is clean.
subprocess.call(["git", "clean", "-fdx"])

dist_path = os.path.join(PATH_TO_DJANGO, "dist/")

## Build release files.
build_artifacts()
release_files = os.listdir(dist_path)
wheel_name = None
tarball_name = None
for f in release_files:
    if f.endswith(".whl"):
        wheel_name = f
    if f.endswith(".tar.gz"):
        tarball_name = f

assert wheel_name is not None
assert tarball_name is not None

django_version = wheel_name.split("-")[1]
django_major_version = ".".join(django_version.split(".")[:2])
# Chop alpha/beta/rc suffix
match = re.search("[abrc]", django_major_version)
if match:
    django_major_version = django_major_version[: match.start()]

release_date = date.today().strftime("%B %-d, %Y")
checksum_file_name = f"Django-{django_version}.checksum.txt"
checksum_file_kwargs = dict(
    release_date=release_date,
    pgp_key_id=PGP_KEY_ID,
    django_version=django_version,
    github_username=GITHUB_USERNAME,
    checksum_file_name=checksum_file_name,
    wheel_name=wheel_name,
    tarball_name=tarball_name,
)
checksums = (
    ("md5", hashlib.md5),
    ("sha1", hashlib.sha1),
    ("sha256", hashlib.sha256),
)
for checksum_name, checksum_algo in checksums:
    checksum_file_kwargs[f"{checksum_name}_tarball"] = do_checksum(
        checksum_algo, tarball_name
    )
    checksum_file_kwargs[f"{checksum_name}_wheel"] = do_checksum(
        checksum_algo, wheel_name
    )

# Create the checksum file
checksum_file_text = checksum_file_text.format(**checksum_file_kwargs)
os.makedirs(CHECKSUM_DEST_DIR, exist_ok=True)
checksum_file_path = os.path.join(CHECKSUM_DEST_DIR, checksum_file_name)
with open(checksum_file_path, "wb") as f:
    f.write(checksum_file_text.encode("ascii"))

print("\n\nDiffing release with checkout for sanity check.")

# Unzip and diff...
unzip_command = [
    "unzip",
    "-q",
    os.path.join(dist_path, wheel_name),
    "-d",
    os.path.join(dist_path, django_major_version),
]
subprocess.run(unzip_command)
diff_command = [
    "diff",
    "-qr",
    "./django/",
    os.path.join(dist_path, django_major_version, "django"),
]
subprocess.run(diff_command)
subprocess.run(
    [
        "rm",
        "-rf",
        os.path.join(dist_path, django_major_version),
    ]
)

print("\n\n=> Commands to run NOW:")

# Sign the checksum file, this may prompt for a passphrase.
print(f"gpg --clearsign -u {PGP_EMAIL} --digest-algo SHA256 {checksum_file_path}")
# Create, verify and push tag
print(f'git tag --sign --message="Tag {django_version}" {django_version}')
print(f"git tag --verify {django_version}")

# Copy binaries outside the current repo tree to avoid lossing them.
path_to_binaries = os.path.join(PATH_TO_BINARIES, django_version)
os.makedirs(path_to_binaries, exist_ok=True)
subprocess.run(["cp", "-r", dist_path, path_to_binaries])

# Make the binaries available to the world
print(
    "\n\n=> These ONLY 15 MINUTES BEFORE RELEASE TIME (consider new terminal "
    "session with isolated venv)!"
)
# Upload the checksum file and release artifacts to the djangoproject admin.
print(
    "\n==> ACTION Add a new Release entry in https://www.djangoproject.com/admin/releases/release/add/:"
)
print(
    f"""* Version: {django_version}
* Is active: False
* Release date: {release_date}
* End of life date: None"""
)

print(
    "\n==> ACTION Add tarball, wheel, and checksum files to the newly created Release entry:"
)
print(
    f"""* Tarball and wheel from {path_to_binaries}
* Signed checksum {checksum_file_path}.asc"""
)

# Test the new version and confirm the signature using Jenkins.
print("\n==> ACTION Test the release artifacts:")
print(f"RELEASE_VERSION={django_version} test_new_version.sh")

print("\n==> ACTION Run confirm-release job! https://djangoci.com/job/confirm-release/")

# Upload to PyPI.
print("\n==> ACTION Upload to PyPI:")
print(f"cd {path_to_binaries}")
print("source ~/.virtualenvs/djangorelease/bin/activate")
print("pip install -U pip twine")
print("twine upload --repository django dist/*")

# Push the tags.
print("\n==> ACTION Push the tags:")
print("git push --tags")

print("\n\nDONE!!!")