Changes between Version 1 and Version 2 of ReleaseScript
- Timestamp:
- Mar 18, 2025, 11:57:40 AM (2 weeks ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TabularUnified ReleaseScript
v1 v2 1 This Python script helps release Django.2 3 You must run `git clean -fdx` in your Django checkout first. 4 5 {{{ 1 This Python script helps release a new version of Django. You should run this script from the Django repo root, having checked out the stable branch that you wish to release. 2 {{{#!python 3 #! /usr/bin/env python 4 """Helper to release Django.""" 5 6 6 import hashlib 7 7 import os … … 11 11 from io import StringIO 12 12 13 PGP_KEY_ID = '1E8ABDC773EDE252' # replace with your PGP key 14 PATH_TO_DJANGO = '/media/evo/release-django/' # replace 15 CHECKSUM_DEST_DIR = '/home/tim/Desktop/' # replace 16 17 checksum_file_text = \ 18 """This file contains MD5, SHA1, and SHA256 checksums for the source-code 13 PGP_KEY_ID = "2EE82A8D9470983E" 14 PGP_EMAIL = "124304+nessita@users.noreply.github.com" 15 PATH_TO_BINARIES = "/home/nessita/fellowship/releases" 16 CHECKSUM_DEST_DIR = "/home/nessita/fellowship/releases/checksums" 17 GITHUB_USERNAME = "nessita" 18 19 checksum_file_text = """This file contains MD5, SHA1, and SHA256 checksums for the source-code 19 20 tarball and wheel files of Django {django_version}, released {release_date}. 20 21 21 22 To use this file, you will need a working install of PGP or other 22 23 compatible public-key encryption software. You will also need to have 23 the Django release manager's public key in your keyring ; this key has24 the Django release manager's public key in your keyring. This key has 24 25 the ID ``{pgp_key_id}`` and can be imported from the MIT 25 keyserver . For example, if using the open-source GNU Privacy Guard26 keyserver, for example, if using the open-source GNU Privacy Guard 26 27 implementation of PGP: 27 28 28 29 gpg --keyserver pgp.mit.edu --recv-key {pgp_key_id} 29 30 30 Once the key is imported, verify this file:: 31 32 gpg --verify <<THIS FILENAME>> 31 or via the GitHub API: 32 33 curl https://github.com/{github_username}.gpg | gpg --import - 34 35 Once the key is imported, verify this file: 36 37 gpg --verify {checksum_file_name} 33 38 34 39 Once you have verified this file, you can use normal MD5, SHA1, or SHA256 … … 36 41 package and compare them to the checksums listed below. 37 42 38 Release packages: 39 ================= 43 Release packages 44 ================ 45 46 https://www.djangoproject.com/download/{django_version}/tarball/ 47 https://www.djangoproject.com/download/{django_version}/wheel/ 48 49 MD5 checksums 50 ============= 51 52 {md5_tarball} {tarball_name} 53 {md5_wheel} {wheel_name} 54 55 SHA1 checksums 56 ============== 57 58 {sha1_tarball} {tarball_name} 59 {sha1_wheel} {wheel_name} 60 61 SHA256 checksums 62 ================ 63 64 {sha256_tarball} {tarball_name} 65 {sha256_wheel} {wheel_name} 40 66 41 67 """ 42 68 43 dist_path = os.path.join(PATH_TO_DJANGO, 'dist/') 69 70 def build_artifacts(): 71 from build.__main__ import main as build_main 72 73 build_main([]) 74 75 76 def do_checksum(checksum_algo, release_file): 77 with open(os.path.join(dist_path, release_file), "rb") as f: 78 return checksum_algo(f.read()).hexdigest() 79 80 81 # Ensure the working directory is clean. 82 subprocess.call(["git", "clean", "-fdx"]) 83 84 dist_path = os.path.join(os.path.abspath(os.path.curdir), "dist/") 44 85 45 86 ## Build release files. 46 subprocess.call(["make", "-f", os.path.join(PATH_TO_DJANGO, 'extras/Makefile')])87 build_artifacts() 47 88 release_files = os.listdir(dist_path) 89 wheel_name = None 90 tarball_name = None 48 91 for f in release_files: 49 if f.endswith( '.whl'):92 if f.endswith(".whl"): 50 93 wheel_name = f 51 break 52 53 assert wheel_name.endswith('.whl') 54 django_version = wheel_name.split('-')[1] 55 django_major_version = '.'.join(django_version.split('.')[:2]) 94 if f.endswith(".tar.gz"): 95 tarball_name = f 96 97 assert wheel_name is not None 98 assert tarball_name is not None 99 100 django_version = wheel_name.split("-")[1] 101 django_major_version = ".".join(django_version.split(".")[:2]) 56 102 # Chop alpha/beta/rc suffix 57 103 match = re.search("[abrc]", django_major_version) 58 104 if match: 59 django_major_version = django_major_version[:match.start()] 60 61 checksum_file_text = checksum_file_text.format( 62 release_date = date.today().strftime('%B %-d, %Y'), 63 pgp_key_id = PGP_KEY_ID, 105 django_major_version = django_major_version[: match.start()] 106 107 release_date = date.today().strftime("%B %-d, %Y") 108 checksum_file_name = f"Django-{django_version}.checksum.txt" 109 checksum_file_kwargs = dict( 110 release_date=release_date, 111 pgp_key_id=PGP_KEY_ID, 64 112 django_version=django_version, 65 ) 66 67 for release_file in release_files: 68 checksum_file_text += 'https://www.djangoproject.com/m/releases/' + django_major_version + '/' + release_file + '\n' 69 70 113 github_username=GITHUB_USERNAME, 114 checksum_file_name=checksum_file_name, 115 wheel_name=wheel_name, 116 tarball_name=tarball_name, 117 ) 71 118 checksums = ( 72 ('MD5', hashlib.md5), 73 ('SHA1', hashlib.sha1), 74 ('SHA256', hashlib.sha256), 75 ) 76 119 ("md5", hashlib.md5), 120 ("sha1", hashlib.sha1), 121 ("sha256", hashlib.sha256), 122 ) 77 123 for checksum_name, checksum_algo in checksums: 78 checksum_file_ text += "\n%s checksums\n" % checksum_name79 checksum_file_text += "=" * len(checksum_name) + "==========\n\n"80 81 for release_file in release_files:82 checksum = checksum_algo(open(os.path.join(dist_path, release_file) ,'rb').read()).hexdigest()83 checksum_file_text += checksum + " " + release_file + "\n"124 checksum_file_kwargs[f"{checksum_name}_tarball"] = do_checksum( 125 checksum_algo, tarball_name 126 ) 127 checksum_file_kwargs[f"{checksum_name}_wheel"] = do_checksum( 128 checksum_algo, wheel_name 129 ) 84 130 85 131 # Create the checksum file 86 checksum_file_name = 'Django-%s.checksum.txt' % django_version 132 checksum_file_text = checksum_file_text.format(**checksum_file_kwargs) 133 os.makedirs(CHECKSUM_DEST_DIR, exist_ok=True) 87 134 checksum_file_path = os.path.join(CHECKSUM_DEST_DIR, checksum_file_name) 88 with open(checksum_file_path,'wb') as f: 89 f.write(checksum_file_text.encode('ascii')) 90 91 print() 92 print('Commands to run:') 93 94 # Sign the checkusm file 95 print('gpg --clearsign --digest-algo SHA256 %s' % checksum_file_path) 96 97 # Upload the checksum file 98 print('scp {filepath}.asc root@djangoproject.com:/home/www/www/media/pgp/{filename}'.format(filepath=checksum_file_path, filename=checksum_file_name)) 99 100 # Upload release files to the djangoproject server. 101 print('scp dist/Django-* root@djangoproject.com:/home/www/www/media/releases/%s' % django_major_version) 102 103 print('git tag --sign --message="Tag {release}" {release}'.format(release=django_version)) 104 print('twine upload -s dist/*') 135 with open(checksum_file_path, "wb") as f: 136 f.write(checksum_file_text.encode("ascii")) 137 138 print("\n\nDiffing release with checkout for sanity check.") 139 140 # Unzip and diff... 141 unzip_command = [ 142 "unzip", 143 "-q", 144 os.path.join(dist_path, wheel_name), 145 "-d", 146 os.path.join(dist_path, django_major_version), 147 ] 148 subprocess.run(unzip_command) 149 diff_command = [ 150 "diff", 151 "-qr", 152 "./django/", 153 os.path.join(dist_path, django_major_version, "django"), 154 ] 155 subprocess.run(diff_command) 156 subprocess.run( 157 [ 158 "rm", 159 "-rf", 160 os.path.join(dist_path, django_major_version), 161 ] 162 ) 163 164 print("\n\n=> Commands to run NOW:") 165 166 # Sign the checksum file, this may prompt for a passphrase. 167 print(f"gpg --clearsign -u {PGP_EMAIL} --digest-algo SHA256 {checksum_file_path}") 168 # Create, verify and push tag 169 print(f'git tag --sign --message="Tag {django_version}" {django_version}') 170 print(f"git tag --verify {django_version}") 171 172 # Copy binaries outside the current repo tree to avoid lossing them. 173 path_to_binaries = os.path.join(PATH_TO_BINARIES, django_version) 174 os.makedirs(path_to_binaries, exist_ok=True) 175 subprocess.run(["cp", "-r", dist_path, path_to_binaries]) 176 177 # Make the binaries available to the world 178 print( 179 "\n\n=> These ONLY 15 MINUTES BEFORE RELEASE TIME (consider new terminal " 180 "session with isolated venv)!" 181 ) 182 # Upload the checksum file and release artifacts to the djangoproject admin. 183 print( 184 "\n==> ACTION Add a new Release entry in https://www.djangoproject.com/admin/releases/release/add/:" 185 ) 186 print( 187 f"""* Version: {django_version} 188 * Is active: False 189 * Release date: {release_date} 190 * End of life date: None""" 191 ) 192 193 print( 194 "\n==> ACTION Add tarball, wheel, and checksum files to the newly created Release entry:" 195 ) 196 print( 197 f"""* Tarball and wheel from {path_to_binaries} 198 * Signed checksum {checksum_file_path}.asc""" 199 ) 200 201 # Test the new version and confirm the signature using Jenkins. 202 print("\n==> ACTION Test the release artifacts:") 203 print(f"RELEASE_VERSION={django_version} test_new_version.sh") 204 205 print("\n==> ACTION Run confirm-release job! https://djangoci.com/job/confirm-release/") 206 207 # Upload to PyPI. 208 print("\n==> ACTION Upload to PyPI:") 209 print(f"cd {path_to_binaries}") 210 print("source ~/.virtualenvs/djangorelease/bin/activate") 211 print("pip install -U pip twine") 212 print("twine upload --repository django dist/*") 213 214 # Push the tags. 215 print("\n==> ACTION Push the tags:") 216 print("git push --tags") 217 218 print("\n\nDONE!!!") 105 219 }}}