diff --git a/scripts/dist.sh b/scripts/dist.sh deleted file mode 100755 index 6bf81eb7e..000000000 --- a/scripts/dist.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash -set -e - -# Get the version from the command line -VERSION=$1 -if [ -z $VERSION ]; then - echo "Please specify a version." - exit 1 -fi - -# Make sure we have a bintray API key -if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY ]]; then - echo "Please set AWS access keys as env vars before running this script." - exit 1 -fi - -# Get the parent directory of where this script is. -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done -DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" - -# Change into that dir because we expect that -cd $DIR - -# Zip all the files -rm -rf ./pkg/dist -mkdir -p ./pkg/dist -for FILENAME in $(find ./pkg -mindepth 1 -maxdepth 1 -type f); do - FILENAME=$(basename $FILENAME) - cp ./pkg/${FILENAME} ./pkg/dist/terraform_${VERSION}_${FILENAME} -done - -# Make the checksums -echo "==> Signing..." -pushd ./pkg/dist -rm -f ./terraform_${VERSION}_SHA256SUMS* -shasum -a256 * > ./terraform_${VERSION}_SHA256SUMS -gpg --default-key 348FFC4C --detach-sig ./terraform_${VERSION}_SHA256SUMS -popd - -# Upload -hc-releases upload ./pkg/dist - -exit 0 diff --git a/scripts/docker-release/Dockerfile-release b/scripts/docker-release/Dockerfile-release deleted file mode 100644 index 81b41ca70..000000000 --- a/scripts/docker-release/Dockerfile-release +++ /dev/null @@ -1,45 +0,0 @@ -# This Dockerfile is not intended for general use, but is rather used to -# package up official Terraform releases (from releases.hashicorp.com) to -# release on Dockerhub as the "light" release images. -# -# The main Dockerfile in the root of the repository is more generally-useful, -# since it is able to build a docker image of the current state of the work -# tree, without any dependency on there being an existing release on -# releases.hashicorp.com. - -FROM alpine:latest as build -LABEL maintainer="HashiCorp Terraform Team " - -# This is intended to be run from the hooks/build script, which sets this -# appropriately based on git tags. -ARG TERRAFORM_VERSION=UNSPECIFIED - -COPY releases_public_key . - -# What's going on here? -# - Download the indicated release along with its checksums and signature for the checksums -# - Verify that the checksums file is signed by the Hashicorp releases key -# - Verify that the zip file matches the expected checksum -# - Extract the zip file so it can be run - -RUN apk add --no-cache git curl openssh gnupg && \ - curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ - curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig && \ - curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS && \ - gpg --import releases_public_key && \ - gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS && \ - grep linux_amd64 terraform_${TERRAFORM_VERSION}_SHA256SUMS >terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \ - sha256sum -cs terraform_${TERRAFORM_VERSION}_SHA256SUMS_linux_amd64 && \ - unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /bin && \ - rm -f terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS* - -FROM alpine:latest as final -ARG TERRAFORM_VERSION=UNSPECIFIED - -LABEL "com.hashicorp.terraform.version"="${TERRAFORM_VERSION}" - -RUN apk add --no-cache git openssh - -COPY --from=build ["/bin/terraform", "/bin/terraform"] - -ENTRYPOINT ["/bin/terraform"] diff --git a/scripts/docker-release/README.md b/scripts/docker-release/README.md deleted file mode 100644 index afcdfe4b6..000000000 --- a/scripts/docker-release/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Terraform Docker Release Build - -This directory contains configuration to drive the docker image releases for -Terraform. - -Two different types of image are produced for each Terraform release: - -* A "light" image that includes just the release binary that should match - what's on releases.hashicorp.com. - -* A "full" image that contains all of the Terraform source code and a binary - built from that source. - -The latter can be produced for any arbitrary commit by running `docker build` -in the root of this repository. The former requires that the release archive -already be deployed on releases.hashicorp.com. - -## Build and Release - -The scripts in this directory are intended for running the steps to build, -tag, and push the two images for a tagged and released version of Terraform. -They expect to be run with git `HEAD` pointed at a release tag, whose name -is used to determine the version to build. The version number indicated -by the tag that `HEAD` is pointed at will be referred to below as -the _current version_. - -* `build.sh` builds locally both of the images for the current version. - This operates on the local docker daemon only, and produces tags that - include the current version number. - -* `tag.sh` updates the `latest`, `light` and `full` tags to refer to the - images for the current version, which must've been already produced by - an earlier run of `build.sh`. This operates on the local docker daemon - only. - -* `push.sh` pushes the current version tag and the `latest`, `light` and - `full` tags up to dockerhub for public consumption. This writes images - to dockerhub, and so it requires docker credentials that have access to - write into the `hashicorp/terraform` repository. - -### Releasing a new "latest" version - -In the common case where a release is going to be considered the new latest -stable version of Terraform, the helper script `release.sh` orchestrates -all of the necessary steps to release to dockerhub: - -``` -$ git checkout v0.10.0 -$ scripts/docker-release/release.sh -``` - -Behind the scenes this script is running `build.sh`, `tag.sh` and `push.sh` -as described above, with some extra confirmation steps to verify the -correctness of the build. - -This script is interactive and so isn't suitable for running in automation. -For automation, run the individual scripts directly. - -### Releasing a beta version or a patch to an earlier minor release - -The `release.sh` wrapper is not appropriate in two less common situations: - -* The version being released is a beta or other pre-release version, with - a version number like `v0.10.0-beta1` or `v0.10.0-rc1`. - -* The version being released belongs to a non-current minor release. For - example, if the current stable version is `v0.10.1` but the version - being released is `v0.9.14`. - -In both of these cases, only the specific version tag should be updated, -which can be done as follows: - -``` -$ git checkout v0.11.0-beta1 -$ scripts/docker-release/build.sh -$ docker push hashicorp/terraform:0.11.0-beta1 -``` diff --git a/scripts/docker-release/build.sh b/scripts/docker-release/build.sh deleted file mode 100755 index 8442e8a68..000000000 --- a/scripts/docker-release/build.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -# This script builds two docker images for the version referred to by the -# current git HEAD. -# -# After running this, run tag.sh if the images that are built should be -# tagged as the "latest" release. - -set -eu - -BASE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd "$BASE" - -if [ "$#" -eq 0 ]; then - # We assume that this is always running while git HEAD is pointed at a release - # tag or a branch that is pointed at the same commit as a release tag. If not, - # this will fail since we can't build a release image for a commit that hasn't - # actually been released. - VERSION="$(git describe)" -else - # This mode is here only to support release.sh, which ensures that the given - # version matches the current git tag. Running this script manually with - # an argument can't guarantee correct behavior since the "full" image - # will be built against the current work tree regardless of which version - # is selected. - VERSION="$1" -fi - -echo "-- Building release docker images for version $VERSION --" -echo "" -VERSION_SLUG="${VERSION#v}" - -docker build --no-cache "--build-arg=TERRAFORM_VERSION=${VERSION_SLUG}" -t hashicorp/terraform:${VERSION_SLUG} -f "Dockerfile-release" . -docker build --no-cache -t "hashicorp/terraform:${VERSION_SLUG}-full" ../../ diff --git a/scripts/docker-release/push.sh b/scripts/docker-release/push.sh deleted file mode 100755 index e65cd61bc..000000000 --- a/scripts/docker-release/push.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -# This script pushes the docker images for the given version of Terraform, -# along with the "light", "full" and "latest" tags, up to docker hub. -# -# You must already be logged in to docker using "docker login" before running -# this script. - -set -eu - -VERSION="$1" -VERSION_SLUG="${VERSION#v}" - -echo "-- Pushing tags $VERSION_SLUG, light, full and latest up to dockerhub --" -echo "" - -docker push "hashicorp/terraform:$VERSION_SLUG" -docker push "hashicorp/terraform:light" -docker push "hashicorp/terraform:full" -docker push "hashicorp/terraform:latest" diff --git a/scripts/docker-release/release.sh b/scripts/docker-release/release.sh deleted file mode 100755 index a297748df..000000000 --- a/scripts/docker-release/release.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env bash - -# This script is an interactive wrapper around the scripts build.sh, tag.sh -# and push.sh intended for use during official Terraform releases. -# -# This script should be used only when git HEAD is pointing at the release tag -# for what will become the new latest *stable* release, since it will update -# the "latest", "light", and "full" tags to refer to what was built. -# -# To release a specific version without updating the various symbolic tags, -# use build.sh directly and then manually push the single release tag it -# creates. This is appropriate both when publishing a beta version and if, -# for some reason, it's necessary to (re-)publish and older version. - -set -eu - -BASE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cd "$BASE" - -# We assume that this is always running while git HEAD is pointed at a release -# tag or a branch that is pointed at the same commit as a release tag. If not, -# this will fail since we can't build a release image for a commit that hasn't -# actually been released. -VERSION="$(git describe)" -VERSION_SLUG="${VERSION#v}" - -# Verify that the version is already deployed to releases.hashicorp.com. -if curl --output /dev/null --silent --head --fail "https://releases.hashicorp.com/terraform/${VERSION_SLUG}/terraform_${VERSION_SLUG}_SHA256SUMS"; then - echo "===== Docker image release for Terraform $VERSION =====" - echo "" -else - cat >&2 <&2 Aborting due to inconsistent version output. - exit 1 -fi -echo "" - -# Update the latest, light and full tags to point to the images we just built. -./tag.sh "$VERSION" - -# Last chance to bail out -echo "-- Prepare to Push --" -echo "" -echo "The following Terraform images are available locally:" -docker images --format "{{.ID}}\t{{.Tag}}" hashicorp/terraform -echo "" -read -p "Ready to push the tags $VERSION_SLUG, light, full, and latest up to dockerhub? " -n 1 -r -echo "" -if ! [[ $REPLY =~ ^[Yy]$ ]]; then - echo >&2 "Aborting because reply wasn't positive." - exit 1 -fi -echo "" - -# Actually upload the images -./push.sh "$VERSION" - -echo "" -echo "-- All done! --" -echo "" -echo "Confirm the release at https://hub.docker.com/r/hashicorp/terraform/tags/" -echo "" diff --git a/scripts/docker-release/releases_public_key b/scripts/docker-release/releases_public_key deleted file mode 100644 index 010c9271c..000000000 --- a/scripts/docker-release/releases_public_key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f -W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq -fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA -3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca -KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k -SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1 -cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG -CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n -Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i -SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi -psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w -sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO -klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW -WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9 -wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j -2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM -skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo -mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y -0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA -CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc -z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP -0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG -unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ -EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ -oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C -=LYpS ------END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/docker-release/tag.sh b/scripts/docker-release/tag.sh deleted file mode 100755 index 88bd95f73..000000000 --- a/scripts/docker-release/tag.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -# This script tags the version number given on the command line as being -# the "latest" on the local system only. -# -# The following tags are updated: -# - light (from the tag named after the version number) -# - full (from the tag named after the version number with "-full" appended) -# - latest (as an alias of light) -# -# Before running this the build.sh script must be run to actually create the -# images that this script will tag. -# -# After tagging, use push.sh to push the images to dockerhub. - -set -eu - -VERSION="$1" -VERSION_SLUG="${VERSION#v}" - -echo "-- Updating tags to point to version $VERSION --" -echo "" - -docker tag "hashicorp/terraform:${VERSION_SLUG}" "hashicorp/terraform:light" -docker tag "hashicorp/terraform:${VERSION_SLUG}" "hashicorp/terraform:latest" -docker tag "hashicorp/terraform:${VERSION_SLUG}-full" "hashicorp/terraform:full"