Files: 9767ce1efc3eae02e7a8e5931e95b98b238a36bd / verify-merge.py
3630 bytesRaw
1 | #!/usr/bin/env python3 |
2 | import argparse |
3 | import os |
4 | import subprocess |
5 | import glob |
6 | |
7 | GIT = os.getenv('GIT','git') |
8 | GPG = os.getenv('GPG','gpg') |
9 | |
10 | def verify(): |
11 | global args, workdir |
12 | os.chdir('gitian-pubkeys') |
13 | print('Importing pubkeys...') |
14 | keys = [f for f in glob.glob("*.asc", recursive=True)] |
15 | for key in keys: |
16 | subprocess.check_call([GPG, '--import', key]) |
17 | print('Refreshing pubkeys...') |
18 | subprocess.check_call([GPG, '--refresh']) |
19 | os.chdir('../../gitian-builder') |
20 | print('\nVerifying '+args.version+' Linux\n') |
21 | subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-linux', '../monero/contrib/gitian/gitian-linux.yml']) |
22 | print('\nVerifying '+args.version+' Windows\n') |
23 | subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-win', '../monero/contrib/gitian/gitian-win.yml']) |
24 | print('\nVerifying '+args.version+' MacOS\n') |
25 | subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx', '../monero/contrib/gitian/gitian-osx.yml']) |
26 | os.chdir(workdir) |
27 | |
28 | def main(): |
29 | host_repo = "git@github.com/monero-project/gitian.sigs" |
30 | global args, workdir |
31 | parser = argparse.ArgumentParser(usage='%(prog)s [options] version', description='Use this script before merging a pull request to the gitian.sigs repository and to verify the signature of existing gitian assert files and gitian assert files in specific pull requests') |
32 | parser.add_argument('-p', '--pull_id', dest='pull_id', help='Github Pull request id to check') |
33 | parser.add_argument('-r', '--remote', dest='remote', default='upstream', help='git remote repository') |
34 | parser.add_argument('-t', '--target_branch', dest='target_branch', default='master', help='Remote repository merge into branch') |
35 | parser.add_argument('-m', '--merge', action='store_true', dest='merge', help='Merge the given pull request id') |
36 | parser.add_argument('-o', '--no-verify', action='store_true', dest='no_verify', help='Do not run any signature verification') |
37 | parser.add_argument('-n', '--name', dest='name', help='username for pgp key verification') |
38 | parser.add_argument('version', help='Version number, commit, or branch to build.') |
39 | |
40 | args = parser.parse_args() |
41 | workdir = os.getcwd() |
42 | if args.pull_id != None: |
43 | # Get branch from remote pull request and compare |
44 | head_branch = args.pull_id+'_head' |
45 | |
46 | subprocess.check_call([GIT, 'fetch', args.remote]) |
47 | subprocess.check_call([GIT, 'checkout', args.remote+'/'+args.target_branch]) |
48 | subprocess.check_call([GIT, 'fetch','-q', args.remote, 'pull/'+args.pull_id+'/head:'+head_branch]) |
49 | subprocess.check_call([GIT, 'checkout', '-f', head_branch]) |
50 | if args.merge: |
51 | # Hard reset the target branch to the remote's state and merge the pull request's head branch into it |
52 | subprocess.check_call([GIT, 'checkout', args.target_branch]) |
53 | subprocess.check_call([GIT, 'reset', '--hard', args.remote + '/' + args.target_branch]) |
54 | print('Merging and signing pull request #' + args.pull_id + ' , if you are using a smartcard, confirm the signature now.') |
55 | subprocess.check_call([GIT, 'merge','-q', '--commit', '--no-edit', '-m', 'Merge pull request #'+args.pull_id+' into '+args.target_branch, '--no-ff', '--gpg-sign', head_branch]) |
56 | if not args.no_verify: |
57 | verify() |
58 | subprocess.check_call([GIT, 'checkout', 'master']) |
59 | subprocess.check_call([GIT, 'branch', '-D', head_branch]) |
60 | else: |
61 | verify() |
62 | |
63 | |
64 | if __name__ == '__main__': |
65 | main() |
66 |
Built with git-ssb-web