system-config/modules/jenkins/files/slave_scripts/pypi-upload.sh

#!/bin/bash -xe
#
# Copyright 2012 Hewlett-Packard Development Company, L.P.
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Retrieve a python sdist and upload it to pypi with Curl.

PROJECT=$1
TARBALL_SITE=$2
TAG=`echo $ZUUL_REF | sed 's/^refs.tags.//'`

# Look in the setup.cfg to determine if a package name is specified, but
# fall back on the project name if necessary
DISTNAME=`/usr/local/jenkins/slave_scripts/pypi-extract-name.py \
    || echo $PROJECT`
FILENAME="$DISTNAME-$TAG.tar.gz"

rm -rf *tar.gz
curl --fail -o $FILENAME http://$TARBALL_SITE/$PROJECT/$FILENAME

# Make sure we actually got a gzipped file
file -b $FILENAME | grep gzip

MD5_DIGEST=`md5sum ${FILENAME} | cut -d' ' -f1`

/usr/local/jenkins/slave_scripts/pypi-extract-metadata.py $FILENAME metadata.curl

# Turn off xtrace and mute curl, since under some circumstances API
# errors may leak authentication credentials
set +x
curl --config /home/jenkins/.pypicurl \
     --config metadata.curl \
     -F "filetype=sdist" \
     -F "content=@${FILENAME};filename=${FILENAME}" \
     -F ":action=file_upload" \
     -F "protocol_version=1" \
     -F "name=${DISTNAME}" \
     -F "version=${TAG}" \
     -F "md5_digest=${MD5_DIGEST}" \
     https://pypi.python.org/pypi > /dev/null 2>&1
Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`#!/bin/bash -xe`
Push PKG-INFO metadata to pypi. Add a mini python script to make sense of the PKG-INFO files in sdists and output a curl config file to insert these values into the POSTed form. Requires the pkginfo python package. Add Apache2 license headers to the new files as well. Change-Id: I9b4b8dd17a26da181d9f4ee833f1ef1106fbe12d Reviewed-on: https://review.openstack.org/16501 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins 2012-11-19 17:10:35 -08:00			`#`
Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`# Copyright 2012 Hewlett-Packard Development Company, L.P.`
			`# Copyright 2013 OpenStack Foundation`
Push PKG-INFO metadata to pypi. Add a mini python script to make sense of the PKG-INFO files in sdists and output a curl config file to insert these values into the POSTed form. Requires the pkginfo python package. Add Apache2 license headers to the new files as well. Change-Id: I9b4b8dd17a26da181d9f4ee833f1ef1106fbe12d Reviewed-on: https://review.openstack.org/16501 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins 2012-11-19 17:10:35 -08:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`# not use this file except in compliance with the License. You may obtain`
			`# a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`# License for the specific language governing permissions and limitations`
			`# under the License.`
			`#`
Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`# Retrieve a python sdist and upload it to pypi with Curl.`
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins 2012-11-16 13:16:26 -08:00
			`PROJECT=$1`
Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`TARBALL_SITE=$2`
			TAG=`echo $ZUUL_REF \| sed 's/^refs.tags.//'`

			`# Look in the setup.cfg to determine if a package name is specified, but`
			`# fall back on the project name if necessary`
			DISTNAME=`/usr/local/jenkins/slave_scripts/pypi-extract-name.py \
			\|\| echo $PROJECT`
			`FILENAME="$DISTNAME-$TAG.tar.gz"`

			`rm -rf *tar.gz`
			`curl --fail -o $FILENAME http://$TARBALL_SITE/$PROJECT/$FILENAME`

			`# Make sure we actually got a gzipped file`
			`file -b $FILENAME \| grep gzip`
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins 2012-11-16 13:16:26 -08:00
			MD5_DIGEST=`md5sum ${FILENAME} \| cut -d' ' -f1`

Push PKG-INFO metadata to pypi. Add a mini python script to make sense of the PKG-INFO files in sdists and output a curl config file to insert these values into the POSTed form. Requires the pkginfo python package. Add Apache2 license headers to the new files as well. Change-Id: I9b4b8dd17a26da181d9f4ee833f1ef1106fbe12d Reviewed-on: https://review.openstack.org/16501 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins 2012-11-19 17:10:35 -08:00			`/usr/local/jenkins/slave_scripts/pypi-extract-metadata.py $FILENAME metadata.curl`

Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`# Turn off xtrace and mute curl, since under some circumstances API`
			`# errors may leak authentication credentials`
			`set +x`
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins 2012-11-16 13:16:26 -08:00			`curl --config /home/jenkins/.pypicurl \`
Push PKG-INFO metadata to pypi. Add a mini python script to make sense of the PKG-INFO files in sdists and output a curl config file to insert these values into the POSTed form. Requires the pkginfo python package. Add Apache2 license headers to the new files as well. Change-Id: I9b4b8dd17a26da181d9f4ee833f1ef1106fbe12d Reviewed-on: https://review.openstack.org/16501 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins 2012-11-19 17:10:35 -08:00			`--config metadata.curl \`
Correct pypi upload form and copy artifact source The file type form entry is 'filetype' not 'file_type'. Correct that in pypi-upload.sh. The artifact to copy is 'dist/project.tar.gz' not 'project.tar.gz'. Correct that in pypi-jobs.yaml. Also cd into the dist dir that will be created before attempting to copy the sdist out of that dir. Change-Id: Ifa27e683c162f5acfc5136d0729be42af9b4ca41 Reviewed-on: https://review.openstack.org/16493 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins 2012-11-19 15:17:14 -08:00			`-F "filetype=sdist" \`
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins 2012-11-16 13:16:26 -08:00			`-F "content=@${FILENAME};filename=${FILENAME}" \`
			`-F ":action=file_upload" \`
			`-F "protocol_version=1" \`
Determine the package name when uploading to PyPI * modules/jenkins/files/slave_scripts/pypi-extract-name.py: Short new script to safely parse the sdist package name out of a setup.cfg file. * modules/jenkins/files/slave_scripts/pypi-upload.sh: Subsume the guts of the first shell builder from the pypi-upload job, extended to call pypi-extract-name.py and fall back to the name of the Git project if it fails--this is needed for cases where those names differ, for example in capitalization. * .../jenkins_job_builder/config/pypi-jobs.yaml: Clone and checkout the Git tag which triggered this upload to PyPI, and then only call the modified pypi-upload.sh script since it should now analyze the state of the setup.cfg to determine how to retrieve the corresponding tarball. Change-Id: I43843e6e74b918e9c68f4b27958ec605774668ff 2013-09-16 18:59:46 +00:00			`-F "name=${DISTNAME}" \`
			`-F "version=${TAG}" \`
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins 2012-11-16 13:16:26 -08:00			`-F "md5_digest=${MD5_DIGEST}" \`
Use ssl for PyPI uploads Change-Id: I7f371133931d142b0141a3ca7e35558731a81e79 2013-07-12 18:32:34 -04:00			`https://pypi.python.org/pypi > /dev/null 2>&1`