add script to sign releases

This commit is contained in:
Sean Yesmunt 2020-01-28 18:10:45 -05:00
parent 7fcb8484e8
commit 7b5e7b312e
2 changed files with 158 additions and 1 deletions

155
build/signBuildFiles.js Normal file
View file

@ -0,0 +1,155 @@
const Octokit = require('@octokit/rest');
const octokit = new Octokit();
var wget = require('node-wget');
const fs = require('fs');
const path = require('path');
const { exec } = require('child_process');
const readline = require('readline');
// Global generated from cli prompt
let versionToSign;
// Why can't I do this with 'fs'? :/
function deleteFolderRecursive(path) {
if (fs.existsSync(path)) {
fs.readdirSync(path).forEach(function(file, index) {
var curPath = path + '/' + file;
if (fs.lstatSync(curPath).isDirectory()) {
// recurse
deleteFolderRecursive(curPath);
} else {
// delete file
fs.unlinkSync(curPath);
}
});
fs.rmdirSync(path);
}
}
// Initial setup
// Create a file to store the hashes (creates a new copy if one exists)
const downloadPath = path.resolve(__dirname, '../dist/releaseDownloads');
const fileToSign = path.resolve(downloadPath, '../hashes.txt');
fs.openSync(fileToSign, 'w');
if (!fs.existsSync(downloadPath)) {
fs.mkdirSync(downloadPath);
} else {
deleteFolderRecursive(downloadPath);
fs.mkdirSync(downloadPath);
}
//
// Below is the actual code that downloads, hashes, and signs the release
//
function cleanUpAfterSigning() {
fs.unlinkSync(fileToSign);
deleteFolderRecursive(downloadPath);
}
function signFile() {
console.log('Signing file with hashes using keybase...');
// All files are hashed and added to hashes.txt
// Sign it with keybase
const fileName = `LBRY_${versionToSign}_sigs.asc`;
const pathForSignedFile = path.resolve(__dirname, `../dist/${fileName}`);
exec(`keybase pgp sign -i ${fileToSign} -c -o ${pathForSignedFile}`, err => {
if (err) {
console.log('Error signing file with keybase');
}
cleanUpAfterSigning();
});
}
function hashFiles() {
console.log('Hashing assets downloaded from github...');
fs.readdir(downloadPath, function(err, items) {
if (err) {
console.log('Error signing files in ', downloadPath);
}
let count = 0;
for (var i = 0; i < items.length; i++) {
const file = items[i];
const filePath = path.resolve(__dirname, '../dist/releaseDownloads/', file);
exec(`sha256sum ${filePath}`, (err, stdout) => {
if (err) {
console.log('Error hashing ', filePath);
}
count += 1;
const hash = stdout.split(' ')[0];
const stringToAppend = `${hash} ${file}\n`;
fs.appendFileSync(fileToSign, stringToAppend);
if (count === items.length - 1) {
signFile();
}
});
}
});
}
let downloadCount = 0;
let fileCountToDownload;
function downloadFile(fileName, url) {
wget(
{
url: url,
dest: `${downloadPath}/`,
},
(error, response, body) => {
console.log(`Finished downloading `, fileName);
downloadCount += 1;
if (downloadCount === fileCountToDownload) {
hashFiles();
}
}
);
}
function downloadAssets() {
console.log('Downloading release assets...');
octokit.repos
.getReleaseByTag({
owner: 'lbryio',
repo: 'lbry-desktop',
tag: versionToSign,
})
.then(({ data }) => {
const release_id = data.id;
return octokit.repos.listAssetsForRelease({
owner: 'lbryio',
repo: 'lbry-desktop',
release_id,
});
})
.then(({ data }) => {
fileCountToDownload = data.length;
data
.map(({ browser_download_url, name }) => ({ download_url: browser_download_url, name }))
.forEach(({ name, download_url }) => {
const fileName = path.resolve(__dirname, `../dist/releaseDownloads/${name}`);
downloadFile(fileName, download_url);
});
})
.catch(error => console.log('Error downloading releases ', error));
}
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
});
rl.question('Version to sign: ', function(version) {
const tag = version.startsWith('v') ? version : `v${version}`;
versionToSign = tag;
downloadAssets();
});

View file

@ -44,6 +44,7 @@
"postinstall:warning": "echo '\n\nWARNING\n\nNot all node modules were installed because NODE_ENV is set to \"production\".\nThis should only be set after installing dependencies with \"yarn\". The app will not work.\n\n'"
},
"dependencies": {
"@octokit/rest": "^16.40.0",
"auto-launch": "^5.0.5",
"electron-dl": "^1.11.0",
"electron-log": "^2.2.12",
@ -51,7 +52,8 @@
"electron-updater": "^4.1.2",
"express": "^4.17.1",
"if-env": "^1.0.4",
"keytar": "^4.4.1"
"keytar": "^4.4.1",
"node-wget": "^0.4.3"
},
"devDependencies": {
"@babel/core": "^7.0.0",