hexpm
diff --git a/‎RELEASE.md‎
Lines changed: 2 additions & 2 deletions b/‎RELEASE.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎scripts/publish_rebar.sh‎
Lines changed: 104 additions & 0 deletions b/‎scripts/publish_rebar.sh‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎scripts/release_hex.sh‎
Lines changed: 110 additions & 0 deletions b/‎scripts/release_hex.sh‎
Lines changed: 110 additions & 0 deletions
diff --git a/‎scripts/release.sh‎ ‎scripts/release_hex_old.sh‎scripts/release.sh renamed to scripts/release_hex_old.sh b/‎scripts/release.sh‎ ‎scripts/release_hex_old.sh‎scripts/release.sh renamed to scripts/release_hex_old.sh
diff --git a/‎scripts/release_rebar.sh‎ ‎scripts/release_rebar_old.sh‎scripts/release_rebar.sh renamed to scripts/release_rebar_old.sh b/‎scripts/release_rebar.sh‎ ‎scripts/release_rebar_old.sh‎scripts/release_rebar.sh renamed to scripts/release_rebar_old.sh
@@ -6,7 +6,7 @@ This document simply outlines the release process:
 
 2. Ensure CHANGELOG is updated and add current date
 
-3. Update the local `release.sh` with the Elixir and OTP versions Hex should be built against.
+3. Update the local `scripts/release_hex.sh` with the Elixir and OTP versions Hex should be built against.
 
 4. Commit changes above with title "Release vVERSION" and generate new tag
 
@@ -16,7 +16,7 @@ This document simply outlines the release process:
 
 7. Create GitHub release
 
-8. Run the `release.sh` script and set the path to the private key for Elixir `ELIXIR_PEM=path/to/elixir.pem ./release.sh VERSION` where `VERSION` is the Hex version being released without a `v` prefix
+8. Run the `scripts/release_hex.sh` script and set the path to the private key for Elixir `ELIXIR_PEM=path/to/elixir.pem ./scripts/release_hex.sh VERSION` where `VERSION` is the Hex version being released without a `v` prefix
 
 9. Purge "installs" key on Fastly dashboard
 
 
@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+# TODO: rename to scripts/release_rebar.sh. publish_rebar.sh is a temporary name for prettier git diff.
+
+# Usage:
+#
+#     $ ELIXIR_PEM=/path/to/elixir.pem \
+#        HEX_FASTLY_KEY=... \
+#        HEX_FASTLY_BUILDS_SERVICE_ID=... \
+#        release_rebar.sh
+#
+# Unless ELIXIR_PEM is set, nothing is uploaded. After running, can be locally tested:
+#
+#     $ (cd tmp && erl -S httpd)
+#     $ HEX_BUILDS_URL=http://localhost:8000 mix local.rebar --force
+
+set -e -u -o pipefail
+
+function main {
+  installs_dir="$PWD/tmp/installs"
+  rebar_csv="${installs_dir}/rebar.csv"
+
+  rm -rf "${installs_dir}"
+  mkdir "${installs_dir}"
+
+  # rebar.csv is always rebuilt from scratch. rebar builds are not reproducible, unfortunately.
+  touch "${rebar_csv}"
+
+  # UPDATE THIS FOR EVERY RELEASE
+  build 3.22.0 25.3.2.20 1.18.3 noble-20250404
+  build 3.22.0 26.2.5.11 1.18.3 noble-20250404
+
+  build 3.24.0 25.3.2.20 1.18.3 noble-20250404
+  build 3.24.0 26.2.5.11 1.18.3 noble-20250404
+  build 3.24.0 27.3.3    1.18.3 noble-20250404
+
+  if [ -n "${ELIXIR_PEM}" ]; then
+    openssl dgst -sha512 -sign "${ELIXIR_PEM}" "${rebar_csv}" | openssl base64 > "${rebar_csv}.signed"
+    cd $installs_dir
+    for path in $(find . -type f | sort); do
+      path="${path#./}"
+      echo "uploading ${path}..."
+      s3up "${path}" "${path}"
+    done
+
+    purge_key "${HEX_FASTLY_BUILDS_SERVICE_ID}" "installs"
+  else
+    echo "ELIXIR_PEM is empty, skipping"
+    exit 1
+  fi
+}
+
+# $1 = rebar version
+# $2 = erlang version
+# $3 = elixir version
+# $4 = ubuntu version
+function build {
+  rebar_version=$1
+  otp_version=$2
+  otp_release=${otp_version%%.*}
+  elixir_version=$3
+  ubuntu_version=$4
+
+  echo "Building ${rebar_version} ${otp_version} ${ubuntu_version}"
+  mkdir -p "${installs_dir}/${elixir_version}"
+  rebar="rebar3-${rebar_version}-otp-${otp_release}"
+
+  docker run -v "${installs_dir}/${elixir_version}":/installs hexpm/erlang:${otp_version}-ubuntu-${ubuntu_version} sh -c "\
+    apt update && apt -y install git && \
+    git clone https://github.com/erlang/rebar3.git -b ${rebar_version} && \
+    cd rebar3 && \
+    ./bootstrap && \
+    cp rebar3 /installs/$rebar
+    "
+
+  sha=$(shasum -a 512 "${installs_dir}/${elixir_version}/$rebar")
+  sha=($sha)
+  echo "${rebar_version},${sha},${elixir_version},${otp_release}" >> "${rebar_csv}"
+}
+
+# $1 = source
+# $2 = target
+function s3up {
+  aws s3 cp "${1}" "s3://s3.hex.pm/installs/${2}" --acl public-read --cache-control "public, max-age=604800" --metadata "surrogate-key=installs"
+}
+
+# $1 = source
+# $2 = target
+function s3down {
+  aws s3 cp "s3://s3.hex.pm/installs/${1}" "${2}"
+}
+
+# $1 = service
+# $2 = key
+function purge_key() {
+  curl \
+    --fail \
+    -X POST \
+    -H "Fastly-Key: ${HEX_FASTLY_KEY}" \
+    -H "Accept: application/json" \
+    -H "Content-Length: 0" \
+    "https://api.fastly.com/service/$1/purge/$2"
+}
+
+main $*
@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+
+# Usage:
+#
+#     $ ELIXIR_PEM=/path/to/elixir.pem \
+#       HEX_FASTLY_KEY=... \
+#       HEX_FASTLY_BUILDS_SERVICE_ID=... \
+#         release_hex.sh HEX_VERSION
+#
+# Unless ELIXIR_PEM is set, nothing is uploaded. After running, can be locally tested:
+#
+#     $ (cd tmp && erl -S httpd)
+#     $ HEX_BUILDS_URL=http://localhost:8000 mix local.hex --force
+
+set -e -u -o pipefail
+
+function main {
+  hex_version=$1
+  installs_dir="$PWD/tmp/installs"
+  hex_csv="${installs_dir}/hex.csv"
+
+  rm -rf "${installs_dir}"
+  mkdir "${installs_dir}"
+
+  s3down hex.csv "${hex_csv}"
+  touch "${hex_csv}"
+  sed -i.bak "/^${hex_version},/d" "${hex_csv}"
+
+  # UPDATE THIS FOR EVERY RELEASE
+  build ${hex_version} 25.3.2.20 1.18.3 1.18.0 noble-20250404
+  build ${hex_version} 26.2.5.11 1.18.3 1.18.0 noble-20250404
+  build ${hex_version} 27.3.3    1.18.3 1.18.0 noble-20250404
+
+  build ${hex_version} 25.3.2.20 1.17.3 1.17.0 noble-20250404
+  build ${hex_version} 26.2.5.11 1.17.3 1.17.0 noble-20250404
+  build ${hex_version} 27.3.3    1.17.3 1.17.0 noble-20250404
+
+  rm -rf _build
+  rm "${hex_csv}.bak"
+
+  if [ -n "${ELIXIR_PEM}" ]; then
+    openssl dgst -sha512 -sign "${ELIXIR_PEM}" "${hex_csv}" | openssl base64 > "${hex_csv}.signed"
+
+    cd $installs_dir
+    for path in $(find . -type f | sort); do
+      path="${path#./}"
+      echo "uploading ${path}..."
+      s3up "${path}" "${path}"
+    done
+
+    purge_key "${HEX_FASTLY_BUILDS_SERVICE_ID}" "installs"
+  else
+    echo "ELIXIR_PEM is empty, skipping"
+    exit 1
+  fi
+}
+
+# $1 = hex version
+# $2 = erlang version
+# $3 = elixir version
+# $4 = saved elixir version
+# $5 = ubuntu version
+function build {
+  hex_version=$1
+  otp_version=$2
+  otp_release=${otp_version%%.*}
+  elixir_version=$3
+  saved_elixir_version=$4
+  ubuntu_version=$5
+
+  echo "Building ${elixir_version} ${otp_version} ${ubuntu_version}"
+  rm -rf _build src/mix_safe_erl_term.erl
+  hex_ez=hex-${hex_version}-otp-${otp_release}.ez
+
+  mkdir -p "$installs_dir/${saved_elixir_version}"
+  docker run -v $(pwd):/hex hexpm/elixir:${elixir_version}-erlang-${otp_version}-ubuntu-${ubuntu_version} sh -c " \
+    cd /hex && \
+    MIX_ENV=prod mix archive.build -o ${hex_ez}"
+
+  mv "${hex_ez}" "${installs_dir}/${saved_elixir_version}/${hex_ez}"
+  sha=$(shasum -a 512 "${installs_dir}/${saved_elixir_version}/${hex_ez}")
+  sha=($sha)
+  echo "${hex_version},${sha},${saved_elixir_version},${otp_release}" >> "${hex_csv}"
+}
+
+# $1 = source
+# $2 = target
+function s3up {
+  aws s3 cp "${1}" "s3://s3.hex.pm/installs/${2}" --acl public-read --cache-control "public, max-age=604800" --metadata "surrogate-key=installs"
+}
+
+# $1 = source
+# $2 = target
+function s3down {
+  aws s3 cp "s3://s3.hex.pm/installs/${1}" "${2}"
+}
+
+# $1 = service
+# $2 = key
+function purge_key() {
+  curl \
+    --fail \
+    -X POST \
+    -H "Fastly-Key: ${HEX_FASTLY_KEY}" \
+    -H "Accept: application/json" \
+    -H "Content-Length: 0" \
+    "https://api.fastly.com/service/$1/purge/$2"
+}
+
+main $*