Add the new release checker script

[paul-elliott-arm]

This is the first working version of the release checker script, that was used to generate the 3.4.0 / 2.28.3 releases.

[minosgalanakis]

First round of reviews with several comments/improvements. I will be following up with a second round for more details on the code flow.

[minosgalanakis]

I would add a note to say what permissions are required for that token, especially with regards to checking out the restricted repository.

For example for a classic token we need

repo:status
Access commit status
repo_deployment
Access deployment status
public_repo
Access public repositories
repo:invite
Access repository invitations
security_events 

And possibly read:audit_log ?

I have not been able to make it work using the new limitted scope tokens.

[minosgalanakis]

Minor comment change for usability

mbedtls-release-checker.py -vv development.branch mbedtls.prev.release.tag backport.branch mbedtls.prev.lts.release.tag

The script is operating in hashes, and there should be a clear distinction between the mutable ( local branch hashes ) and immutable such as release tags.

[minosgalanakis]

The whole advantage of using the logging class is to do more advanced stuff than print out to stdout.

We should be configuring it to produce output to file

logging.basicConfig(filename='release_helper.log', encoding='utf-8', level=logging.DEBUG)

Optional arguments that could also be used:

• filemode="w" #or "a".
• stream=sys.stdout # This could make the next line obsolete since we set the streamhandler to stdout.

[minosgalanakis]

In the current form the script will produce almost no output unless there are Warning. And since there is no write to output file, it is not very user friendly.

I would propose we have the following options for logging.

• -v Verbose. for verbose logging which will enable the debug
• -s Silent. Only for warnings. Not a default but for more advanced users and intergration scripts.
• We set the info level as default

[minosgalanakis]

Why is that an either-or ? I would expect in most releases we will need to parse both main and restricted repo and calling the script two times. would it not be better to be able to cater for all combinations? (main repo only, restricted repo only, main and restricted in an invocation)

Ideally I would like something like that.

repositories = [MBEDTLS_MAIN_REPOSITORY] if args.main_repo else []
repositories  += [MBEDTLS_RESTRICTED_REPOSITORY] if args.restricted else []

for github_repo in repositories : 
    ... create discrete release classes

This assumes that we also revisit the arguments so the user can adjust the logic without editting the script.

This should also solve the first item from the todo list.

[minosgalanakis]

I would reword it or make it clear in the help section that this is an immutable ref tag.

Also this could have a default set by git describe --abbrev=0 origin/development

[minosgalanakis]

argparser is using ordereddict so the order of inclusion of the arguments here determines how the will be assigned when parsed.

For example using the syntax described in the docstring release-checker.py development-local mbedtls.prev.release mbedtls-lts mbedtls.prev.lts.release and printing the vars(args) I noticed that:

/mbedtls-release-checker.py -vv development-local mbedtls-3.4.1 mbedtls-2.28 v2.28.4
{'LTS_output': None,
 'LTS_range_end': 'mbedtls-3.4.1',
 'LTS_range_start': 'development-local',
 'dev_output': None,
 'dev_range_end': 'v2.28.4',
 'dev_range_start': 'mbedtls-2.28',
 'restricted': False,
 'verbose': False,
 'veryverbose': True}

Ideally I would adjust the order to be like like that mbedtls.prev.release - mbedtls.dev.branch - mbedtls.prev.lts.release - mbedtls.lts.branch

Also I would use the standard long and short notation for all arguments.
e.g.

def get_latest_tag(lts=False):
    """ Return the latest tags for release and lts releases """

    cmd = ["git","describe","--abbrev=0"]
    cmd += ["origin/mbedtls-2.28"] if lts else ["origin/development"]
    out = subprocess.check_output(cmd) # Add try/catch logic
    return out.decode('UTF-8').strip()

 parser.add_argument("-ltr", "--lts-release", default=get_latest_tag(lts=True), help="Tag pointing to the latest LTS release",`
 parser.add_argument("-ltb", "--lts-branch", default="mbedtls-2.28", help="Branch containing all the code to be included in the new release",

[minosgalanakis]

I would have predefined defaults for those files. This script takes a significant ammount and API calls to go through a run, that will do nothing in the current default configuration.

It would make more sense for the user to explicitly turn off output file generation.