Merge branch 'deploy'

.gitignore

@@ -9,3 +9,8 @@ packages
 pubspec.lock
 /benchmark/source
 node_modules/
+
+# These are downloaded as part of Travis builds, so we need to gitignore them to
+# make sure they aren't deployed when we "pub lish".
+/dart-sdk
+/dart.zip

.travis.yml

@@ -24,7 +24,7 @@ rvm:
 
 # Only building master means that we don't run two builds for each pull request.
 branches:
-  only: [master, /^feature\..*/]
+  only: [master, "/^feature\\..*/", "/^\\d+\\.\\d+\\.\\d+([+-].*)?$/"]
 
 cache:
   directories:
@@ -91,31 +91,24 @@ script:
 jobs:
   include:
     - stage: deploy
-      if: type = push AND repo = sass/dart-sass AND branch = master AND tag =~ ^\d+\.\d+\.\d+([+-].*)?$
+      if: (type in (push, api)) AND (repo = sass/dart-sass) AND (tag =~ ^\d+\.\d+\.\d+([+-].*)?$)
+      env: DART_CHANNEL=dev DART_VERSION=latest
       script: skip # Don't run tests
 
-      before_deploy:
-      - rm -rf build/
-      - pub run grinder package npm_package
-      - export files_for_github=$(ls build/dart-sass-*)
-
       deploy:
-        # Deploy standalone archives to GitHub releases.
-        - provider: releases
-          api_key:
-            secure: qD09TCT4wbFlmF0Kglo+Rl8S5YfqHaUpNYMKdHX8mXIznN0txjCTTLvCzqLV7hfXlybUBkSHecZ7lW27MK3gGq0cMotF+2/iC6r8Y0XenndBDZn4fkuK5k9ROwZ8fdxst8/iSXLcg575p16iMCuEDeexOaZXl6fioL0+RNfiTgkm1cH/eP/M6qzrjwf2X3tlJ/2FECgYzwSBJFlcHiIfyDNAgH5CO+ghUVO+D3ms6l5RPN25+uh0ihRmWj+rIeZc15IQyFQ0hFQDxc3WpQBTGReDmvk/6Lo3dn0IdANbT12hOvqp9/r9fOn1UjljPkIjXXarrs7QDOjD7oeisEQn2CY8M0LLu9wQIBvpQxu1G7V+y4D+1hsIzgVfck8+Wz96Qlg0Alq/LJQN+G0BxP4QnPjs/Yi+iMANTnrqrl+9rfAcfOkvGthFFvrYKYvLOtvObd1PnCOJNC8pG3PeI8Rm5v5PLb+5Sphz2tpPIOR/xpV4Qe4HRzuU9WQkwOiBXDOZxS82sdN5pIJQssGSBW9tPpBuI20khfrZHpVeoqN1zb8/uZnWFdsHxd7keWGfJD4OQsQAiEqnSnKoyyGPh/iUeQfRqnIt00gJCcwkUpSHWTihFqAAgwdOtIU9WyhDf7QMV0tsNERF6c1FRUhAO6Hw2Lzz6iTLdFR98Un24lszk6s=
-          file: "${files_for_github}"
-          skip_cleanup: true
-
-          # This is redundant with the "if" clause above, but according to
-          # https://github.com/travis-ci/beta-features/issues/28#issuecomment-358705563
-          # "if" resolution isn't totally solid yet.
-          on: &deploy_on
-            repo: sass/dart-sass
-            tags: true
-
-        # Deploy to npm, pub, and Homebrew.
+        # Deploy to GitHub, npm, pub, and Homebrew.
         # TODO: Deploy to Chocolatey as well.
-        - provider: script
-          script: tool/deploy.sh
-          on: *deploy_on
+        provider: script
+        script: tool/deploy.sh
+
+        # This causes the deploy to only be build when a tag is pushed. This
+        # is because the `tag` attribute in `if:` statements has a different
+        # understanding of the "current tag" than this, which uses the
+        # `TRAVIS_TAG` environment variable. `if:` statements check whether a
+        # tag exists that refers to the current commit, whereas `TRAVIS_TAG`
+        # checks whether the current build was caused by a tag.
+        #
+        # We check `if:` because it avoids unnecessary build steps, and
+        # `on: {tags: true}` ensures that we only deploy on the build caused
+        # by pushing a tag, not the build caused by pushing master.
+        on: {tags: true}

CHANGELOG.md

@@ -1,8 +1,8 @@
-## 1.0.0-beta.6
+## 1.0.0-beta.5.2
 
 * Fix a bug where some colors would crash `compressed` mode.
 
-## 1.0.0-beta.5
+## 1.0.0-beta.5.1
 
 * Add a `compressed` output style.
 

pubspec.yaml

@@ -1,5 +1,5 @@
 name: sass
-version: 1.0.0-dev
+version: 1.0.0-beta.5.2
 description: A Sass implementation in Dart.
 author: Dart Team <misc@dartlang.org>
 homepage: https://github.com/sass/dart-sass

tool/deploy.sh

@@ -3,18 +3,41 @@
 # license that can be found in the LICENSE file or at
 # https://opensource.org/licenses/MIT.
 
-openssl aes-256-cbc -K $encrypted_d18df560dfb2_key -iv $encrypted_d18df560dfb2_iv \
-        -in tool/encrypted/npmrc.enc -out ~/.npmrc -d
-npm publish build/npm
-npm publish build/npm-old
+openssl aes-256-cbc -K $encrypted_d18df560dfb2_key -iv $encrypted_d18df560dfb2_iv -in tool/encrypted/credentials.tar.enc \
+    -out credentials.tar -d
 
 mkdir -p ~/.pub-cache
-openssl aes-256-cbc -K $encrypted_d18df560dfb2_key -iv $encrypted_d18df560dfb2_iv \
-        -in tool/encrypted/pub-credentials.json.enc -out ~/.pub-cache/credentials.json -d
-pub lish
+tar xfO credentials.tar npm > ~/.npmrc
+tar xfO credentials.tar pub > ~/.pub-cache/credentials.json
+tar xfO credentials.tar git > ~/.npmrc
 
-openssl aes-256-cbc -K $encrypted_d18df560dfb2_key -iv $encrypted_d18df560dfb2_iv \
-        -in tool/encrypted/git-credentials.enc -out ~/.git-credentials -d
+function travis_cmd() {
+  echo "\$ $@"
+  "$@"
+}
+
+travis_fold() {
+  local action=$1
+  local name=$2
+  echo -en "travis_fold:${action}:${name}\r"
+}
+
+travis_fold start github
+travis_cmd pub run grinder github_release
+travis_fold end github
+
+travis_fold start npm
+travis_cmd pub run grinder npm_package
+travis_cmd npm publish build/npm
+travis_cmd npm publish build/npm-old
+travis_fold end npm
+
+travis_fold start pub
+travis_cmd pub lish --force
+travis_fold end pub
+
+travis_fold start homebrew
 git config --local user.name "Natalie Weizenbaum"
 git config --local user.email "nweiz@google.com"
-pub run grinder update-homebrew
+travis_cmd pub run grinder update_homebrew
+travis_fold end homebrew

tool/encrypted/npmrc.enc

@@ -1 +1 @@
-c©²iÑPþßúÚ‹g«¿°³^öa²5øì˧ApŠçÿÒ!
~å¦f\ྉ.ô<>ðú\‡Žu%«þÁºcD¿°U4†Æ)O
+~Í<>^M¨Ê·<C38A>Ž:˯ï2<9M›£_<C2A3>ÆÖj¶ 'VÕêœaøÀ2áœNúuh¿ÂNªÅOß!ªœø*}ªÞ†ã#xŽe<C5BD>®\c›9<E280BA>²

tool/grind.dart

@@ -15,6 +15,7 @@ import 'package:http/http.dart' as http;
 import 'package:node_preamble/preamble.dart' as preamble;
 import 'package:pub_semver/pub_semver.dart';
 import 'package:source_span/source_span.dart';
+import 'package:string_scanner/string_scanner.dart';
 import 'package:xml/xml.dart' as xml;
 import 'package:yaml/yaml.dart';
 
@@ -459,3 +460,118 @@ update_homebrew() async {
   await runAsync("git",
       arguments: ["push"], workingDirectory: "build/homebrew-sass");
 }
+
+@Task('Release the current version as to GitHub.')
+@Depends(package)
+github_release() async {
+  var authorization = _loadAuthorization();
+
+  // We don't explicitly authenticate here, we just rely on Travis's .netrc.
+  var client = new http.Client();
+  var response = await client.post(
+      "https://api.github.com/repos/sass/dart-sass/releases",
+      headers: {
+        "content-type": "application/json",
+        "authorization": authorization
+      },
+      body: JSON.encode({
+        "tag_name": _version,
+        "name": "Dart Sass $_version",
+        "prerelease": new Version.parse(_version).isPreRelease,
+        "body": _lastChangelogSection()
+      }));
+
+  if (response.statusCode != 201) {
+    fail("${response.statusCode} error creating release:\n${response.body}");
+  } else {
+    log("Released Dart Sass $_version.");
+  }
+
+  var uploadUrl = JSON
+      .decode(response.body)["upload_url"]
+      // Remove the URL template.
+      .replaceFirst(new RegExp(r"\{[^}]+\}$"), "");
+
+  await Future.wait(["linux", "macos", "windows"].expand((os) {
+    return ["ia32", "x64"].map((architecture) async {
+      var format = os == "windows" ? "zip" : "tar.gz";
+      var package = "dart-sass-$_version-$os-$architecture.$format";
+      var response = await http.post("$uploadUrl?name=$package",
+          headers: {
+            "content-type":
+                os == "windows" ? "application/zip" : "application/gzip",
+            "authorization": authorization
+          },
+          body: new File(p.join("build", package)).readAsBytesSync());
+
+      if (response.statusCode != 201) {
+        fail("${response.statusCode} error uploading $package:\n"
+            "${response.body}");
+      } else {
+        log("Uploaded $package.");
+      }
+    });
+  }));
+
+  client.close();
+}
+
+/// A regular expression that matches a Markdown code block.
+final _codeBlock = new RegExp(" *```");
+
+/// Returns the most recent section in the CHANGELOG, reformatted to remove line
+/// breaks that will show up on GitHub.
+String _lastChangelogSection() {
+  var scanner = new StringScanner(new File("CHANGELOG.md").readAsStringSync(),
+      sourceUrl: "CHANGELOG.md");
+
+  // Scans the remainder of the current line and returns it. This consumes the
+  // trailing newline but doesn't return it.
+  String scanLine() {
+    var start = scanner.position;
+    while (scanner.readChar() != $lf) {}
+    return scanner.substring(start, scanner.position - 1);
+  }
+
+  scanner.expect("## $_version\n");
+
+  var buffer = new StringBuffer();
+  while (!scanner.isDone && !scanner.matches("## ")) {
+    if (scanner.matches(_codeBlock)) {
+      do {
+        buffer.writeln(scanLine());
+      } while (!scanner.matches(_codeBlock));
+      buffer.writeln(scanLine());
+    } else if (scanner.matches(new RegExp(" *\n"))) {
+      buffer.writeln();
+      buffer.writeln(scanLine());
+    } else if (scanner.matches(new RegExp(r" *([*-]|\d+\.)"))) {
+      buffer.write(scanLine());
+      buffer.writeCharCode($space);
+    } else {
+      buffer.write(scanLine());
+      buffer.writeCharCode($space);
+    }
+  }
+
+  return buffer.toString().trim();
+}
+
+/// A regular expression to match the api.github.com entry in a .netrc file.
+final _netrcRegExp = new RegExp(r"(?:^|\n) *machine api\.github\.com"
+    r"\n *login (.*)"
+    r"\n *password (.*)(?:\n|$)");
+
+/// Loads an HTTP basic authentication authorization header from the user's
+/// .netrc file.
+String _loadAuthorization() {
+  var netrc = new File(p.join(Platform.environment["HOME"], ".netrc"));
+  if (!netrc.existsSync()) fail("~/.netrc file not found.");
+
+  var match = _netrcRegExp.firstMatch(netrc.readAsStringSync());
+  if (match == null) {
+    fail(".netrc file didn't contain an entry for api.github.com.");
+  }
+
+  return "Basic ${BASE64.encode(UTF8.encode("${match[1]}:${match[2]}"))}";
+}