release process: split release.sh into two

This allows the add_cosigner workflow to be done before the website links to new binaries.
(so Emzy or other builders can try to reproduce builds and add signatures before new binaries are fully live)

contrib/release.sh

@@ -1,23 +1,19 @@
 #!/bin/bash
 #
-# This script, for the RELEASEMANAGER:
-# - builds and uploads all binaries,
+# This script is used for stage 1 of the release process. It operates exclusively on the airlock.
+# This script, for the RELEASEMANAGER (RM):
+# - builds and uploads all binaries to airlock,
 # - assumes all keys are available, and signs everything
 # This script, for other builders:
 # - builds all reproducible binaries,
-# - downloads binaries built by the release manager, compares and signs them,
+# - downloads binaries built by the release manager (from airlock), compares and signs them,
 # - and then uploads sigs
 # Note: the .dmg should be built separately beforehand and copied into dist/
 #       (as it is built on a separate machine)
 #
+#
 # env vars:
 # - ELECBUILD_NOCACHE: if set, forces rebuild of docker images
-# - WWW_DIR: path to "electrum-web" git clone
-#
-# additional env vars for the RELEASEMANAGER:
-# - for signing the version announcement file:
-#   - ELECTRUM_SIGNING_ADDRESS (required)
-#   - ELECTRUM_SIGNING_WALLET (required)
 #
 # "uploadserver" is set in /etc/hosts
 #
@@ -29,6 +25,20 @@
 # - update RELEASE-NOTES and version.py
 # - $ git tag -s $VERSION -m $VERSION
 #
+# -----
+# Then, typical release flow:
+# - RM runs release.sh
+# - Another SFTPUSER BUILDER runs `$ ./release.sh`
+# - now airlock contains new binaries and two sigs for each
+# - deploy.sh will verify sigs and move binaries across airlock
+# - new binaries are now publicly available on uploadserver, but not linked from website yet
+# - other BUILDERS can now also try to reproduce binaries and open PRs with sigs against spesmilo/electrum-signatures
+#   - these PRs can get merged as they come
+#   - run add_cosigner
+# - after some time, RM can run release_www.sh to create and commit website-update
+#   - then run WWW_DIR/publish.sh to update website
+# - at least two people need to run WWW_DIR/publish.sh
+#
 
 set -e
 
@@ -42,10 +52,6 @@ cd "$PROJECT_ROOT"
 # rm -rf dist/*
 # rm -f .buildozer
 
-if [ -z "$WWW_DIR" ] ; then
-    WWW_DIR=/opt/electrum-web
-fi
-
 GPGUSER=$1
 if [ -z "$GPGUSER" ]; then
     fail "usage: $0 gpg_username"
@@ -247,13 +253,6 @@ else
 
     cd "$PROJECT_ROOT"
 
-    info "updating www repo"
-    ./contrib/make_download $WWW_DIR
-    info "signing the version announcement file"
-    sig=$(./run_electrum -o signmessage $ELECTRUM_SIGNING_ADDRESS $VERSION -w $ELECTRUM_SIGNING_WALLET)
-    echo "{ \"version\":\"$VERSION\", \"signatures\":{ \"$ELECTRUM_SIGNING_ADDRESS\":\"$sig\"}}" > $WWW_DIR/version
-
-
     if [ $REV != $VERSION ]; then
         fail "versions differ, not uploading"
     fi
@@ -266,14 +265,10 @@ else
         touch dist/uploaded
     fi
 
-    # push changes to website repo
-    pushd $WWW_DIR
-    git diff
-    git commit -a -m "version $VERSION"
-    git push
-    popd
 fi
 
 
 info "release.sh finished successfully."
-info "now you should run WWW_DIR/publish.sh to sign the website commit and upload signature"
+info "After two people ran release.sh, the binaries will be publicly available on uploadserver."
+info "Then, we wait for additional signers, and run add_cosigner for them."
+info "Finally, release_www.sh needs to be run, for the website to be updated."