generate airgap dependencies on 1.3.2

BrightSpots · Jan 26, 2024 · 5c18004 · 5c18004
1 parent 0eacbb4
commit 5c18004
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 0 deletions.
diff --git a/.github/actions/zip/action.yml b/.github/actions/zip/action.yml
@@ -0,0 +1,30 @@
+name: "Create zip of a directory"
+description: "Cross-platform helper: creates SHA512"
+
+inputs:
+  input:
+    description: "The input file path"
+    required: true
+  command:
+    description: "The command to run first"
+    required: true
+  zipFilename:
+    description: "The output file name"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Run pre-command"
+      shell: bash
+      run: ${{ inputs.command }}
+
+    - name: "Generate zip for Linux"
+      if: runner.os == 'Linux' || runner.os == 'MacOS'
+      shell: bash
+      run: zip -r ${{inputs.zipFilename}} ${{inputs.input}}
+
+    - name: "Generate zip for Windows"
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: Compress-Archive -Path ${{inputs.input}} -Destination ${{inputs.zipFilename}}
diff --git a/.github/workflows/generate-dependency-hashes.sh b/.github/workflows/generate-dependency-hashes.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Generates a CSV of checksums for all maven dependencies in the global cache
+# Including their actual SHA 256, and where to verify that online
+# Usage: ./generate-dependency-hashes.sh <OS: Windows, MacOS, or Linux>
+set -e
+
+os=$1
+
+parentPath=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+
+echo "Filename, SHA-1 Checksum, SHA-256 Checksum, Maven Dependency URL, Direct URL to SHA-1, Direct URL to SHA-256"
+cd ~/.gradle/caches/modules-2/files-2.1
+for filename in $(find  * -type f); do
+    # filename is of format, with dot-separated org:
+    # <org>/<dependency-name>/<version>/<sha-1>/<dependency-name>-<version>.<ext>
+    # friendly URL is of format, with dot-separated org:
+    # https://mvnrepository.com/artifact/<org>/<dependency-name>/<version>
+    # direct-to-SHA URL is of format, with slash-separated org:
+    # https://repo1.maven.org/maven2/<org>/<dependency-name>/<version>/<dependency-name>-<version>.<ext>.sha256
+    dotSeparatedOrg=$(echo $filename | cut -f1 -d/)
+    dependencyName=$(echo $filename | cut -f2 -d/)
+    version=$(echo $filename | cut -f3 -d/)
+    ext=${filename#*.}
+    slashSeparatedOrg=$(echo $dotSeparatedOrg | tr "." "/")
+    friendlyurl="https://mvnrepository.com/artifact/$dotSeparatedOrg/$dependencyName/$version"
+    directUrl="https://repo1.maven.org/maven2/$slashSeparatedOrg/$dependencyName/$version/$dependencyName-$version.$ext"
+    directUrlToSha1="$directUrl.sha1"
+    directUrlToSha256="$directUrl.sha256"
+    sha1=$($parentPath/sha.sh $filename $os 1)
+    sha256=$($parentPath/sha.sh $filename $os 256)
+    echo "$filename,$sha1,$sha256,$friendlyurl,$directUrlToSha1,$directUrlToSha256"
+done
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,6 +3,9 @@ name: Build Releases
 on:
   release:
     types: [published]
+  push:
+    branches:
+      - 'feature/airgap-on-1.3.2'
 
 jobs:
   release:
@@ -46,13 +49,36 @@ jobs:
         if: runner.os == 'macOS'
         run: openssl dgst -sha512 > ${{ steps.fn.outputs.FILENAME }}.sha512
 
+      - name: "Create caches filename"
+        id: cachefn
+        shell: bash
+        run: |
+          echo "FILEPATH=${{ steps.basefn.outputs.FILEPATH }}.cache.zip" >> $GITHUB_OUTPUT
+      - name: "Generate SHA1 and SHA256 for each maven dependency"
+        shell: bash
+        run: ./.github/workflows/generate-dependency-hashes.sh ${{ runner.os }} >> ~/.gradle/caches/checksums.csv
+
+      - name: "Create dependency zip"
+        uses: ./.github/actions/zip
+        with:
+          # Build, then remove all non-essential files
+          command: ./gradlew assemble && ./gradlew --stop
+          input: "~/.gradle/caches"
+          zipFilename: ${{steps.cachefn.outputs.FILEPATH}}
+
+      - name: "Generate SHA512 for plugins cache"
+        shell: bash
+        run: ./.github/workflows/sha.sh ${{steps.cachefn.outputs.FILEPATH}} ${{ runner.os }} 512
+
       - uses: actions/upload-artifact@v3
         with:
           name: Package
           if-no-files-found: error
           path: |
             ${{ github.workspace }}/${{ steps.fn.outputs.FILENAME }}
             ${{ github.workspace }}/${{ steps.fn.outputs.FILENAME }}.sha512
+            ${{ github.workspace }}/${{steps.cachefn.outputs.FILEPATH}}
+            ${{ github.workspace }}/${{steps.cachefn.outputs.FILEPATH}}.sha512
           retention-days: 90
 
       - name: "Upload binaries to release"

diff --git a/.github/workflows/sha.sh b/.github/workflows/sha.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+# Cross-platform SHA generation
+# Usage: ./sha.sh <filename> <OS: Windows, MacOS, or Linux> <sha version: 1, 256, or 512>
+
+set -e
+
+filename=$1
+os=$2
+a=$3
+
+
+if [ $os == 'Windows' ]; then
+    echo $(certutil -hashfile $filename SHA$a | sed -n 2p)
+elif [ $os == 'Linux' ]; then
+    echo $(sha${a}sum $filename | cut -f1 -d" ")
+else
+    echo $(shasum -a $a $filename | cut -f1 -d" ")
+fi