Add back in pgp signing for maven publish

Because we need it
SeleniumHQ · Apr 18, 2017 · cf0fbde · cf0fbde
1 parent e0fe873
commit cf0fbde
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 18 deletions.
diff --git a/src/com/facebook/buck/cli/PublishCommand.java b/src/com/facebook/buck/cli/PublishCommand.java
@@ -102,6 +102,10 @@ public class PublishCommand extends BuildCommand {
   @Nullable
   private String password = null;
 
+  @Option(
+      name = "--signing-passphrase",
+      usage = "Passphrase to use for signing published artifacts")
+  private String pgpPassphrase;
 
   @Override
   public int runWithoutHelp(CommandRunnerParams params) throws IOException, InterruptedException {
@@ -126,7 +130,7 @@ public int runWithoutHelp(CommandRunnerParams params) throws IOException, Interr
 
   private boolean publishTargets(
       ImmutableList<BuildTarget> buildTargets,
-      CommandRunnerParams params) {
+      CommandRunnerParams params) throws InterruptedException {
     ImmutableSet.Builder<MavenPublishable> publishables = ImmutableSet.builder();
     boolean success = true;
     for (BuildTarget buildTarget : buildTargets) {
@@ -163,6 +167,7 @@ private boolean publishTargets(
         Optional.ofNullable(remoteRepo),
         Optional.ofNullable(username),
         Optional.ofNullable(password),
+        Optional.ofNullable(pgpPassphrase),
         dryRun);
 
     try {

diff --git a/src/com/facebook/buck/maven/BUCK b/src/com/facebook/buck/maven/BUCK
@@ -28,6 +28,8 @@ java_library(
         "//src/com/facebook/buck/log:api",
         "//src/com/facebook/buck/model:model",
         "//src/com/facebook/buck/rules:build_rule",
+        "//src/com/facebook/buck/util:exceptions",
+        "//src/com/facebook/buck/util:process_executor",
         "//src/com/facebook/buck/util:util",
         "//src/com/facebook/buck/util/concurrent:concurrent",
         "//third-party/java/args4j:args4j",

diff --git a/src/com/facebook/buck/maven/Publisher.java b/src/com/facebook/buck/maven/Publisher.java
@@ -22,6 +22,13 @@
 import com.facebook.buck.model.UnflavoredBuildTarget;
 import com.facebook.buck.rules.BuildRule;
 import com.facebook.buck.rules.SourcePathResolver;
+import com.facebook.buck.util.Ansi;
+import com.facebook.buck.util.Console;
+import com.facebook.buck.util.DefaultProcessExecutor;
+import com.facebook.buck.util.HumanReadableException;
+import com.facebook.buck.util.ProcessExecutor;
+import com.facebook.buck.util.ProcessExecutorParams;
+import com.facebook.buck.util.Verbosity;
 import com.google.common.base.Joiner;
 import com.google.common.base.Preconditions;
 import com.google.common.base.StandardSystemProperty;
@@ -45,8 +52,10 @@
 import org.eclipse.aether.spi.locator.ServiceLocator;
 import org.eclipse.aether.util.artifact.SubArtifact;
 
+import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
+import java.io.PrintStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.file.Path;
@@ -68,20 +77,12 @@ public class Publisher {
   }
   private static final Logger LOG = Logger.get(Publisher.class);
 
+  private final Optional<String> pgpPassphrase;
   private final ServiceLocator locator;
   private final LocalRepository localRepo;
   private final RemoteRepository remoteRepo;
   private final boolean dryRun;
 
-  public Publisher(
-      ProjectFilesystem repositoryFilesystem,
-      Optional<URL> remoteRepoUrl,
-      Optional<String> username,
-      Optional<String> password,
-      boolean dryRun) {
-    this(repositoryFilesystem.getRootPath(), remoteRepoUrl, username, password, dryRun);
-  }
-
   /**
    * @param localRepoPath Typically obtained as
    *                      {@link com.facebook.buck.io.ProjectFilesystem#getRootPath}
@@ -90,23 +91,25 @@ public Publisher(
    *               constructed {@link DeployRequest}. No actual publishing will happen
    */
   public Publisher(
-      Path localRepoPath,
+      ProjectFilesystem localRepoPath,
       Optional<URL> remoteRepoUrl,
       Optional<String> username,
       Optional<String> password,
+      Optional<String> pgpPassphrase,
       boolean dryRun) {
-    this.localRepo = new LocalRepository(localRepoPath.toFile());
+    this.localRepo = new LocalRepository(localRepoPath.getRootPath().toFile());
     this.remoteRepo = AetherUtil.toRemoteRepository(
         remoteRepoUrl.orElse(MAVEN_CENTRAL),
         username,
         password);
+    this.pgpPassphrase = pgpPassphrase;
     this.locator = AetherUtil.initServiceLocator();
     this.dryRun = dryRun;
   }
 
   public ImmutableSet<DeployResult> publish(
       SourcePathResolver pathResolver,
-      ImmutableSet<MavenPublishable> publishables) throws DeploymentException {
+      ImmutableSet<MavenPublishable> publishables) throws DeploymentException, InterruptedException {
     ImmutableListMultimap<UnflavoredBuildTarget, UnflavoredBuildTarget> duplicateBuiltinBuileRules =
         checkForDuplicatePackagedDeps(publishables);
     if (duplicateBuiltinBuileRules.size() > 0) {
@@ -198,7 +201,7 @@ public DeployResult publish(
       String artifactId,
       String version,
       List<File> toPublish)
-      throws DeploymentException {
+      throws DeploymentException, InterruptedException {
     return publish(new DefaultArtifact(groupId, artifactId, "", version), toPublish);
   }
 
@@ -211,7 +214,7 @@ public DeployResult publish(
    *                  extension of each given file will be used as a maven "extension" coordinate
    */
   public DeployResult publish(Artifact descriptor, List<File> toPublish)
-      throws DeploymentException {
+      throws DeploymentException, InterruptedException {
     String providedExtension = descriptor.getExtension();
     if (!providedExtension.isEmpty()) {
       LOG.warn(
@@ -236,7 +239,7 @@ public DeployResult publish(Artifact descriptor, List<File> toPublish)
    *                  coordinates in the corresponding {@link Artifact}.
    * @see Artifact#setFile
    */
-  public DeployResult publish(List<Artifact> toPublish) throws DeploymentException {
+  public DeployResult publish(List<Artifact> toPublish) throws DeploymentException, InterruptedException {
     RepositorySystem repoSys = Preconditions.checkNotNull(
         locator.getService(RepositorySystem.class));
 
@@ -255,15 +258,63 @@ public DeployResult publish(List<Artifact> toPublish) throws DeploymentException
     }
   }
 
-  private DeployRequest createDeployRequest(List<Artifact> toPublish) {
+  private DeployRequest createDeployRequest(List<Artifact> toPublish) throws InterruptedException {
     DeployRequest deployRequest = new DeployRequest().setRepository(remoteRepo);
     for (Artifact artifact : toPublish) {
       File file = artifact.getFile();
       Preconditions.checkNotNull(file);
       Preconditions.checkArgument(file.exists(), "No such file: %s", file.getAbsolutePath());
 
       deployRequest.addArtifact(artifact);
+
+      if (pgpPassphrase.isPresent()) {
+        deployRequest.addArtifact(sign(artifact, file));
+      }
     }
     return deployRequest;
   }
+
+  private SubArtifact sign(Artifact descriptor, File file) throws InterruptedException {
+    // Run gpg
+    try (PrintStream stdout = new PrintStream(new ByteArrayOutputStream());
+         PrintStream stderr = new PrintStream(new ByteArrayOutputStream())) {
+      File expectedOutput = new File(file.getAbsolutePath() + ".asc");
+      if (expectedOutput.exists() && !expectedOutput.delete()) {
+        throw new HumanReadableException(
+            "Existing signature exists, but cannot be deleted: %s",
+            file);
+      }
+
+      ProcessExecutor processExecutor = new DefaultProcessExecutor(
+          new Console(
+              Verbosity.SILENT,
+              stdout,
+              stderr,
+              Ansi.withoutTty()));
+      ProcessExecutorParams args = ProcessExecutorParams.builder()
+          .addCommand(
+              "gpg",
+              "-ab",
+              "--batch",
+              "--passphrase", pgpPassphrase.get(),
+              file.getAbsolutePath())
+          .build();
+      ProcessExecutor.Result result = processExecutor.launchAndExecute(args);
+      if (result.getExitCode() != 0) {
+        throw new HumanReadableException("Unable to sign %s", file);
+      }
+
+      if (!expectedOutput.exists()) {
+        throw new HumanReadableException("Unable to find signature for %s", file);
+      }
+
+      return new SubArtifact(
+          descriptor,
+          descriptor.getClassifier(),
+          "*.asc",
+          expectedOutput);
+    } catch (IOException e) {
+      throw new HumanReadableException(e, "Unable to generate signauture for %s", file);
+    }
+  }
 }
diff --git a/test/com/facebook/buck/maven/PublisherTest.java b/test/com/facebook/buck/maven/PublisherTest.java
@@ -57,10 +57,11 @@ public class PublisherTest {
   public void setUp() {
     ProjectFilesystem filesystem = new FakeProjectFilesystem();
     publisher = new Publisher(
-        filesystem,
+        filesystem.getRootPath(),
         /* remoteRepoUrl */ Optional.empty(),
         /* username */ Optional.empty(),
         /* password */ Optional.empty(),
+        /* pgp passphrase */ Optional.empty(),
         /* dryRun */ true);
   }