Allow whitelisting of components in update-verification-metadata

raphiz · Jul 9, 2024 · 0c77282 · 0c77282
1 parent ce29479
commit 0c77282
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/update-verification-metadata/default.nix b/update-verification-metadata/default.nix
@@ -1,11 +1,13 @@
 {
+  lib,
   python3,
   git,
   writeShellApplication,
   gradle,
   updateAction ? "dependencies",
   cmd ? "gradle --refresh-dependencies --write-verification-metadata sha256 ${updateAction}",
   verificationFile ? "gradle/verification-metadata.xml",
+  whitelist ? [],
 }:
 writeShellApplication {
   name = "update-verification-metadata";
@@ -19,7 +21,7 @@ writeShellApplication {
       exit 1
     fi
     echo "Removing all component entries from $verificationFile ..."
-    python ${./update-verification-metadata.py} "$verificationFile"
+    python ${./update-verification-metadata.py} "$verificationFile" ${builtins.toString (builtins.map lib.escapeShellArg whitelist)}
     echo "Regenerating gradle verification data ..."
     ${cmd}
   '';

diff --git a/update-verification-metadata/update-verification-metadata.py b/update-verification-metadata/update-verification-metadata.py
@@ -2,6 +2,9 @@
 import xml.etree.ElementTree as ET
 
 verification_file = sys.argv[1]
+whitelist = sys.argv[1:]
+whitelist_set = set(tuple(item.split(':')) for item in whitelist)
+
 namespaces={'': "https://schema.gradle.org/dependency-verification"}
 ET.register_namespace("", namespaces[''])
 
@@ -10,7 +13,12 @@
 root = tree.getroot()
 components = root.find('components', namespaces)
 if (components):
-    root.remove(components)
+  for component in list(components):
+        group = component.get('group')
+        name = component.get('name')
+        version = component.get('version')
+        if (group, name, version) not in whitelist_set:
+            components.remove(component)
 
 tree.write(verification_file, encoding='UTF-8', xml_declaration=True)