You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by dw...@apache.org on 2019/12/11 17:41:37 UTC
[lucene-solr] branch gradle-master updated: Initial work on jar
checksums/ license file validation.
This is an automated email from the ASF dual-hosted git repository.
dweiss pushed a commit to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/gradle-master by this push:
new 453eee3 Initial work on jar checksums/ license file validation.
453eee3 is described below
commit 453eee3987af41022cb086c6c8570d3352854d2e
Author: Dawid Weiss <dw...@apache.org>
AuthorDate: Wed Dec 11 18:41:27 2019 +0100
Initial work on jar checksums/ license file validation.
---
build.gradle | 1 +
gradle/testing/randomization.gradle | 1 -
gradle/validation/jar-checks.gradle | 113 ++++++++++++++++++++++++++++++++++++
3 files changed, 114 insertions(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index ac6b859..c71782d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -39,6 +39,7 @@ apply from: file('gradle/defaults-idea.gradle')
// Validation tasks
apply from: file('gradle/validation/forbidden-apis.gradle')
+apply from: file('gradle/validation/jar-checks.gradle')
// Additional development aids.
apply from: file('gradle/maven/maven-local.gradle')
diff --git a/gradle/testing/randomization.gradle b/gradle/testing/randomization.gradle
index 34f696d..af6b77b 100644
--- a/gradle/testing/randomization.gradle
+++ b/gradle/testing/randomization.gradle
@@ -3,7 +3,6 @@
//
import java.nio.file.*
-import org.apache.tools.ant.taskdefs.condition.Os
import com.carrotsearch.randomizedtesting.SeedUtils
import com.carrotsearch.randomizedtesting.generators.RandomPicks
diff --git a/gradle/validation/jar-checks.gradle b/gradle/validation/jar-checks.gradle
new file mode 100644
index 0000000..e11497e
--- /dev/null
+++ b/gradle/validation/jar-checks.gradle
@@ -0,0 +1,113 @@
+
+// This adds validation of project dependencies:
+// 1) license file
+// 2) notice file
+// 3) checksum validation/ generation.
+
+import org.apache.commons.codec.digest.DigestUtils
+import org.apache.commons.codec.digest.MessageDigestAlgorithms
+
+buildscript {
+ repositories {
+ mavenCentral()
+ }
+
+ dependencies {
+ classpath 'commons-codec:commons-codec:1.13'
+ }
+}
+
+// Configure license checksum folder for top-level projects.
+// (The file("licenses") inside the configure scope resolves
+// relative to the current project so they're not the same).
+configure(project(":lucene")) {
+ ext.licensesDir = file("licenses")
+}
+configure(project(":solr")) {
+ ext.licensesDir = file("licenses")
+}
+
+subprojects {
+ // Configure jarValidation configuration for all projects. Any dependency
+ // declared on this configuration (or any configuration it extends from) will
+ // be verified.
+ configurations {
+ jarValidation
+ }
+
+ // For Java projects, add runtime and classpath to jarValidation
+ plugins.withType(JavaPlugin) {
+ configurations {
+ jarValidation {
+ extendsFrom runtimeClasspath
+ extendsFrom compileClasspath
+ }
+ }
+ }
+
+ task collectJarInfos() {
+ dependsOn configurations.jarValidation
+
+ doFirst {
+ // We only care about this module's direct dependencies. Anything imported
+ // from other modules will be taken care of over there.
+ def ownDeps = configurations.detachedConfiguration()
+ .extendsFrom(configurations.jarValidation)
+ .copyRecursive { dep ->
+ !(dep instanceof org.gradle.api.artifacts.ProjectDependency)
+ }
+
+ project.ext.jarInfos = ownDeps.resolvedConfiguration.resolvedArtifacts.collect { resolvedArtifact ->
+ def file = resolvedArtifact.file
+ return [
+ name: resolvedArtifact.name,
+ jarName: file.toPath().getFileName().toString(),
+ path: file,
+ module: resolvedArtifact.moduleVersion,
+ checksum: new DigestUtils(MessageDigestAlgorithms.SHA_1).digestAsHex(file)
+ ]
+ }
+ }
+ }
+
+ task validateJarChecksums() {
+ group = 'Dependency validation'
+ description = "Validate project dependency checksums"
+
+ dependsOn configurations.jarValidation
+ dependsOn collectJarInfos
+
+ // TODO: validation should fail the build but we're out of sync with master.
+ def fail = false
+
+ doLast {
+ def errors = []
+ jarInfos.each { dep ->
+ def expectedChecksumFile = file("${licensesDir}/${dep.jarName}.sha1")
+ if (!expectedChecksumFile.exists()) {
+ errors << "Dependency checksum missing ('${dep.module}'), expected it at: ${expectedChecksumFile}"
+ } else {
+ def expected = expectedChecksumFile.getText("UTF-8").trim()
+ def actual = dep.checksum.trim()
+ if (expected.compareToIgnoreCase(actual) != 0) {
+ errors << "Dependency checksum mismatch ('${dep.module}'), expected it to be: ${expected}, but was: ${actual}"
+ }
+ }
+ }
+
+ if (errors) {
+ def msg = "Dependency checksum validation failed:\n - " + errors.join("\n - ")
+ if (fail) {
+ throw new GradleException(msg)
+ } else {
+ logger.log(LogLevel.WARN, "WARNING: ${msg}")
+ }
+ }
+ }
+ }
+}
+
+// Disable validation for these projects.
+configure(project(":solr:solr-ref-guide")) {
+ validateJarChecksums.enabled = false
+}
\ No newline at end of file