gitlab-ci: check gradle checksums against official list

This commit is contained in:
Hans-Christoph Steiner 2019-09-09 12:09:01 +02:00
parent c70e2ff056
commit 25548023e0
No known key found for this signature in database
GPG Key ID: 3E177817BA1B9BFA
2 changed files with 76 additions and 0 deletions

View File

@ -198,3 +198,21 @@ fedora_latest:
- cd tests - cd tests
- su testuser --login --command - su testuser --login --command
"cd `pwd`; export ANDROID_HOME=$ANDROID_HOME; fdroid=~testuser/.local/bin/fdroid ./run-tests" "cd `pwd`; export ANDROID_HOME=$ANDROID_HOME; fdroid=~testuser/.local/bin/fdroid ./run-tests"
gradle:
image: alpine:3.7
variables:
LANG: C.UTF-8
script:
- apk add --no-cache ca-certificates git python3
# if this is a merge request fork, then only check if makebuildserver changed
- if [ "$CI_PROJECT_NAMESPACE" != "fdroid" ]; then
git fetch https://gitlab.com/fdroid/fdroidserver.git;
for f in `git diff --name-only --diff-filter=d FETCH_HEAD...HEAD`; do
test "$f" == "makebuildserver" && export CHANGED="yes";
done;
test -z "$CHANGED" && exit;
fi
- python3 -m ensurepip
- pip3 install beautifulsoup4 requests
- ./tests/gradle-release-checksums.py

View File

@ -0,0 +1,58 @@
#!/usr/bin/env python3
import os
import re
import requests
import sys
from bs4 import BeautifulSoup
from distutils.version import LooseVersion
while True:
r = requests.get('https://gradle.org/release-checksums/')
if r.status_code == 200:
break
soup = BeautifulSoup(r.text, 'html.parser')
version_pat = re.compile(r'[0-9]+(\.[0-9]+)+')
versions = dict()
for a in soup.find_all('a'):
if a.parent.name != 'p':
continue
name = a.get('name')
if not name:
continue
m = version_pat.search(name)
if m:
ul = a.parent.find_next_sibling('ul')
versions[m.group()] = a.parent.find_next_sibling('ul').find('li').find('code').text.strip()
errors = 0
makebuildserver = os.path.join(os.path.dirname(__file__), os.pardir, 'makebuildserver')
with open(makebuildserver) as fp:
contents = fp.read()
to_compile = re.search(r'CACHE_FILES = [^\]]+\]', contents, flags=re.DOTALL | re.MULTILINE).group()
code = compile(to_compile, makebuildserver, 'exec')
config = {}
exec(code, None, config) # nosec this is just a CI script
makebuildserver_versions = []
for url, checksum in config['CACHE_FILES']:
if 'gradle.org' in url:
m = version_pat.search(url.split('/')[-1])
if m:
makebuildserver_versions.append(m.group())
if checksum != versions[m.group()]:
print('ERROR: checksum mismatch:', checksum, versions[m.group()])
errors += 1
# error if makebuildserver is missing the latest version
for version in sorted(versions.keys()):
if version not in makebuildserver_versions \
and LooseVersion(version) > LooseVersion(sorted(makebuildserver_versions)[-1]):
errors += 1
print(" ('https://services.gradle.org/distributions/gradle-" + version + "-bin.zip',\n"
" '" + versions[version] + "'),")
print('makebuildserver has gradle v' + sorted(makebuildserver_versions)[-1])
sys.exit(errors)