diff --git a/.github/actions/sha-of-zip.bat b/.github/actions/sha-of-zip.bat index dbc810385..4dc99a5fd 100644 --- a/.github/actions/sha-of-zip.bat +++ b/.github/actions/sha-of-zip.bat @@ -13,6 +13,7 @@ set "HASHFILE_UNSORTED=all_hashes_unsorted.txt" set "HASHFILE_PATH_STRIPPED=all_hashes_path_stripped.txt" set "HASHFILE_SORTED=all_hashes_sorted.txt" set "EXTRACTIONDIR=.\rcv\zip_extracted" +set "MODULESFILE=.\rcv\lib\modules" if exist %HASHFILE_UNSORTED% ( del %HASHFILE_UNSORTED% @@ -25,12 +26,17 @@ if exist %EXTRACTIONDIR% ( mkdir %EXTRACTIONDIR% powershell -command Expand-Archive -Path %ZIP_FILEPATH% -Destination %EXTRACTIONDIR% cd %EXTRACTIONDIR% + +:: Remove modules file, which doesn't vary on the same machine but does vary across machines +del %MODULESFILE% :: Calculate the hash for every file here and in all subdirectories, appending to the file (format "(filename) = (hash)") -for /r . %%f in (*) do ( - > %HASHFILE_UNSORTED% - C:\Windows\System32\certutil.exe -hashfile "%%f" SHA%SHA_A% | findstr /v ":" >> %HASHFILE_UNSORTED% -) +( + for /r . %%f in (*) do ( + %HASHFILE_UNSORTED% :: Replace the absolute paths to each file with relative paths (e.g. C:\temp\rcv => .\rcv) set "SEARCHTEXT=%cd%" @@ -45,7 +51,8 @@ sort "%HASHFILE_PATH_STRIPPED%" > "%HASHFILE_SORTED%" C:\Windows\System32\certutil.exe -hashfile %HASHFILE_SORTED% SHA%SHA_A% | findstr /v ":" -:: after printing the golden hash, print the details: hash of each file -type "%HASHFILE_SORTED%" +:: For debugging, enable printing the file-by-file hash +:: echo "File-by-file hash" +:: type "%HASHFILE_SORTED%" endlocal diff --git a/.github/actions/sha-of-zip.sh b/.github/actions/sha-of-zip.sh index 38e5d11f6..d4bfa9f42 100755 --- a/.github/actions/sha-of-zip.sh +++ b/.github/actions/sha-of-zip.sh @@ -11,6 +11,7 @@ os=$2 sha_a=$3 parentPath=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P ) +modulesPath="./rcv/lib/modules" # Make a temporary directory to extract zip, and a temporary file to hold SHAs tempDirectory=$(mktemp -d) @@ -20,8 +21,12 @@ touch $tempAllChecksumsFile # Extract the zip unzip -q $zipFilepath -d $tempDirectory 2>/dev/null -# Get a checksum for each file in the zip +# Go into the extracted directory and delete the modules file +# That file is consistent on a single machine, but differs across machines cd $tempDirectory +rm $modulesPath + +# Get a checksum for each file in the zip for filename in $(find * -type f | sort); do checksum=$($parentPath/../workflows/sha.sh $filename $os $sha_a) echo $checksum >> $tempAllChecksumsFile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a86f6dc6..cda17fa72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -84,9 +84,15 @@ jobs: mkdir cache echo "FILEPATH=cache/${{ steps.basefn.outputs.FILEPATH }}.cache.zip" >> $GITHUB_OUTPUT + - name: "Create checksum filename" + id: checksumsfn + shell: bash + run: | + echo "FILEPATH=cache/checksums.csv" >> $GITHUB_OUTPUT + - name: "Generate SHA1 and SHA256 for each maven dependency" shell: bash - run: ./.github/workflows/generate-dependency-hashes.sh ${{ runner.os }} >> ~/.gradle/caches/checksums.csv + run: ./.github/workflows/generate-dependency-hashes.sh ${{ runner.os }} >> ${{steps.checksumsfn.outputs.FILEPATH}} - name: "Create dependency zip" uses: ./.github/actions/zip @@ -101,6 +107,11 @@ jobs: run: | ./.github/workflows/sha.sh ${{steps.cachefn.outputs.FILEPATH}} ${{ runner.os }} 512 > ${{steps.cachefn.outputs.FILEPATH}}.sha512 + - name: "Generate SHA512 for plugins' checksums" + shell: bash + run: | + ./.github/workflows/sha.sh ${{steps.checksumsfn.outputs.FILEPATH}} ${{ runner.os }} 512 > ${{steps.checksumsfn.outputs.FILEPATH}}.sha512 + - name: "Generate Golden SHA512 for jlinkZip" uses: ./.github/actions/sha-of-zip with: @@ -158,14 +169,16 @@ jobs: name: Package if-no-files-found: error path: | - ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }} - ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }}.sha512 - ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }}.golden.sha512 - ${{ github.workspace }}/${{ steps.exefn.outputs.FILEPATH }} - ${{ github.workspace }}/${{ steps.exefn.outputs.FILEPATH }}.sha512 - ${{ github.workspace }}/${{steps.cachefn.outputs.FILEPATH}} - ${{ github.workspace }}/${{steps.cachefn.outputs.FILEPATH}}.sha512 - ${{ github.workspace }}/${{steps.cachefn.outputs.FILEPATH}}.golden.sha512 + ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }} + ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }}.sha512 + ${{ github.workspace }}/${{ steps.zipfn.outputs.FILEPATH }}.golden.sha512 + ${{ github.workspace }}/${{ steps.exefn.outputs.FILEPATH }} + ${{ github.workspace }}/${{ steps.exefn.outputs.FILEPATH }}.sha512 + ${{ github.workspace }}/${{ steps.cachefn.outputs.FILEPATH }} + ${{ github.workspace }}/${{ steps.cachefn.outputs.FILEPATH }}.sha512 + ${{ github.workspace }}/${{ steps.cachefn.outputs.FILEPATH }}.golden.sha512 + ${{ github.workspace }}/${{ steps.checksumsfn.outputs.FILEPATH }} + ${{ github.workspace }}/${{ steps.checksumsfn.outputs.FILEPATH }}.sha512 retention-days: 1 - name: "Upload binaries to release"