This is an automated email from the ASF dual-hosted git repository. jdaugherty pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/grails-core.git
commit d8c5ea150c36363f5917f853a7258e04a74f2cd0 Author: James Daugherty <[email protected]> AuthorDate: Tue May 27 10:37:52 2025 -0400 add checksums --- .github/workflows/gradle.yml | 14 ++++++-- buildSrc/build.gradle | 1 + gradle.properties | 1 + gradle/publish-config.gradle | 34 +++++++++++++++++++ gradle/publish-root-config.gradle | 33 ++++++++++++++++++ grails-gradle/bom/build.gradle | 4 +++ grails-gradle/build.gradle | 33 ++++++++++++++++++ grails-gradle/buildSrc/build.gradle | 7 ++++ grails-gradle/docs-core/build.gradle | 14 ++++---- grails-gradle/gradle/checksum-config.gradle | 52 +++++++++++++++++++++++++++++ grails-gradle/model/build.gradle | 13 ++++---- grails-gradle/plugins/build.gradle | 1 + grails-gradle/tasks/build.gradle | 10 ++++-- 13 files changed, 200 insertions(+), 17 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 1f7846be3d..cef7edef7a 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -208,8 +208,13 @@ jobs: MAVEN_PUBLISH_PASSWORD: ${{ secrets.NEXUS_PW }} working-directory: 'grails-gradle' run: > - ./gradlew publish + ./gradlew publish aggregateChecksums -Dorg.gradle.internal.publish.checksums.insecure=true + - name: "📤 Upload grails-gradle checksums" + uses: actions/upload-artifact@v4 + with: + name: grails-gradle-checksums + path: grails-gradle/build/checksums.txt publish: needs: [ publishGradle, build, functional, hibernate5Functional, mongodbFunctional ] if: ${{ always() && github.repository_owner == 'apache' && github.event_name == 'push' && needs.publishGradle.result == 'success' && (needs.build.result == 'success' || needs.build.result == 'skipped') && (needs.functional.result == 'success' || needs.functional.result == 'skipped') && (needs.hibernate5Functional.result == 'success' || needs.hibernate5Functional.result == 'skipped') && (needs.mongodbFunctional.result == 'success' || needs.mongodbFunctional.result == 'skipped') }} @@ -239,7 +244,12 @@ jobs: timeout_seconds: 900 # normal range 360-720s max_attempts: 3 # Attempts to address: Could not write to resource 'https://repository.apache.org/content/repositories/snapshots/...' Read timed out retry_wait_seconds: 180 - command: ./gradlew publish + command: ./gradlew publish aggregateChecksums + - name: "📤 Upload grails-core checksums" + uses: actions/upload-artifact@v4 + with: + name: grails-checksums + path: build/checksums.txt - name: "🔨 Create Grails Wrapper Distribution Zip" run: > ./gradlew :grails-wrapper:distZip diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index ad956ef33e..96e6113aa5 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -50,4 +50,5 @@ dependencies { implementation 'org.asciidoctor:asciidoctor-gradle-jvm' implementation 'org.springframework.boot:spring-boot-gradle-plugin' implementation 'org.nosphere.apache.rat:org.nosphere.apache.rat.gradle.plugin:0.8.1' + implementation "org.gradle.crypto.checksum:org.gradle.crypto.checksum.gradle.plugin:${gradleProperties.gradleChecksumPluginVersion}" } \ No newline at end of file diff --git a/gradle.properties b/gradle.properties index 94a81cc97e..91337770eb 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,6 +21,7 @@ coberturaVersion=2.1.1 expectitCoreVersion=0.9.0 gradleExtraConfigurationsPluginVersion=10.0.1 gradleLicensePluginVersion=0.16.1 +gradleChecksumPluginVersion=1.4.0 gradleToolingApiVersion=8.12.1 javaVersion=17 joptSimpleVersion=5.0.4 diff --git a/gradle/publish-config.gradle b/gradle/publish-config.gradle index 66a19e76ca..f1b0efad45 100644 --- a/gradle/publish-config.gradle +++ b/gradle/publish-config.gradle @@ -17,6 +17,7 @@ * under the License. */ +import org.gradle.crypto.checksum.Checksum import org.grails.gradle.plugin.publishing.GrailsPublishExtension extensions.configure(GrailsPublishExtension) { @@ -29,4 +30,37 @@ extensions.configure(GrailsPublishExtension) { it.developers = findProperty('pomDevelopers') as Map<String, String> ?: [graemerocher: 'Graeme Rocher'] it.pomCustomization = findProperty('pomCustomization') as Closure it.publishTestSources = findProperty('pomPublishTestSources') ?: false +} + +apply plugin: 'org.gradle.crypto.checksum' + +afterEvaluate { + if (project.plugins.hasPlugin("maven-publish")) { + def checksumTask = tasks.register("publishedChecksums", Checksum) + checksumTask.configure { Checksum check -> + check.checksumAlgorithm = Checksum.Algorithm.SHA256 + check.outputDirectory.set(project.layout.buildDirectory.dir("checksums")) + check.dependsOn(tasks.withType(Jar)) + } + + gradle.taskGraph.whenReady { + List filesToChecksum = [] + publishing.publications.withType(MavenPublication).all { publication -> + publication.artifacts.each { artifact -> + filesToChecksum << artifact.file + } + } + + checksumTask.configure { Checksum check -> + check.inputFiles.setFrom(filesToChecksum.unique()) + } + } + + Set<String> publishTasks = tasks.names.findAll { it.startsWith('publishMavenPublication') } + publishTasks.each { taskName -> + tasks.named(taskName).configure { publishTask -> + publishTask.finalizedBy checksumTask + } + } + } } \ No newline at end of file diff --git a/gradle/publish-root-config.gradle b/gradle/publish-root-config.gradle index 7007a57f9e..90e2972f16 100644 --- a/gradle/publish-root-config.gradle +++ b/gradle/publish-root-config.gradle @@ -137,4 +137,37 @@ subprojects { apply plugin: 'org.apache.grails.gradle.grails-publish' } } +} + +tasks.register("aggregateChecksums") { + group = "publishing" + description = "Aggregates all SHA-256 checksums from subprojects into a single file." + + def outputFileProvider = rootProject.layout.buildDirectory.file("checksums.txt") + outputs.file(outputFileProvider) + + outputs.upToDateWhen { false } // not worth caching + + doLast { + def outputFile = outputFileProvider.get().asFile + outputFile.withPrintWriter { writer -> + subprojects.each { sub -> + def checksumDir = sub.layout.buildDirectory.dir("checksums").get().asFile + if (checksumDir.exists()) { + checksumDir.listFiles(new FilenameFilter() { + boolean accept(File dir, String name) { + return name.endsWith(".sha256") + } + })?.each { checksumFile -> + def jarName = checksumFile.name - ".sha256" + def checksumLine = checksumFile.text.trim() + def checksum = checksumLine.tokenize()[0] + writer.println("${jarName} ${checksum}") + } + } + } + } + + println "Checksum manifest written to ${outputFile}" + } } \ No newline at end of file diff --git a/grails-gradle/bom/build.gradle b/grails-gradle/bom/build.gradle index 1fb4c6dc58..bc31e537af 100644 --- a/grails-gradle/bom/build.gradle +++ b/grails-gradle/bom/build.gradle @@ -172,3 +172,7 @@ publishing { } } } + +apply { + from rootProject.layout.projectDirectory.file('gradle/checksum-config.gradle') +} diff --git a/grails-gradle/build.gradle b/grails-gradle/build.gradle index 3de7913eae..4706351138 100644 --- a/grails-gradle/build.gradle +++ b/grails-gradle/build.gradle @@ -86,3 +86,36 @@ if (isReleaseVersion) { } } +tasks.register("aggregateChecksums") { + group = "publishing" + description = "Aggregates all SHA-256 checksums from subprojects into a single file." + + def outputFileProvider = rootProject.layout.buildDirectory.file("checksums.txt") + outputs.file(outputFileProvider) + + outputs.upToDateWhen { false } // not worth caching + + doLast { + def outputFile = outputFileProvider.get().asFile + outputFile.withPrintWriter { writer -> + subprojects.each { sub -> + def checksumDir = sub.layout.buildDirectory.dir("checksums").get().asFile + if (checksumDir.exists()) { + checksumDir.listFiles(new FilenameFilter() { + boolean accept(File dir, String name) { + return name.endsWith(".sha256") + } + })?.each { checksumFile -> + def jarName = checksumFile.name - ".sha256" + def checksumLine = checksumFile.text.trim() + def checksum = checksumLine.tokenize()[0] + writer.println("${jarName} ${checksum}") + } + } + } + } + + println "Checksum manifest written to ${outputFile}" + } +} + diff --git a/grails-gradle/buildSrc/build.gradle b/grails-gradle/buildSrc/build.gradle index 1cf98c23bc..dcc2d611ab 100644 --- a/grails-gradle/buildSrc/build.gradle +++ b/grails-gradle/buildSrc/build.gradle @@ -31,6 +31,13 @@ repositories { gradlePluginPortal() } +file('../../gradle.properties').withInputStream { + Properties props = new Properties() + props.load(it) + project.ext.gradleProperties = props +} + dependencies { implementation "${gradleBomDependencies['gradle-nexus-publish-plugin']}" + implementation "org.gradle.crypto.checksum:org.gradle.crypto.checksum.gradle.plugin:${gradleProperties.gradleChecksumPluginVersion}" } \ No newline at end of file diff --git a/grails-gradle/docs-core/build.gradle b/grails-gradle/docs-core/build.gradle index f287c84d2b..2e4e215282 100644 --- a/grails-gradle/docs-core/build.gradle +++ b/grails-gradle/docs-core/build.gradle @@ -84,13 +84,6 @@ tasks.named('jar', Jar).configure { Jar it -> jar.dependsOn docFilesJar -apply { - from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') - from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') - from rootProject.layout.projectDirectory.file('gradle/test-config.gradle') -} - - publishing { if (!isReleaseVersion) { repositories { @@ -145,4 +138,11 @@ publishing { } } } +} + +apply { + from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/test-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/checksum-config.gradle') } \ No newline at end of file diff --git a/grails-gradle/gradle/checksum-config.gradle b/grails-gradle/gradle/checksum-config.gradle new file mode 100644 index 0000000000..2627623e6d --- /dev/null +++ b/grails-gradle/gradle/checksum-config.gradle @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import org.gradle.crypto.checksum.Checksum + +apply plugin: 'org.gradle.crypto.checksum' + +afterEvaluate { + if (project.plugins.hasPlugin("maven-publish")) { + def checksumTask = tasks.register("publishedChecksums", Checksum) + checksumTask.configure { Checksum check -> + check.checksumAlgorithm = Checksum.Algorithm.SHA256 + check.outputDirectory.set(project.layout.buildDirectory.dir("checksums")) + check.dependsOn(tasks.withType(Jar)) + } + + gradle.taskGraph.whenReady { + List filesToChecksum = [] + publishing.publications.withType(MavenPublication).all { publication -> + publication.artifacts.each { artifact -> + filesToChecksum << artifact.file + } + } + + checksumTask.configure { Checksum check -> + check.inputFiles.setFrom(filesToChecksum.unique()) + } + } + + Set<String> publishTasks = tasks.names.findAll { it.startsWith('publishMavenPublication') } + publishTasks.each { taskName -> + tasks.named(taskName).configure { publishTask -> + publishTask.finalizedBy checksumTask + } + } + } +} \ No newline at end of file diff --git a/grails-gradle/model/build.gradle b/grails-gradle/model/build.gradle index 3e78ba2eb3..41b9c238c1 100644 --- a/grails-gradle/model/build.gradle +++ b/grails-gradle/model/build.gradle @@ -68,12 +68,6 @@ dependencies { testImplementation 'org.objenesis:objenesis' } -apply { - from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') - from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') - from rootProject.layout.projectDirectory.file('gradle/test-config.gradle') -} - publishing { if (!isReleaseVersion) { repositories { @@ -123,4 +117,11 @@ publishing { } } } +} + +apply { + from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/test-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/checksum-config.gradle') } \ No newline at end of file diff --git a/grails-gradle/plugins/build.gradle b/grails-gradle/plugins/build.gradle index fb7fec3421..9b8affaf1f 100644 --- a/grails-gradle/plugins/build.gradle +++ b/grails-gradle/plugins/build.gradle @@ -185,4 +185,5 @@ apply { from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') from rootProject.layout.projectDirectory.file('gradle/e2eTest.gradle') + from rootProject.layout.projectDirectory.file('gradle/checksum-config.gradle') } diff --git a/grails-gradle/tasks/build.gradle b/grails-gradle/tasks/build.gradle index 139b688052..a85ac9e58f 100644 --- a/grails-gradle/tasks/build.gradle +++ b/grails-gradle/tasks/build.gradle @@ -19,7 +19,7 @@ plugins { id 'groovy' - id 'java-gradle-plugin' + id 'java-library' id 'maven-publish' } @@ -36,6 +36,8 @@ dependencies { exclude group: 'org.spockframework' } + implementation gradleApi() + implementation 'io.github.gradle-nexus:publish-plugin' implementation 'org.springframework.boot:spring-boot-gradle-plugin' } @@ -63,7 +65,9 @@ publishing { } publications { - pluginMaven(MavenPublication) { + maven(MavenPublication) { + from components.java + pom { name = 'Grails Gradle Tasks' description = 'A Gradle tasks for Grails gradle plugins' @@ -106,4 +110,6 @@ publishing { apply { from rootProject.layout.projectDirectory.file('gradle/java-config.gradle') from rootProject.layout.projectDirectory.file('gradle/docs-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/test-config.gradle') + from rootProject.layout.projectDirectory.file('gradle/checksum-config.gradle') } \ No newline at end of file
