This is an automated email from the ASF dual-hosted git repository. jdaugherty pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/grails-core.git
commit 22ce49c558a9cb044875f2400547d31a91355bd8 Author: James Daugherty <[email protected]> AuthorDate: Fri May 30 16:41:56 2025 -0400 [skip ci] add cli verification script --- etc/bin/verify-cli-distribution.sh | 78 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/etc/bin/verify-cli-distribution.sh b/etc/bin/verify-cli-distribution.sh new file mode 100755 index 0000000000..3de880830c --- /dev/null +++ b/etc/bin/verify-cli-distribution.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +set -euo pipefail + +RELEASE_TAG=$1 +DOWNLOAD_LOCATION="${2:-downloads}" +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +if [ -z "${RELEASE_TAG}" ]; then + echo "Usage: $0 [release-tag] <optional download location>" + exit 1 +fi + +VERSION=${RELEASE_TAG#v} + +cd $DOWNLOAD_LOCATION +ZIP_FILE=$(ls "apache-grails-${VERSION}-incubating-bin.zip" 2>/dev/null | head -n 1) + +if [ -z "$ZIP_FILE" ]; then + echo "Error: Could not find apache-grails-${VERSION}-incubating-bin.zip in $DOWNLOAD_LOCATION" + exit 1 +fi + +export GRAILS_GPG_HOME=$(mktemp -d) +cleanup() { + rm -rf "${GRAILS_GPG_HOME}" +} +trap cleanup EXIT + +echo "Verifying checksum..." +shasum -a 512 -c "apache-grails-${VERSION}-incubating-bin.zip.sha512" +echo "✅ Checksum Verified" + +echo "Verifying GPG signature..." +gpg --homedir "${GRAILS_GPG_HOME}" --import "${SCRIPT_DIR}/../../KEYS" +gpg --homedir "${GRAILS_GPG_HOME}" --verify "apache-grails-${VERSION}-incubating-bin.zip.asc" "apache-grails-${VERSION}-incubating-bin.zip" +echo "✅ GPG Verified" + +SRC_DIR="apache-grails-${VERSION}-incubating-bin" +rm -rf "${SRC_DIR}" || true +echo "Extracting zip file..." +unzip -q "apache-grails-${VERSION}-incubating-bin.zip" + +if [ ! -d "${SRC_DIR}" ]; then + echo "Error: Expected extracted folder '${SRC_DIR}' not found." + exit 1 +fi + +echo "Checking for required files existence..." +REQUIRED_FILES=("LICENSE" "NOTICE") + +for FILE in "${REQUIRED_FILES[@]}"; do + if [ ! -f "${SRC_DIR}/$FILE" ]; then + echo "❌ Missing required file: $FILE" + exit 1 + fi + + echo "✅ Found required file: $FILE" +done + +echo "✅ All cli binary distribution checks passed successfully for Apache Grails ${VERSION}." \ No newline at end of file
