Merge pull request #87 from meowmeowmeowcat/show-hash-values

This patch calculates SHA256, MD5, and BLAKE2-256 hash digests of every file in the packages directory and prints out their HEX representations to the log. Resolves #62
pypa · Jan 9, 2022 · 4992a00 · 4992a00
2 parents bea5cda + 977d067
commit 4992a00
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -14,6 +14,7 @@ RUN \
 WORKDIR /app
 COPY LICENSE.md .
 COPY twine-upload.sh .
+COPY print-hash.py .
 
 RUN chmod +x twine-upload.sh
 ENTRYPOINT ["/app/twine-upload.sh"]
diff --git a/README.md b/README.md
@@ -162,6 +162,16 @@ Sometimes, `twine upload` can fail and to debug use the `verbose` setting as fol
      verbose: true
 ```
 
+### Showing hash values of files to be uploaded
+
+You may want to verify whether the files on PyPI were automatically uploaded by CI script.
+It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded.
+
+```yml
+  with:
+    print_hash: true
+```
+
 ## License
 
 The Dockerfile and associated scripts and documentation in this project

diff --git a/action.yml b/action.yml
@@ -30,6 +30,10 @@ inputs:
     description: Show verbose output.
     required: false
     default: false
+  print_hash:
+    description: Show hash values of files to be uploaded
+    required: false
+    default: false
 branding:
   color: yellow
   icon: upload-cloud
@@ -44,3 +48,4 @@ runs:
   - ${{ inputs.verify_metadata }}
   - ${{ inputs.skip_existing }}
   - ${{ inputs.verbose }}
+  - ${{ inputs.print_hash }}
diff --git a/print-hash.py b/print-hash.py
@@ -0,0 +1,26 @@
+import hashlib
+import pathlib
+import sys
+
+packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute()
+
+print("Showing hash values of files to be uploaded:")
+
+for file_object in packages_dir.iterdir():
+    sha256 = hashlib.sha256()
+    md5 = hashlib.md5()
+    blake2_256 = hashlib.blake2b(digest_size=256 // 8)
+
+    print(file_object)
+    print("")
+
+    content = file_object.read_bytes()
+
+    sha256.update(content)
+    md5.update(content)
+    blake2_256.update(content)
+
+    print(f"SHA256: {sha256.hexdigest()}")
+    print(f"MD5: {md5.hexdigest()}")
+    print(f"BLAKE2-256: {blake2_256.hexdigest()}")
+    print("")
diff --git a/twine-upload.sh b/twine-upload.sh
@@ -44,6 +44,10 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
     TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
 fi
 
+if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
+    python /app/print-hash.py "${INPUT_PACKAGES_DIR%%/}"
+fi
+
 TWINE_USERNAME="$INPUT_USER" \
 TWINE_PASSWORD="$INPUT_PASSWORD" \
 TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \