From e5cc29fe08bb1ec972cc3b5b597e9dde2ba8c2b4 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 00:24:27 +0800 Subject: [PATCH 01/11] Show hash values of files uploaded --- action.yml | 5 +++++ twine-upload.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/action.yml b/action.yml index ebe6dfc..02f935e 100644 --- a/action.yml +++ b/action.yml @@ -30,6 +30,10 @@ inputs: description: Show verbose output. required: false default: false + print_hash: + description: Show hash values of files uploaded + required: false + default: false branding: color: yellow icon: upload-cloud @@ -44,3 +48,4 @@ runs: - ${{ inputs.verify_metadata }} - ${{ inputs.skip_existing }} - ${{ inputs.verbose }} + - ${{ inputs.print_hash }} diff --git a/twine-upload.sh b/twine-upload.sh index 38280fc..d45b734 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -48,3 +48,29 @@ TWINE_USERNAME="$INPUT_USER" \ TWINE_PASSWORD="$INPUT_PASSWORD" \ TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \ exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/* + +if [[ ${INPUT_PRINT_HASH,,} != "false" ]] ; then + cat > ./print_hash.py << EOF +import os +import hashlib +sha256 = hashlib.sha256() +md5 = hashlib.md5() +blake2_256 = hashlib.blake2b(digest_size=256 // 8) +file_list = os.listdir(os.path.abspath("${INPUT_PACKAGES_DIR%%/}")) +for i in file_list: + print(i) + print("") + file = open(os.path.abspath(os.path.join("${INPUT_PACKAGES_DIR%%/}", i)), "rb") + content = file.read() + file.close() + sha256.update(content) + md5.update(content) + blake2_256.update(content) + print(f"SHA256: {sha256.hexdigest()}") + print(f"MD5: {md5.hexdigest()}") + print(f"BLAKE2-256: {blake2_256.hexdigest()}") + print("") +EOF + python ./print_hash.py + rm ./print_hash.py +fi \ No newline at end of file From 77ee11371360c745960cc1bfdebe2fa3c338ac9d Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:12:15 +0800 Subject: [PATCH 02/11] Move out the Python script from the shell script --- action.yml | 2 +- print-hash.py | 24 ++++++++++++++++++++++++ twine-upload.sh | 30 ++++-------------------------- 3 files changed, 29 insertions(+), 27 deletions(-) create mode 100755 print-hash.py diff --git a/action.yml b/action.yml index 02f935e..9d14593 100644 --- a/action.yml +++ b/action.yml @@ -31,7 +31,7 @@ inputs: required: false default: false print_hash: - description: Show hash values of files uploaded + description: Show hash values of files to be uploaded required: false default: false branding: diff --git a/print-hash.py b/print-hash.py new file mode 100755 index 0000000..52d698e --- /dev/null +++ b/print-hash.py @@ -0,0 +1,24 @@ +import os +import hashlib + +sha256 = hashlib.sha256() +md5 = hashlib.md5() +blake2_256 = hashlib.blake2b(digest_size=256 // 8) + +file_list = os.listdir(os.path.abspath(os.getenv("INPUT_PACKAGES_DIR"))) + +for file in file_list: + print(file) + print("") + + with open(os.path.abspath(os.path.join(os.getenv("INPUT_PACKAGES_DIR"), file)), "rb") as f: + content = f.read() + + sha256.update(content) + md5.update(content) + blake2_256.update(content) + + print(f"SHA256: {sha256.hexdigest()}") + print(f"MD5: {md5.hexdigest()}") + print(f"BLAKE2-256: {blake2_256.hexdigest()}") + print("") diff --git a/twine-upload.sh b/twine-upload.sh index d45b734..5b5ea75 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -44,33 +44,11 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS" fi +if [[ ${INPUT_PRINT_HASH,,} || ${INPUT_VERBOSE,,} != "false" ]] ; then + python ./print-hash.py +fi + TWINE_USERNAME="$INPUT_USER" \ TWINE_PASSWORD="$INPUT_PASSWORD" \ TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \ exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/* - -if [[ ${INPUT_PRINT_HASH,,} != "false" ]] ; then - cat > ./print_hash.py << EOF -import os -import hashlib -sha256 = hashlib.sha256() -md5 = hashlib.md5() -blake2_256 = hashlib.blake2b(digest_size=256 // 8) -file_list = os.listdir(os.path.abspath("${INPUT_PACKAGES_DIR%%/}")) -for i in file_list: - print(i) - print("") - file = open(os.path.abspath(os.path.join("${INPUT_PACKAGES_DIR%%/}", i)), "rb") - content = file.read() - file.close() - sha256.update(content) - md5.update(content) - blake2_256.update(content) - print(f"SHA256: {sha256.hexdigest()}") - print(f"MD5: {md5.hexdigest()}") - print(f"BLAKE2-256: {blake2_256.hexdigest()}") - print("") -EOF - python ./print_hash.py - rm ./print_hash.py -fi \ No newline at end of file From fc71be69fe7fd2341607ff2108e05a2bfd3c5d46 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:14:48 +0800 Subject: [PATCH 03/11] Add print-hash.py to Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9d0d442..a97e302 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ RUN \ WORKDIR /app COPY LICENSE.md . COPY twine-upload.sh . +COPY print-hash.py . RUN chmod +x twine-upload.sh ENTRYPOINT ["/app/twine-upload.sh"] From 06a2dd66854ee73931657bb8a4e1f261ef938a5f Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:21:09 +0800 Subject: [PATCH 04/11] Fix bug --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 5b5ea75..860cda4 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -45,7 +45,7 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then fi if [[ ${INPUT_PRINT_HASH,,} || ${INPUT_VERBOSE,,} != "false" ]] ; then - python ./print-hash.py + python /app/print-hash.py fi TWINE_USERNAME="$INPUT_USER" \ From ca30c7da983a24caeddb2e73a5f6fe1022d880a2 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:24:12 +0800 Subject: [PATCH 05/11] Show a message before printing hash values of files --- print-hash.py | 1 + 1 file changed, 1 insertion(+) diff --git a/print-hash.py b/print-hash.py index 52d698e..e239b5a 100755 --- a/print-hash.py +++ b/print-hash.py @@ -8,6 +8,7 @@ file_list = os.listdir(os.path.abspath(os.getenv("INPUT_PACKAGES_DIR"))) for file in file_list: + print("Showing hash values of files to be uploaded:") print(file) print("") From 777bfc4346c57a31fdf7ec381ef3e92018960946 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:26:32 +0800 Subject: [PATCH 06/11] Fix the message --- print-hash.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/print-hash.py b/print-hash.py index e239b5a..144ae57 100755 --- a/print-hash.py +++ b/print-hash.py @@ -7,8 +7,9 @@ file_list = os.listdir(os.path.abspath(os.getenv("INPUT_PACKAGES_DIR"))) +print("Showing hash values of files to be uploaded:") + for file in file_list: - print("Showing hash values of files to be uploaded:") print(file) print("") From c83d37bdf05723c6eca6bd0df3c05e00cacfa961 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sat, 8 Jan 2022 12:41:13 +0800 Subject: [PATCH 07/11] Introduce print_hash in README --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index c3e906b..12baf6b 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,16 @@ Sometimes, `twine upload` can fail and to debug use the `verbose` setting as fol verbose: true ``` +### Showing hash values of files to be uploaded + +You may want to verify whether the files on PyPI were automatically uploaded by CI script. +It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded. + +```yml + with: + print_hash: true +``` + ## License The Dockerfile and associated scripts and documentation in this project From 8682135dac51a0c6d0b2b03eacc20cdb11f203f2 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Sun, 9 Jan 2022 00:05:27 +0100 Subject: [PATCH 08/11] Correct the if-clause for printing the hashes --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 860cda4..2a9b546 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -44,7 +44,7 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS" fi -if [[ ${INPUT_PRINT_HASH,,} || ${INPUT_VERBOSE,,} != "false" ]] ; then +if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then python /app/print-hash.py fi From 0575dc8eab29bdb32fdc059da3f8ac7a22a26fb7 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Sun, 9 Jan 2022 00:24:29 +0100 Subject: [PATCH 09/11] Refactor the hash helper script to use pathlib and CLI args --- print-hash.py | 13 +++++++------ twine-upload.sh | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/print-hash.py b/print-hash.py index 144ae57..8b0ee98 100755 --- a/print-hash.py +++ b/print-hash.py @@ -1,20 +1,21 @@ -import os import hashlib +import pathlib +import sys sha256 = hashlib.sha256() md5 = hashlib.md5() blake2_256 = hashlib.blake2b(digest_size=256 // 8) -file_list = os.listdir(os.path.abspath(os.getenv("INPUT_PACKAGES_DIR"))) +packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute() +file_iterable = packages_dir.iterdir() print("Showing hash values of files to be uploaded:") -for file in file_list: - print(file) +for file_object in file_iterable: + print(file_object) print("") - with open(os.path.abspath(os.path.join(os.getenv("INPUT_PACKAGES_DIR"), file)), "rb") as f: - content = f.read() + content = file_object.read_bytes() sha256.update(content) md5.update(content) diff --git a/twine-upload.sh b/twine-upload.sh index 2a9b546..31da635 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -45,7 +45,7 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then fi if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then - python /app/print-hash.py + python /app/print-hash.py "${INPUT_PACKAGES_DIR%%/}" fi TWINE_USERNAME="$INPUT_USER" \ From 5d18baa42c7d858441b701f9f8d1db08ba9be00e Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Sun, 9 Jan 2022 00:25:56 +0100 Subject: [PATCH 10/11] Drop unnecessary `file_iterable` var --- print-hash.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/print-hash.py b/print-hash.py index 8b0ee98..5a848b7 100755 --- a/print-hash.py +++ b/print-hash.py @@ -7,11 +7,10 @@ blake2_256 = hashlib.blake2b(digest_size=256 // 8) packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute() -file_iterable = packages_dir.iterdir() print("Showing hash values of files to be uploaded:") -for file_object in file_iterable: +for file_object in packages_dir.iterdir(): print(file_object) print("") From 977d0675615f6a62b2da99c5d6cd6da339b38bd5 Mon Sep 17 00:00:00 2001 From: meowmeowcat <68463158+meowmeowmeowcat@users.noreply.github.com> Date: Sun, 9 Jan 2022 15:18:25 +0800 Subject: [PATCH 11/11] Fix a bug --- print-hash.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/print-hash.py b/print-hash.py index 5a848b7..42db92e 100755 --- a/print-hash.py +++ b/print-hash.py @@ -2,15 +2,15 @@ import pathlib import sys -sha256 = hashlib.sha256() -md5 = hashlib.md5() -blake2_256 = hashlib.blake2b(digest_size=256 // 8) - packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute() print("Showing hash values of files to be uploaded:") for file_object in packages_dir.iterdir(): + sha256 = hashlib.sha256() + md5 = hashlib.md5() + blake2_256 = hashlib.blake2b(digest_size=256 // 8) + print(file_object) print("")