blob: ee42febd4073f571b9104187553c171b9ca67bd4 [file] [log] [blame]
Jeff Gastona423cbc2022-03-09 18:50:05 -05001#!/bin/bash
2set -e
3
Jeff Gaston1d93a522023-08-29 14:24:51 -04004# This script updates trust entries in gradle/verification-metadata.xml
5
6# Usage: $0 [--no-dry-run] [<task>]
7
8# --no-dry-run
9# Don't pass --dry-run to Gradle, so Gradle executes the corresponding tasks.
10# This is not normally necessary but in some cases can be a useful workaround.
11# When https://github.com/gradle/gradle/issues/26289 is resolved, we should reevaluate this behavior
12#
13# <task>
14# The task to ask Gradle to run. By default this is 'bOS'
15# When --no-dry-run is removed, we should reevaluate this behavior
16
17dryrun=true
18task="bOS"
19
20while [ "$1" != "" ]; do
21 arg="$1"
22 shift
23 if [ "$arg" == "--no-dry-run" ]; then
24 dryrun=false
25 continue
26 fi
27 task="$arg"
Jeff Gaston2f0a7302023-11-13 15:10:30 -050028 break
Jeff Gaston1d93a522023-08-29 14:24:51 -040029done
30
Jeff Gaston2f0a7302023-11-13 15:10:30 -050031function usage() {
32 usageError="$1"
33 echo "$usageError"
34 echo "Usage: $0 [--no-dry-run] [<task>]"
35 exit 1
36}
37
38if [ "$1" != "" ]; then
39 usage "Unrecognized argument $1"
40fi
41
Jeff Gastoneb3691e2022-04-21 12:34:52 -040042function runGradle() {
Jeff Gaston1d93a522023-08-29 14:24:51 -040043 echo running ./gradlew "$@"
44 if ./gradlew "$@"; then
45 echo succeeded: ./gradlew "$@"
Jeff Gaston29e70d92022-05-10 13:12:55 -040046 else
Jeff Gaston1d93a522023-08-29 14:24:51 -040047 echo failed: ./gradlew "$@"
Jeff Gaston29e70d92022-05-10 13:12:55 -040048 return 1
49 fi
Jeff Gastoneb3691e2022-04-21 12:34:52 -040050}
51
Jeff Gastona423cbc2022-03-09 18:50:05 -050052# This script regenerates signature-related information (dependency-verification-metadata and keyring)
Jeff Gastonb038ffa2022-10-06 15:05:19 -040053function regenerateVerificationMetadata() {
54 echo "regenerating verification metadata and keyring"
Jeff Gastona423cbc2022-03-09 18:50:05 -050055 # regenerate metadata
56 # Need to run a clean build, https://github.com/gradle/gradle/issues/19228
Jeff Gastond0fb9102023-08-24 15:44:58 -040057 # Resolving Configurations before task execution is expected. b/297394547
Jeff Gaston1d93a522023-08-29 14:24:51 -040058 dryrunArg=""
59 if [ "$dryrun" == "true" ]; then
60 dryrunArg="--dry-run"
61 fi
Aurimas Liutikas7db9d972024-04-03 23:05:55 +000062 runGradle --stacktrace --write-verification-metadata pgp,sha256 --export-keys $dryrunArg --clean -Pandroid.dependencyResolutionAtConfigurationTime.disallow=false -Pandroidx.enabled.kmp.target.platforms=+native $task
Jeff Gastona423cbc2022-03-09 18:50:05 -050063
Jeff Gastonb038ffa2022-10-06 15:05:19 -040064 # update verification metadata file
Jeff Gaston1d93a522023-08-29 14:24:51 -040065
66 # first, make sure the resulting file is named "verification-metadata.xml"
67 if [ "$dryrun" == "true" ]; then
68 mv gradle/verification-metadata.dryrun.xml gradle/verification-metadata.xml
69 fi
70
71 # next, remove 'version=' lines https://github.com/gradle/gradle/issues/20192
Omar Ismaile9f55122024-07-09 13:02:50 +010072 if [ "$(uname)" = "Darwin" ]; then
73 sed -i '' 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml
74 else
75 sed -i 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml
76 fi
Jeff Gastona423cbc2022-03-09 18:50:05 -050077
Jeff Gastoncb1093f2023-04-18 12:02:19 -040078 # rename keyring
Jeff Gaston922a7a02024-02-14 16:22:03 -050079 if [ "$dryrun" == "true" ]; then
80 mv gradle/verification-keyring.dryrun.keys gradle/verification-keyring.keys
81 fi
Jeff Gastona423cbc2022-03-09 18:50:05 -050082}
Jeff Gastonb038ffa2022-10-06 15:05:19 -040083regenerateVerificationMetadata
Jeff Gastona423cbc2022-03-09 18:50:05 -050084
85echo
Jeff Gastoneaac29c2023-02-07 15:11:00 -050086echo 'Done. Please check that these changes look correct (`git diff`)'
Jeff Gaston2f0a7302023-11-13 15:10:30 -050087echo "If Gradle did not make all expected updates to verification-metadata.xml, you can try '--no-dry-run'. This is slow so you may also want to specify a task. Example: $0 --no-dry-run exportSboms"