Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | set -e |
| 3 | |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 4 | # This script updates trust entries in gradle/verification-metadata.xml |
| 5 | |
| 6 | # Usage: $0 [--no-dry-run] [<task>] |
| 7 | |
| 8 | # --no-dry-run |
| 9 | # Don't pass --dry-run to Gradle, so Gradle executes the corresponding tasks. |
| 10 | # This is not normally necessary but in some cases can be a useful workaround. |
| 11 | # When https://github.com/gradle/gradle/issues/26289 is resolved, we should reevaluate this behavior |
| 12 | # |
| 13 | # <task> |
| 14 | # The task to ask Gradle to run. By default this is 'bOS' |
| 15 | # When --no-dry-run is removed, we should reevaluate this behavior |
| 16 | |
| 17 | dryrun=true |
| 18 | task="bOS" |
| 19 | |
| 20 | while [ "$1" != "" ]; do |
| 21 | arg="$1" |
| 22 | shift |
| 23 | if [ "$arg" == "--no-dry-run" ]; then |
| 24 | dryrun=false |
| 25 | continue |
| 26 | fi |
| 27 | task="$arg" |
Jeff Gaston | 2f0a730 | 2023-11-13 15:10:30 -0500 | [diff] [blame] | 28 | break |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 29 | done |
| 30 | |
Jeff Gaston | 2f0a730 | 2023-11-13 15:10:30 -0500 | [diff] [blame] | 31 | function usage() { |
| 32 | usageError="$1" |
| 33 | echo "$usageError" |
| 34 | echo "Usage: $0 [--no-dry-run] [<task>]" |
| 35 | exit 1 |
| 36 | } |
| 37 | |
| 38 | if [ "$1" != "" ]; then |
| 39 | usage "Unrecognized argument $1" |
| 40 | fi |
| 41 | |
Jeff Gaston | eb3691e | 2022-04-21 12:34:52 -0400 | [diff] [blame] | 42 | function runGradle() { |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 43 | echo running ./gradlew "$@" |
| 44 | if ./gradlew "$@"; then |
| 45 | echo succeeded: ./gradlew "$@" |
Jeff Gaston | 29e70d9 | 2022-05-10 13:12:55 -0400 | [diff] [blame] | 46 | else |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 47 | echo failed: ./gradlew "$@" |
Jeff Gaston | 29e70d9 | 2022-05-10 13:12:55 -0400 | [diff] [blame] | 48 | return 1 |
| 49 | fi |
Jeff Gaston | eb3691e | 2022-04-21 12:34:52 -0400 | [diff] [blame] | 50 | } |
| 51 | |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 52 | # This script regenerates signature-related information (dependency-verification-metadata and keyring) |
Jeff Gaston | b038ffa | 2022-10-06 15:05:19 -0400 | [diff] [blame] | 53 | function regenerateVerificationMetadata() { |
| 54 | echo "regenerating verification metadata and keyring" |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 55 | # regenerate metadata |
| 56 | # Need to run a clean build, https://github.com/gradle/gradle/issues/19228 |
Jeff Gaston | d0fb910 | 2023-08-24 15:44:58 -0400 | [diff] [blame] | 57 | # Resolving Configurations before task execution is expected. b/297394547 |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 58 | dryrunArg="" |
| 59 | if [ "$dryrun" == "true" ]; then |
| 60 | dryrunArg="--dry-run" |
| 61 | fi |
Aurimas Liutikas | 7db9d97 | 2024-04-03 23:05:55 +0000 | [diff] [blame] | 62 | runGradle --stacktrace --write-verification-metadata pgp,sha256 --export-keys $dryrunArg --clean -Pandroid.dependencyResolutionAtConfigurationTime.disallow=false -Pandroidx.enabled.kmp.target.platforms=+native $task |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 63 | |
Jeff Gaston | b038ffa | 2022-10-06 15:05:19 -0400 | [diff] [blame] | 64 | # update verification metadata file |
Jeff Gaston | 1d93a52 | 2023-08-29 14:24:51 -0400 | [diff] [blame] | 65 | |
| 66 | # first, make sure the resulting file is named "verification-metadata.xml" |
| 67 | if [ "$dryrun" == "true" ]; then |
| 68 | mv gradle/verification-metadata.dryrun.xml gradle/verification-metadata.xml |
| 69 | fi |
| 70 | |
| 71 | # next, remove 'version=' lines https://github.com/gradle/gradle/issues/20192 |
Omar Ismail | e9f5512 | 2024-07-09 13:02:50 +0100 | [diff] [blame] | 72 | if [ "$(uname)" = "Darwin" ]; then |
| 73 | sed -i '' 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml |
| 74 | else |
| 75 | sed -i 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml |
| 76 | fi |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 77 | |
Jeff Gaston | cb1093f | 2023-04-18 12:02:19 -0400 | [diff] [blame] | 78 | # rename keyring |
Jeff Gaston | 922a7a0 | 2024-02-14 16:22:03 -0500 | [diff] [blame] | 79 | if [ "$dryrun" == "true" ]; then |
| 80 | mv gradle/verification-keyring.dryrun.keys gradle/verification-keyring.keys |
| 81 | fi |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 82 | } |
Jeff Gaston | b038ffa | 2022-10-06 15:05:19 -0400 | [diff] [blame] | 83 | regenerateVerificationMetadata |
Jeff Gaston | a423cbc | 2022-03-09 18:50:05 -0500 | [diff] [blame] | 84 | |
| 85 | echo |
Jeff Gaston | eaac29c | 2023-02-07 15:11:00 -0500 | [diff] [blame] | 86 | echo 'Done. Please check that these changes look correct (`git diff`)' |
Jeff Gaston | 2f0a730 | 2023-11-13 15:10:30 -0500 | [diff] [blame] | 87 | echo "If Gradle did not make all expected updates to verification-metadata.xml, you can try '--no-dry-run'. This is slow so you may also want to specify a task. Example: $0 --no-dry-run exportSboms" |