Merge pull request #87 from meowmeowmeowcat/show-hash-values

This patch calculates SHA256, MD5, and BLAKE2-256 hash digests of every file in the packages directory and prints out their HEX representations to the log. Resolves https://github.com/pypa/gh-action-pypi-publish/issues/62
2024-11-22 00:21:08 -05:00 · 2022-01-09 12:50:56 +01:00 · 2022-01-09 12:50:56 +01:00 · 4992a00fb2
commit 4992a00fb2
parent bea5cda687 977d067561
5 changed files with 46 additions and 0 deletions
--- a/1
+++ b/1
@ -14,6 +14,7 @@ RUN \
 WORKDIR /app
 COPY LICENSE.md .
 COPY twine-upload.sh .
+COPY print-hash.py .

 RUN chmod +x twine-upload.sh
 ENTRYPOINT ["/app/twine-upload.sh"]
--- a/README.md
+++ b/README.md
@ -162,6 +162,16 @@ Sometimes, `twine upload` can fail and to debug use the `verbose` setting as fol
     verbose: true
 ```

+### Showing hash values of files to be uploaded
+
+You may want to verify whether the files on PyPI were automatically uploaded by CI script.
+It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded.
+
+```yml
+  with:
+    print_hash: true
+```
+
 ## License

 The Dockerfile and associated scripts and documentation in this project
--- a/action.yml
+++ b/action.yml
@ -30,6 +30,10 @@ inputs:
    description: Show verbose output.
    required: false
    default: false
+  print_hash:
+    description: Show hash values of files to be uploaded
+    required: false
+    default: false
 branding:
  color: yellow
  icon: upload-cloud
@ -44,3 +48,4 @@ runs:
  - ${{ inputs.verify_metadata }}
  - ${{ inputs.skip_existing }}
  - ${{ inputs.verbose }}
+  - ${{ inputs.print_hash }}
--- a/print-hash.py
+++ b/print-hash.py
@ -0,0 +1,26 @@
+import hashlib
+import pathlib
+import sys
+
+packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute()
+
+print("Showing hash values of files to be uploaded:")
+
+for file_object in packages_dir.iterdir():
+    sha256 = hashlib.sha256()
+    md5 = hashlib.md5()
+    blake2_256 = hashlib.blake2b(digest_size=256 // 8)
+    
+    print(file_object)
+    print("")
+
+    content = file_object.read_bytes()
+    
+    sha256.update(content)
+    md5.update(content)
+    blake2_256.update(content)
+
+    print(f"SHA256: {sha256.hexdigest()}")
+    print(f"MD5: {md5.hexdigest()}")
+    print(f"BLAKE2-256: {blake2_256.hexdigest()}")
+    print("")
--- a/twine-upload.sh
+++ b/twine-upload.sh
@ -44,6 +44,10 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
    TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
 fi

+if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
+    python /app/print-hash.py "${INPUT_PACKAGES_DIR%%/}"
+fi
+
 TWINE_USERNAME="$INPUT_USER" \
 TWINE_PASSWORD="$INPUT_PASSWORD" \
 TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \