Merge pull request #87 from meowmeowmeowcat/show-hash-values

This patch calculates SHA256, MD5, and BLAKE2-256 hash digests
of every file in the packages directory and prints out their HEX
representations to the log.

Resolves https://github.com/pypa/gh-action-pypi-publish/issues/62
This commit is contained in:
Sviatoslav Sydorenko 2022-01-09 12:50:56 +01:00 committed by GitHub
commit 4992a00fb2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 46 additions and 0 deletions

View file

@ -14,6 +14,7 @@ RUN \
WORKDIR /app WORKDIR /app
COPY LICENSE.md . COPY LICENSE.md .
COPY twine-upload.sh . COPY twine-upload.sh .
COPY print-hash.py .
RUN chmod +x twine-upload.sh RUN chmod +x twine-upload.sh
ENTRYPOINT ["/app/twine-upload.sh"] ENTRYPOINT ["/app/twine-upload.sh"]

View file

@ -162,6 +162,16 @@ Sometimes, `twine upload` can fail and to debug use the `verbose` setting as fol
verbose: true verbose: true
``` ```
### Showing hash values of files to be uploaded
You may want to verify whether the files on PyPI were automatically uploaded by CI script.
It will show SHA256, MD5, BLAKE2-256 values of files to be uploaded.
```yml
with:
print_hash: true
```
## License ## License
The Dockerfile and associated scripts and documentation in this project The Dockerfile and associated scripts and documentation in this project

View file

@ -30,6 +30,10 @@ inputs:
description: Show verbose output. description: Show verbose output.
required: false required: false
default: false default: false
print_hash:
description: Show hash values of files to be uploaded
required: false
default: false
branding: branding:
color: yellow color: yellow
icon: upload-cloud icon: upload-cloud
@ -44,3 +48,4 @@ runs:
- ${{ inputs.verify_metadata }} - ${{ inputs.verify_metadata }}
- ${{ inputs.skip_existing }} - ${{ inputs.skip_existing }}
- ${{ inputs.verbose }} - ${{ inputs.verbose }}
- ${{ inputs.print_hash }}

26
print-hash.py Executable file
View file

@ -0,0 +1,26 @@
import hashlib
import pathlib
import sys
packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute()
print("Showing hash values of files to be uploaded:")
for file_object in packages_dir.iterdir():
sha256 = hashlib.sha256()
md5 = hashlib.md5()
blake2_256 = hashlib.blake2b(digest_size=256 // 8)
print(file_object)
print("")
content = file_object.read_bytes()
sha256.update(content)
md5.update(content)
blake2_256.update(content)
print(f"SHA256: {sha256.hexdigest()}")
print(f"MD5: {md5.hexdigest()}")
print(f"BLAKE2-256: {blake2_256.hexdigest()}")
print("")

View file

@ -44,6 +44,10 @@ if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS" TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
fi fi
if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
python /app/print-hash.py "${INPUT_PACKAGES_DIR%%/}"
fi
TWINE_USERNAME="$INPUT_USER" \ TWINE_USERNAME="$INPUT_USER" \
TWINE_PASSWORD="$INPUT_PASSWORD" \ TWINE_PASSWORD="$INPUT_PASSWORD" \
TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \ TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \