adding subsection actions

.github/workflows/ci.yml

@@ -18,4 +18,4 @@ jobs:
       - name: "Run tests"
         run: |
             python3 -m pip install pytest
-            pytest ./tests
+            pytest

.github/workflows/test-actions.yml

@@ -0,0 +1,69 @@
+name: GH pypi publish
+description: 'Publish to PyPI'
+
+on:
+  workflow_dispatch:
+    inputs:
+      publish-config:
+        description: 'Path to the publish config file'
+        required: true
+        default: 'publish-config.yml'
+      temp-dir:
+        description: 'Temporary directory to checkout svn repo'
+        required: false
+        default: 'temp-svn-repo'
+      mode:
+        description: 'Mode to run the action'
+        required: false
+        default: 'verify'
+
+jobs:
+  gh-action-pypi-publish:
+    runs-on: ubuntu-latest
+    environment: test
+    steps:
+     - name: Checkout Code
+       uses: actions/checkout@v3
+
+     - name: Setup Python
+       uses: actions/setup-python@v4
+       with:
+         python-version: '3.11'
+
+     - name: "Config parser"
+       id: config-parser
+       uses: ./read-config
+       with:
+        publish-config: ${{ inputs.publish-config }}
+
+     - name: "Checkout svn ${{ fromJSON(steps.config-parser.outputs.publisher-url) }}"
+       id: "svn-checkout"
+       uses: ./init
+       with:
+         temp-dir: ${{ inputs.temp-dir }}
+         repo-url: ${{ fromJSON(steps.config-parser.outputs.publisher-url) }}
+         repo-path: ${{ fromJSON(steps.config-parser.outputs.publisher-path) }}
+
+     - name: "Svn check"
+       id: "svn-check"
+       uses: ./svn
+       with:
+        svn-config: ${{ steps.config-parser.outputs.checks-svn }}
+        repo-url: ${{ fromJSON(steps.config-parser.outputs.publisher-url) }}
+        repo-path: ${{ fromJSON(steps.config-parser.outputs.publisher-path) }}
+
+     - name: "Checksum check"
+       id: "checksum-check"
+       uses: ./checksum
+       with:
+        checksum-config: ${{ steps.config-parser.outputs.checks-checksum }}
+        repo-url: ${{ fromJSON(steps.config-parser.outputs.publisher-url) }}
+        repo-path: ${{ fromJSON(steps.config-parser.outputs.publisher-path) }}
+
+     - name: "Signature check"
+       id: "signature-check"
+       uses: ./signature
+       with:
+        signature-config: ${{ steps.config-parser.outputs.checks-signature }}
+        repo-url: ${{ fromJSON(steps.config-parser.outputs.publisher-url) }}
+        repo-path: ${{ fromJSON(steps.config-parser.outputs.publisher-path) }}

checksum/action.yml

@@ -0,0 +1,35 @@
+name: 'Checksum Validator'
+description: 'Validate checksum of packages'
+inputs:
+  checksum-config:
+    description: 'Json config for checksum'
+    required: true
+  temp-dir:
+    description: 'Checkout directory of svn repo'
+    required: false
+    default: 'temp-svn-repo'
+  repo-path:
+    description: 'Path to the svn repo ex: airflow/providers/'
+    required: true
+  repo-url:
+    description: 'URL of the svn repo ex: https://dist.apache.org/repos/dist/release/airflow/'
+    required: true
+
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+
+    - name: "Check sum validation"
+      shell: bash
+      id: check-sum
+      env:
+        CHECK_SUM_CONFIG: ${{ inputs.checksum-config }}
+      run: |
+        python3 -m pip install uv
+        uv run $GITHUB_ACTION_PATH/checksum_check.py
+      working-directory: "./${{ inputs.temp-dir }}/${{ inputs.repo-path }}"

checksum/checksum_check.py

@@ -0,0 +1,71 @@
+# /// script
+# requires-python = ">=3.11"
+# dependencies = [
+#     "rich",
+# ]
+# ///
+import hashlib
+import json
+import os
+from rich.console import Console
+
+console = Console(width=400, color_system="standard")
+svn_files = os.listdir()
+
+invalid_checksums = []
+
+
+def validate_checksum(check_sum_files: list[dict[str, str]], algorithm: str):
+    for file_dict in check_sum_files:
+        sha_file, check_file = file_dict.values()
+
+        with open(check_file, "rb") as chk:
+            digest = hashlib.file_digest(chk, algorithm)
+
+        actual_sha = digest.hexdigest()
+
+        with open(sha_file, "rb") as shf:
+            content = shf.read().decode("utf-8").strip()
+
+        expected_sha = content.split()[0]
+
+        if actual_sha != expected_sha:
+            invalid_checksums.append(
+                {
+                    "file": sha_file,
+                    "expected_sha": expected_sha,
+                    "actual_sha": actual_sha,
+                }
+            )
+
+
+def get_valid_files(algorithm, files) -> list[dict[str, str]]:
+    eligible_files = []
+    for file in files:
+        if file.endswith(algorithm):
+            eligible_files.append(
+                {
+                    "sha_file": file,
+                    "check_file": file.replace(algorithm, "").rstrip("."),
+                }
+            )
+    return eligible_files
+
+
+if __name__ == "__main__":
+    check_sum_config = json.loads(os.environ.get("CHECK_SUM_CONFIG"))
+
+    for check in check_sum_config:
+        console.print(f"[blue]Checking {check.get('description')} checksum[/]")
+        valid_files = get_valid_files(check.get("algorithm"), svn_files)
+        validate_checksum(valid_files, check.get("algorithm"))
+
+    if invalid_checksums:
+        console.print("[red]Checksum validation failed[/]")
+        for invalid in invalid_checksums:
+            console.print(f"[red]File: {invalid.get('file')}[/]")
+            console.print(f"[red]Expected SHA: {invalid.get('expected_sha')}[/]")
+            console.print(f"[red]Actual SHA: {invalid.get('actual_sha')}[/]")
+        exit(1)
+
+    console.print("[blue]Checksum validation passed[/]")

checksum/test_checksum_check.py

@@ -0,0 +1,17 @@
+from unittest.mock import patch, mock_open
+from checksum.checksum_check import get_valid_files, validate_checksum, invalid_checksums
+
+class TestChecksumCheck:
+
+    def test_get_valid_files(self):
+        files = [
+            'apache-airflow-2.10.3-source.tar.gz.sha512',
+            'apache_airflow-2.10.3-py3-none-any.whl.asc',
+            'apache_airflow-2.10.3-py3-none-any.whl.sha512',
+            'apache_airflow-2.10.3.tar.gz'
+        ]
+        valida_files = get_valid_files('sha512', files)
+        assert valida_files == [{'sha_file': 'apache-airflow-2.10.3-source.tar.gz.sha512', 'check_file': 'apache-airflow-2.10.3-source.tar.gz'}, {'sha_file': 'apache_airflow-2.10.3-py3-none-any.whl.sha512', 'check_file': 'apache_airflow-2.10.3-py3-none-any.whl'}]
+
+
+