Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update sign.py to only sign specific file types #303

Merged
merged 1 commit into from
Aug 25, 2021
Merged

Update sign.py to only sign specific file types #303

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 1 addition & 6 deletions bundle-workflow/src/sign.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
basepath = os.path.dirname(os.path.abspath(args.manifest.name))
signer = Signer()

signer = Signer()
for component in manifest.components:

if args.component and args.component != component.name:
Expand All @@ -31,10 +30,6 @@
if args.type and args.type != artifact_type:
continue

artifact_list = component.artifacts[artifact_type]
for artifact in artifact_list:
location = os.path.join(basepath, artifact)
signer.sign(location)
signer.verify(location + ".asc")
signer.sign(component.artifacts[artifact_type])

print("Done.")
7 changes: 7 additions & 0 deletions bundle-workflow/src/signing_workflow/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# This page intentionally left blank.
16 changes: 16 additions & 0 deletions bundle-workflow/src/signing_workflow/signer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
# SPDX-License-Identifier: Apache-2.0

import os
import pathlib
import sys

from git.git_repository import GitRepository
Expand All @@ -17,11 +18,26 @@


class Signer:

ACCEPTED_FILE_TYPES = ['.zip', '.jar', '.war', '.pom', '.module', '.tar.gz']

def __init__(self):
self.git_repo = GitRepository(self.get_repo_url(), "HEAD")
self.git_repo.execute("./bootstrap", subdirname="src")
self.git_repo.execute("rm config.cfg", subdirname="src")

def sign_artifacts(self, artifacts, basepath):
for artifact in artifacts:
if self.is_invalid_file_type(artifact):
print(f'Skipping signing of file ${artifact}')
continue
location = os.path.join(basepath, artifact)
self.sign(location)
self.verify(location + ".asc")

def is_invalid_file_type(self, file_name):
return ''.join(pathlib.Path(file_name).suffixes) not in Signer.ACCEPTED_FILE_TYPES

def get_repo_url(self):
if "GITHUB_TOKEN" in os.environ:
return "https://${GITHUB_TOKEN}@github.com/opensearch-project/opensearch-signer-client.git"
Expand Down
11 changes: 11 additions & 0 deletions bundle-workflow/tests/signing_workflow/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

import os
import sys

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../.."))
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../src"))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idk if there is a more elegant way to define this, but without /src it could not find the signer's import of git_repository.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't find a better way to do it.

You should have just one though, and in tests import from src.git.git_repository import GitRepository, note the src.. As written you may have a conflict in class names between tests and src.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I tried this but still get a module not found error with pytest.

bundle-workflow/src/signing_workflow/signer.py:10: in <module>
    from git.git_repository import GitRepository
E   ModuleNotFoundError: No module named 'git'

The signer.py src file has a dependency on GitRepository, and when running tests it can't find git.git_repository on the path unless I explicitly add the extra

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../src"))

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

going to merge as is, will see if I can sort this out.

33 changes: 33 additions & 0 deletions bundle-workflow/tests/signing_workflow/test_sign.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
import unittest
from unittest.mock import MagicMock, call, patch

from src.signing_workflow.signer import Signer


class TestSigner(unittest.TestCase):

@patch('src.signing_workflow.signer.GitRepository')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I like this!

def test_accepted_file_types(self, git_repo):

artifacts = [
'bad-xml.xml',
'the-jar.jar',
'the-zip.zip',
'the-war.war',
'the-pom.pom',
'the-module.module',
'the-tar.tar.gz',
'random-file.txt',
]
expected = [
call('/path/the-jar.jar'),
call('/path/the-zip.zip'),
call('/path/the-war.war'),
call('/path/the-pom.pom'),
call('/path/the-module.module'),
call('/path/the-tar.tar.gz'),
]
signer = Signer()
signer.sign = MagicMock()
signer.sign_artifacts(artifacts, '/path')
self.assertEqual(signer.sign.call_args_list, expected)