From 0b3aaec700477ce54e91dfb140516379fb040941 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 7 Apr 2025 17:42:35 +0200 Subject: [PATCH] check-for-unattached-signatures.py: codequality JSON output --- .gitlab-ci.yml | 8 ++++- tools/check-for-unattached-signatures.py | 39 +++++++++++++++++++----- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ca4aad71c3..a34416a89c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -215,7 +215,7 @@ lint: script: - apt-get -qy update - apt-get -qy dist-upgrade - - apt-get -qy install --no-install-recommends exiftool git python3 python3-yaml + - apt-get -qy install --no-install-recommends exiftool git jq python3 python3-yaml - export EXITVALUE=0 - function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; } @@ -230,7 +230,13 @@ lint: - ./tools/check-for-unattached-signatures.py || set_error - ./tools/make-summary-translatable.py || set_error + # GitLab only supports one codequality report per job + - jq '[.[]|.[]]' --slurp *.json > codequality.json + - exit $EXITVALUE + artifacts: + reports: + codequality: codequality.json schema validation: stage: test diff --git a/tools/check-for-unattached-signatures.py b/tools/check-for-unattached-signatures.py index a561a9f04a..c625621487 100755 --- a/tools/check-for-unattached-signatures.py +++ b/tools/check-for-unattached-signatures.py @@ -6,24 +6,47 @@ # files are useless cruft. import glob +import hashlib +import json import os - +import sys import yaml +CODEQUALITY_REPORT = list() +CHECK_NAME = os.path.basename(__file__) + errors = 0 -for d in glob.glob('metadata/*/signatures/[0-9]*'): +for d in glob.glob("metadata/*/signatures/[0-9]*"): appid = os.path.basename(os.path.dirname(os.path.dirname(d))) - with open(os.path.join('metadata', appid + '.yml')) as fp: + with open(os.path.join("metadata", appid + ".yml")) as fp: app = yaml.safe_load(fp) versionCode = os.path.basename(d) found = False - for build in app['Builds']: - if int(versionCode) == int(build['versionCode']): + for build in app["Builds"]: + if int(versionCode) == int(build["versionCode"]): found = True break if not found: - print('ERROR: found signatures files with no matching build:') + errors += 1 + msg = "found signatures files with no matching build" + print(f"ERROR: {msg}:") for f in os.listdir(d): - print('\t', os.path.join(d, f)) + sig_file = os.path.join(d, f) + print(f"\t{sig_file}") + m = hashlib.sha256() + with open(sig_file, 'rb') as fp: + m.update(fp.read()) + CODEQUALITY_REPORT.append( + { + "description": msg, + "check_name": CHECK_NAME, + "fingerprint": CHECK_NAME + f + m.hexdigest(), + "severity": "major", + "location": {"path": sig_file, "lines": {"begin": 0}}, + } + ) -exit(errors) +with open(f"{CHECK_NAME}.json", "w") as fp: + json.dump(CODEQUALITY_REPORT, fp) + +sys.exit(errors)