fix: added verify-artifacts step

Signed-off-by: Matt Peterson <[email protected]>
hashgraph · Dec 16, 2024 · 4c26770 · 4c26770
1 parent fffa5f6
commit 4c26770
Showing 1 changed file with 111 additions and 0 deletions.
diff --git a/.github/workflows/zxc-verify-gradle-build-determinism.yaml b/.github/workflows/zxc-verify-gradle-build-determinism.yaml
@@ -118,3 +118,114 @@ jobs:
         env:
           MANIFEST_PATH: ${{ env.GRADLE_MANIFEST_PATH }}
         run: ${{ env.GRADLE_MANIFEST_GENERATOR }}
+
+  verify-artifacts:
+    name: "Verify Artifacts (${{ join(matrix.os, ', ') }})"
+    runs-on: ${{ matrix.os }}
+    needs:
+      - generate-baseline
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-22.04
+          - ubuntu-20.04
+          - windows-2022
+          - windows-2019
+          - network-node-linux-medium
+          - network-node-linux-large
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - name: Standardize Git Line Endings
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref }}
+
+#      - name: Setup Python
+#        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+#        with:
+#          python-version: 3.9
+
+      - name: Setup Java
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+        with:
+          distribution: ${{ inputs.java-distribution }}
+          java-version: ${{ inputs.java-version }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
+        with:
+          cache-disabled: true
+
+#      - name: Setup CoreUtils (macOS)
+#        if: ${{ runner.os == 'macOS' }}
+#        run: brew install coreutils
+
+#      - name: Authenticate to Google Cloud
+#        id: google-auth
+#        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
+#        with:
+#          workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
+#          service_account: "[email protected]"
+
+#      - name: Setup Google Cloud SDK
+#        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
+#        env:
+#          CLOUDSDK_PYTHON: ${{ format('{0}{1}', env.pythonLocation, runner.os == 'Windows' && '\python.exe' || '/bin/python3') }}
+#
+#      - name: Download Baseline
+#        env:
+#          CLOUDSDK_PYTHON: ${{ format('{0}{1}', env.pythonLocation, runner.os == 'Windows' && '\python.exe' || '/bin/python3') }}
+#        run: |
+#          mkdir -p "${GRADLE_MANIFEST_PATH}"
+#          cd "${GRADLE_MANIFEST_PATH}"
+#          gsutil cp "${{ needs.generate-baseline.outputs.file }}" .
+#          tar -xzf "${{ needs.generate-baseline.outputs.name }}"
+
+      - name: Build Artifacts
+        id: gradle-build
+        run: ./gradlew assemble --scan --no-build-cache
+
+      - name: Regenerate Manifest
+        id: regen-manifest
+        env:
+          MANIFEST_PATH: ${{ env.GRADLE_MANIFEST_PATH }}/regenerated
+        run: ${{ env.GRADLE_MANIFEST_GENERATOR }}
+
+      - name: Validate Applications
+        working-directory: ${{ github.workspace }}/hedera-node/data/apps
+        run: sha256sum -c "${GRADLE_MANIFEST_PATH}/applications.sha256"
+
+#      - name: Compare Library Manifests
+#        run: |
+#          if ! diff -u "${GRADLE_MANIFEST_PATH}/libraries.sha256" "${{ steps.regen-manifest.outputs.libraries }}" >/dev/null 2>&1; then
+#            echo "::group::Library Manifest Differences"
+#            diff -u "${GRADLE_MANIFEST_PATH}/libraries.sha256" "${{ steps.regen-manifest.outputs.libraries }}"
+#            echo "::endgroup::"
+#            exit 1
+#          fi
+#
+#      - name: Compare Application Manifests
+#        run: |
+#          if ! diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}" >/dev/null 2>&1; then
+#            echo "::group::Application Manifest Differences"
+#            diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}"
+#            echo "::endgroup::"
+#            exit 1
+#          fi
+#
+#      - name: Publish Manifests
+#        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+#        if: ${{ steps.regen-manifest.conclusion == 'success' && failure() && !cancelled() }}
+#        with:
+#          name: Gradle Manifests [${{ join(matrix.os, ', ') }}]
+#          path: ${{ env.GRADLE_MANIFEST_PATH }}/**