Fix implicit dependency validation for zipCompilerSign

Checksum tasks uses the directory output, but the directory is not empty, compiler.zip is among files in target directory. And this is probably the reason why gradle now claims zipCompilerChecksum should be added as direct dependency (see the error message below). Workaround: generate checksum in separate directory and copy the resulting file to directory with the compiler.zip. Note that `Copy` task can't be used because it also declares target directory as an output. Reproduce: ``` gradle zipCompilerWithSignature -Psigning.gnupg.keyName=???????? -Psigning.gnupg.passphrase=test -PsigningRequired=true -Pteamcity=true ``` Error: ``` org.gradle.internal.execution.WorkValidationException: A problem was found with the configuration of task ':zipCompilerSign' (type 'Sign'). - Gradle detected a problem with the following location: '/mnt/agent/work/***/kotlin_CompilerArtifacts/dist/kotlin-compiler-1.9.20-dev-6119.zip'. Reason: Task ':zipCompilerSign' uses this output of task ':zipCompilerChecksum' without declaring an explicit or implicit dependency. This can lead to incorrect results being produced, depending on what order the tasks are executed. Possible solutions: 1. Declare task ':zipCompilerChecksum' as an input of ':zipCompilerSign'. 2. Declare an explicit dependency on ':zipCompilerChecksum' from ':zipCompilerSign' using Task#dependsOn. 3. Declare an explicit dependency on ':zipCompilerChecksum' from ':zipCompilerSign' using Task#mustRunAfter. Please refer to https://docs.gradle.org/8.1.1/userguide/validation_problems.html#implicit_dependency for more details about this problem. ``` KTI-1285
2023-07-11 18:17:10 +02:00
parent 7346cf4777
commit cab0487f98
1 changed files with 19 additions and 3 deletions
@@ -880,20 +880,36 @@ val zipCompiler by tasks.registering(Zip::class) {
 }

 fun Project.secureZipTask(zipTask: TaskProvider<Zip>): RegisteringDomainObjectDelegateProviderWithAction<out TaskContainer, Task> {
-    val checkSumTask = tasks.register("${zipTask.name}Checksum", Checksum::class) {
+    val checkSumTask: TaskProvider<Checksum> = tasks.register("${zipTask.name}Checksum", Checksum::class) {
        dependsOn(zipTask)
        inputFiles.setFrom(zipTask.map { it.outputs.files.singleFile })
-        outputDirectory.fileProvider(zipTask.map { it.outputs.files.singleFile.parentFile })
+        outputDirectory.fileProvider(zipTask.map { it.outputs.files.singleFile.parentFile.resolve("checksums") })
        checksumAlgorithm.set(Checksum.Algorithm.SHA256)
    }

+    // Don't use Copy task, because it declares the full destination directory as an output
+    val copyChecksumTask = tasks.register("${zipTask.name}ChecksumCopy") {
+        dependsOn(checkSumTask)
+
+        val checksumFileName: Provider<String> = zipTask.map { "${it.outputs.files.singleFile.name}.sha256" }
+        val checksumFile: Provider<RegularFile> = checkSumTask.map { it.outputDirectory.file(checksumFileName.get()).get() }
+        val outputFile: Provider<File> = zipTask.map { it.outputs.files.singleFile.parentFile.resolve(checksumFileName.get()) }
+
+        inputs.file(checksumFile)
+        outputs.file(outputFile)
+
+        doLast {
+            checksumFile.get().asFile.copyTo(outputFile.get(), overwrite = true)
+        }
+    }
+
    val signTask = tasks.register("${zipTask.name}Sign", Sign::class) {
        description = "Signs the archive produced by the '" + zipTask.name + "' task."
        sign(zipTask.get())
    }

    return tasks.registering {
-        dependsOn(checkSumTask)
+        dependsOn(copyChecksumTask)
        dependsOn(signTask)
    }
 }