From cab0487f98d23b14f43f2f34d59daf11cb3e6e98 Mon Sep 17 00:00:00 2001 From: Nikolay Krasko Date: Tue, 11 Jul 2023 18:17:10 +0200 Subject: [PATCH] Fix implicit dependency validation for zipCompilerSign Checksum tasks uses the directory output, but the directory is not empty, compiler.zip is among files in target directory. And this is probably the reason why gradle now claims zipCompilerChecksum should be added as direct dependency (see the error message below). Workaround: generate checksum in separate directory and copy the resulting file to directory with the compiler.zip. Note that `Copy` task can't be used because it also declares target directory as an output. Reproduce: ``` gradle zipCompilerWithSignature -Psigning.gnupg.keyName=???????? -Psigning.gnupg.passphrase=test -PsigningRequired=true -Pteamcity=true ``` Error: ``` org.gradle.internal.execution.WorkValidationException: A problem was found with the configuration of task ':zipCompilerSign' (type 'Sign'). - Gradle detected a problem with the following location: '/mnt/agent/work/***/kotlin_CompilerArtifacts/dist/kotlin-compiler-1.9.20-dev-6119.zip'. Reason: Task ':zipCompilerSign' uses this output of task ':zipCompilerChecksum' without declaring an explicit or implicit dependency. This can lead to incorrect results being produced, depending on what order the tasks are executed. Possible solutions: 1. Declare task ':zipCompilerChecksum' as an input of ':zipCompilerSign'. 2. Declare an explicit dependency on ':zipCompilerChecksum' from ':zipCompilerSign' using Task#dependsOn. 3. Declare an explicit dependency on ':zipCompilerChecksum' from ':zipCompilerSign' using Task#mustRunAfter. Please refer to https://docs.gradle.org/8.1.1/userguide/validation_problems.html#implicit_dependency for more details about this problem. ``` KTI-1285 --- build.gradle.kts | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 094d87371c8..7ae1c3d8c5b 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -880,20 +880,36 @@ val zipCompiler by tasks.registering(Zip::class) { } fun Project.secureZipTask(zipTask: TaskProvider): RegisteringDomainObjectDelegateProviderWithAction { - val checkSumTask = tasks.register("${zipTask.name}Checksum", Checksum::class) { + val checkSumTask: TaskProvider = tasks.register("${zipTask.name}Checksum", Checksum::class) { dependsOn(zipTask) inputFiles.setFrom(zipTask.map { it.outputs.files.singleFile }) - outputDirectory.fileProvider(zipTask.map { it.outputs.files.singleFile.parentFile }) + outputDirectory.fileProvider(zipTask.map { it.outputs.files.singleFile.parentFile.resolve("checksums") }) checksumAlgorithm.set(Checksum.Algorithm.SHA256) } + // Don't use Copy task, because it declares the full destination directory as an output + val copyChecksumTask = tasks.register("${zipTask.name}ChecksumCopy") { + dependsOn(checkSumTask) + + val checksumFileName: Provider = zipTask.map { "${it.outputs.files.singleFile.name}.sha256" } + val checksumFile: Provider = checkSumTask.map { it.outputDirectory.file(checksumFileName.get()).get() } + val outputFile: Provider = zipTask.map { it.outputs.files.singleFile.parentFile.resolve(checksumFileName.get()) } + + inputs.file(checksumFile) + outputs.file(outputFile) + + doLast { + checksumFile.get().asFile.copyTo(outputFile.get(), overwrite = true) + } + } + val signTask = tasks.register("${zipTask.name}Sign", Sign::class) { description = "Signs the archive produced by the '" + zipTask.name + "' task." sign(zipTask.get()) } return tasks.registering { - dependsOn(checkSumTask) + dependsOn(copyChecksumTask) dependsOn(signTask) } }