@@ -41,21 +41,37 @@ jobs:
4141 VERSION : ${{ steps.maven.outputs.version }}
4242 run : ./mvnw wrapper:wrapper -Dmaven="${VERSION}"
4343
44- - name : Patch SHA512 into wrapper properties
45- # Add the SHA to properties file .
46- # We might need the -L for curl, as after a new release all old SHA files will move to archive folder.
44+ - name : Patch SHA256 into wrapper properties
45+ # Apache Maven only publishes .sha512 files, so we download the zip and compute SHA-256 locally .
46+ # We might need the -L for curl, as after a new release all old files will move to archive folder.
4747 env :
4848 VERSION : ${{ steps.maven.outputs.version }}
4949 run : |
5050 MAJOR=$(echo "$VERSION" | cut -d. -f1)
51- SHA=$(curl -sL "https://downloads.apache.org/maven/maven-${MAJOR}/${VERSION}/binaries/apache-maven-${VERSION}-bin.zip.sha512")
52- if [[ ! "$SHA" =~ ^[0-9a-f]{128}$ ]]; then
51+ BASE_URL="https://downloads.apache.org/maven/maven-${MAJOR}/${VERSION}/binaries/apache-maven-${VERSION}-bin.zip"
52+ ZIP=$(mktemp)
53+ curl -sLf "$BASE_URL" -o "$ZIP"
54+ EXPECTED_SHA512=$(curl -sLf "${BASE_URL}.sha512")
55+ if [[ ! "$EXPECTED_SHA512" =~ ^[0-9a-f]{128}$ ]]; then
5356 echo "Error: invalid SHA-512 checksum downloaded for Maven ${VERSION}" >&2
5457 exit 1
5558 fi
59+ ACTUAL_SHA512=$(sha512sum "$ZIP" | awk '{print $1}')
60+ if [[ "$ACTUAL_SHA512" != "$EXPECTED_SHA512" ]]; then
61+ echo "Error: SHA-512 mismatch for Maven ${VERSION} zip (expected: ${EXPECTED_SHA512}, got: ${ACTUAL_SHA512})" >&2
62+ exit 1
63+ fi
64+ SHA256=$(sha256sum "$ZIP" | awk '{print $1}')
65+ rm -f "$ZIP"
66+ if [[ ! "$SHA256" =~ ^[0-9a-f]{64}$ ]]; then
67+ echo "Error: failed to compute a valid SHA-256 checksum for Maven ${VERSION}" >&2
68+ exit 1
69+ fi
5670 PROPS=".mvn/wrapper/maven-wrapper.properties"
71+ sed -i '/^distributionSha256Sum=/d' "$PROPS"
72+ echo "distributionSha256Sum=${SHA256}" >> "$PROPS"
73+ # remove entry for SHA-512 if present, as it is not yet supported by wrapper
5774 sed -i '/^distributionSha512Sum=/d' "$PROPS"
58- echo "distributionSha512Sum=${SHA}" >> "$PROPS"
5975
6076 - name : Open PR if changed
6177 uses : peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # 8.1.1
0 commit comments