Merge pull request #93 from nebula-plugins/fix-validation-sign-error

fix signing error in validation runs

Author: wakingrufus

build.gradle.kts

@@ -54,6 +54,7 @@ dependencies {
     }
     testImplementation("org.spockframework:spock-core:2.3-groovy-4.0")
     testImplementation("org.spockframework:spock-junit4:2.3-groovy-4.0")
+    testImplementation("org.mock-server:mockserver-netty:5.15.0")
 }
 
 gradlePlugin {

gradle.lockfile

@@ -0,0 +1,119 @@
+package nebula.plugin.publishing
+
+import org.mockserver.integration.ClientAndServer
+import org.mockserver.model.HttpRequest.request
+import org.mockserver.model.HttpResponse.response
+
+fun expectPublicationWithChecksums(mockServer: ClientAndServer, path: String): List<(ClientAndServer) -> Unit> {
+    val verifications = mutableListOf<(ClientAndServer) -> Unit>()
+    val paths = listOf(
+        path,
+        "$path.md5",
+        "$path.sha1",
+        "$path.sha256",
+        "$path.sha512"
+    )
+    paths.forEach {
+        val request = request(it).withMethod("PUT")
+        mockServer
+            .`when`(request)
+            .respond { response().withStatusCode(200) }
+        verifications.add { it.verify(request) }
+    }
+    return verifications
+}
+
+fun expectSignedPublicationWithChecksums(mockServer: ClientAndServer, path: String): List<(ClientAndServer) -> Unit> {
+    return expectPublicationWithChecksums(mockServer, path) +
+            expectPublicationWithChecksums(mockServer, "$path.asc")
+}
+
+class Publication(
+    val mockServer: ClientAndServer,
+    val repo: String,
+    val groupName: String,
+    val moduleName: String,
+    val version: String,
+) {
+    private val groupPath = groupName.replace(".", "/")
+    private val modulePath = "$repo/$groupPath/${moduleName}"
+    private val fullPath = "$modulePath/${version}"
+    private val verifications = mutableListOf<(ClientAndServer) -> Unit>()
+    fun withArtifact(classifier: String, extension: String) {
+        verifications.addAll(
+            expectSignedPublicationWithChecksums(
+                mockServer,
+                "/$fullPath/$moduleName-${version}-$classifier.$extension"
+            )
+        )
+    }
+
+    fun withGradleModuleMetadata() {
+        verifications.addAll(
+            expectSignedPublicationWithChecksums(mockServer, "/$fullPath/$moduleName-${version}.module")
+        )
+    }
+
+    fun withArtifact(extension: String) {
+        verifications.addAll(
+            expectSignedPublicationWithChecksums(mockServer, "/$fullPath/$moduleName-${version}.$extension")
+        )
+    }
+
+    fun verifications(): List<(ClientAndServer) -> Unit> {
+        return verifications
+    }
+}
+
+fun ClientAndServer.expectPublication(
+    repo: String,
+    groupName: String,
+    moduleName: String,
+    version: String,
+    additional: Publication.() -> Unit = {}
+): VerificationsContainer {
+    val groupPath = groupName.replace(".", "/")
+    val modulePath = "$repo/$groupPath/${moduleName}"
+    val fullPath = "$modulePath/${version}"
+    val allVersionsXml = listOf("0.0.0").joinToString("/n") { "      <version>$it</version>" }
+    `when`(request("/$modulePath/maven-metadata.xml"))
+        .respond {
+            response().withBody(
+                """
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata>
+  <groupId>${groupName}</groupId>
+  <artifactId>${moduleName}</artifactId>
+  <versioning>
+    <latest>0.0.0</latest>
+    <release>0.0.0</release>
+    <versions>
+$allVersionsXml
+    </versions>
+    <lastUpdated>20210816163607</lastUpdated>
+  </versioning>
+</metadata>
+"""
+            ).withStatusCode(200)
+        }
+    val verifications = mutableListOf<(ClientAndServer) -> Unit>()
+    verifications.addAll(
+        expectSignedPublicationWithChecksums(this, "/$fullPath/${moduleName}-${version}.pom")
+    )
+    verifications.addAll(
+        expectPublicationWithChecksums(this, "/$modulePath/maven-metadata.xml")
+    )
+
+    verifications.addAll(
+        Publication(this, repo, groupName, moduleName, version).apply { additional() }.verifications()
+    )
+    return VerificationsContainer(verifications)
+}
+
+class VerificationsContainer(val verifications: List<(ClientAndServer) -> Unit>) {
+    fun verify(mockServer: ClientAndServer) {
+        verifications.forEach { verification ->
+            verification(mockServer)
+        }
+    }
+}

src/test/kotlin/nebula/plugin/plugin/ArtifactoryMock.kt

@@ -1,21 +1,94 @@
 package nebula.plugin.plugin
 
+import nebula.test.dsl.ProjectBuilder
+
 //language=kotlin
-const val DISABLE_PUBLISH_TASKS : String = """
+const val DISABLE_PUBLISH_TASKS: String = """
 afterEvaluate {
     tasks.withType<AbstractPublishToMaven>() {
         onlyIf { false }
     }
-    tasks.withType<Sign>(){
-        onlyIf { false } // we don't have a signing key in integration tests (yet)
-    }
+    project.tasks.findByName("publishPlugins")?.onlyIf { false }
 }
 """
 
-
 //language=kotlin
-const val DISABLE_MAVEN_CENTRAL_TASKS : String = """
+const val DISABLE_MAVEN_CENTRAL_TASKS: String = """
 project.tasks.findByName("initializeSonatypeStagingRepository")?.onlyIf { false }
 project.tasks.findByName("closeSonatypeStagingRepository")?.onlyIf { false }
 project.tasks.findByName("releaseSonatypeStagingRepository")?.onlyIf { false }
-"""
+"""
+
+//language=kotlin
+fun ProjectBuilder.mockSign() {
+    rawBuildScript(
+        //language=kotlin
+        """
+afterEvaluate {
+project.extensions.getByType<SigningExtension>().signatories = object:
+    org.gradle.plugins.signing.signatory.SignatoryProvider<Signatory> {
+    override fun configure(settings: SigningExtension?, closure: groovy.lang.Closure<*>?) {
+    }
+
+    override fun getDefaultSignatory(project: Project?): Signatory {
+        return object: Signatory {
+            override fun getName(): String {
+                return "name"
+            }
+
+            override fun sign(toSign: java.io.InputStream?, destination: java.io.OutputStream?) {
+                destination?.write( sign(toSign))
+            }
+
+            override fun sign(toSign: java.io.InputStream?): ByteArray {
+                return "signature".toByteArray()
+            }
+
+            override fun getKeyId(): String {
+                return "id"
+            }
+        }
+    }
+
+    override fun getSignatory(name: String?): Signatory {
+        return object: Signatory {
+            override fun getName(): String {
+                return "name"
+            }
+
+            override fun sign(toSign: java.io.InputStream?, destination: java.io.OutputStream?) {
+                destination?.write( sign(toSign))
+            }
+
+            override fun sign(toSign: java.io.InputStream?): ByteArray {
+                return "signature".toByteArray()
+            }
+
+            override fun getKeyId(): String {
+                return "id"
+            }
+        }
+    }
+}
+}
+"""
+    )
+}
+
+fun ProjectBuilder.nebulaOssPublishing(
+    netflixOssRepositoryBaseUrl: String,
+    packageGroup: String = "com.netflix",
+    netflixOssRepository: String = "netflix-oss"
+) {
+    rawBuildScript(
+        """
+nebulaOssPublishing {
+    signingKey = "something"
+    signingPassword = "something"
+    packageGroup = "$packageGroup"
+    netflixOssRepositoryBaseUrl = "$netflixOssRepositoryBaseUrl"
+    netflixOssRepository = "$netflixOssRepository"
+}
+"""
+    )
+}

src/test/kotlin/nebula/plugin/plugin/Buildscripts.kt

@@ -0,0 +1,18 @@
+package nebula.plugin.publishing
+
+import org.mockserver.integration.ClientAndServer
+import org.mockserver.model.HttpRequest.request
+import org.mockserver.model.HttpResponse.response
+
+fun ClientAndServer.mockGradlePluginPortal(pluginId: String) {
+    `when`(
+        request()
+            .withMethod("POST")
+            .withPath("/api/v1/publish/versions/validate/$pluginId")
+    )
+        .respond {
+            response().withBody(
+                //language=json
+                """{"failed": false}""")
+        }
+}

src/test/kotlin/nebula/plugin/plugin/GradlePluginPortalMock.kt

@@ -30,6 +30,7 @@ internal class IntegrationTest {
 $DISABLE_PUBLISH_TASKS
 """.trimIndent()
             )
+            mockSign()
             src {
                 main {
                     java("example/Main.java", SAMPLE_JAVA_MAIN_CLASS)
@@ -56,6 +57,7 @@ gradlePlugin {
 }
 """
             )
+            mockSign()
             src {
                 main {
                     java("example/MyPlugin.java", SAMPLE_JAVA_PLUGIN)