1#!/bin/bash
2set -e
3
4# This script updates trust entries in gradle/verification-metadata.xml
5
6# Usage: $0 [--no-dry-run] [<task>]
7
8# --no-dry-run
9#   Don't pass --dry-run to Gradle, so Gradle executes the corresponding tasks.
10#   This is not normally necessary but in some cases can be a useful workaround.
11#   When https://github.com/gradle/gradle/issues/26289 is resolved, we should reevaluate this behavior
12#
13# <task>
14#   The task to ask Gradle to run. By default this is 'bOS'
15#   When --no-dry-run is removed, we should reevaluate this behavior
16
17dryrun=true
18task="bOS"
19
20while [ "$1" != "" ]; do
21  arg="$1"
22  shift
23  if [ "$arg" == "--no-dry-run" ]; then
24    dryrun=false
25    continue
26  fi
27  task="$arg"
28  break
29done
30
31function usage() {
32  usageError="$1"
33  echo "$usageError"
34  echo "Usage: $0 [--no-dry-run] [<task>]"
35  exit 1
36}
37
38if [ "$1" != "" ]; then
39  usage "Unrecognized argument $1"
40fi
41
42function runGradle() {
43  echo running ./gradlew "$@"
44  if ./gradlew "$@"; then
45    echo succeeded: ./gradlew "$@"
46  else
47    echo failed: ./gradlew "$@"
48    return 1
49  fi
50}
51
52# This script regenerates signature-related information (dependency-verification-metadata and keyring)
53function regenerateVerificationMetadata() {
54  echo "regenerating verification metadata and keyring"
55  # regenerate metadata
56  # Need to run a clean build, https://github.com/gradle/gradle/issues/19228
57  # Resolving Configurations before task execution is expected. b/297394547
58  dryrunArg=""
59  if [ "$dryrun" == "true" ]; then
60    dryrunArg="--dry-run"
61  fi
62  runGradle --stacktrace --write-verification-metadata pgp,sha256 --export-keys $dryrunArg --clean -Pandroid.dependencyResolutionAtConfigurationTime.disallow=false -Pandroidx.enabled.kmp.target.platforms=+native $task
63
64  # update verification metadata file
65
66  # first, make sure the resulting file is named "verification-metadata.xml"
67  if [ "$dryrun" == "true" ]; then
68    mv gradle/verification-metadata.dryrun.xml gradle/verification-metadata.xml
69  fi
70
71  # next, remove 'version=' lines https://github.com/gradle/gradle/issues/20192
72  if [ "$(uname)" = "Darwin" ]; then
73      sed -i '' 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml
74  else
75      sed -i 's/\(trusted-key.*\)version="[^"]*"/\1/' gradle/verification-metadata.xml
76  fi
77
78  # rename keyring
79  if [ "$dryrun" == "true" ]; then
80    mv gradle/verification-keyring.dryrun.keys gradle/verification-keyring.keys
81  fi
82}
83regenerateVerificationMetadata
84
85echo
86echo 'Done. Please check that these changes look correct (`git diff`)'
87echo "If Gradle did not make all expected updates to verification-metadata.xml, you can try '--no-dry-run'. This is slow so you may also want to specify a task. Example: $0 --no-dry-run exportSboms"
88