From 4a2943510ce0c2a563e50c82ac81fe9483300eeb Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Fri, 9 Aug 2019 21:37:46 +0200 Subject: [PATCH] Fix excludes when creating src dist zip The biggest part was the "vendor/**" stuff from ruby. This is created during the build and should not be part of the source distribution. Also added a test to assert that some sensitive data from .travis/ doesn't accidentally leak. --- .../src/main/resources/assemblies/pmd-src.xml | 26 ++++++++++++++----- .../pmd/it/SourceDistributionIT.java | 23 +++++++++++++++- .../sourceforge/pmd/it/ZipFileExtractor.java | 23 ++++++++++++++++ 3 files changed, 65 insertions(+), 7 deletions(-) diff --git a/pmd-dist/src/main/resources/assemblies/pmd-src.xml b/pmd-dist/src/main/resources/assemblies/pmd-src.xml index 8c8820d03c..a049343e8a 100644 --- a/pmd-dist/src/main/resources/assemblies/pmd-src.xml +++ b/pmd-dist/src/main/resources/assemblies/pmd-src.xml @@ -11,22 +11,36 @@ - true + false ${project.basedir}/.. / + .git/** **/target/** **/bin/** - **/.settings + + **/.settings/** **/.project **/.classpath **/.checkstyle **/.pmd + **/.pmdruleset.xml **/.ruleset - **/.git - **/.travis/secrets.tar - **/.travis/id_rsa - **/.travis/*.gpg + **/.idea/** + **/*.iml + + .travis/secrets.tar + .travis/id_rsa + .travis/*.gpg + + .bundle/** + vendor/** + Gemfile.lock + docs/.bundle/** + docs/vendor/** + docs/_site/** + + pmd-core/dependency-reduced-pom.xml 0755 0644 diff --git a/pmd-dist/src/test/java/net/sourceforge/pmd/it/SourceDistributionIT.java b/pmd-dist/src/test/java/net/sourceforge/pmd/it/SourceDistributionIT.java index 0564cb0433..d483644813 100644 --- a/pmd-dist/src/test/java/net/sourceforge/pmd/it/SourceDistributionIT.java +++ b/pmd-dist/src/test/java/net/sourceforge/pmd/it/SourceDistributionIT.java @@ -7,18 +7,39 @@ package net.sourceforge.pmd.it; import static org.junit.Assert.assertTrue; import java.io.File; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.regex.Pattern; +import org.junit.Assert; import org.junit.Test; import net.sourceforge.pmd.PMDVersion; public class SourceDistributionIT { + private static final String BASE_PATH = "pmd-src-" + PMDVersion.VERSION; + private static final Pattern GPG_PATTERN = Pattern.compile(Pattern.quote(BASE_PATH + "/.travis/") + ".+\\.[gG][pP][gG]"); + private File getSourceDistribution() { - return new File(".", "target/pmd-src-" + PMDVersion.VERSION + ".zip"); + return new File(".", "target/" + BASE_PATH + ".zip"); } @Test public void testFileExistence() { assertTrue(getSourceDistribution().exists()); } + + @Test + public void verifyExclusions() throws Exception { + Set exclusions = new HashSet<>(); + exclusions.add(BASE_PATH + "/.travis/secrets.tar"); + exclusions.add(BASE_PATH + "/.travis/id_rsa"); + List files = ZipFileExtractor.readZipFile(getSourceDistribution().toPath()); + + for (String file : files) { + Assert.assertFalse("File " + file + " must not be included", exclusions.contains(file) + || GPG_PATTERN.matcher(file).matches()); + } + } } diff --git a/pmd-dist/src/test/java/net/sourceforge/pmd/it/ZipFileExtractor.java b/pmd-dist/src/test/java/net/sourceforge/pmd/it/ZipFileExtractor.java index 0e024dda14..d31051fd04 100644 --- a/pmd-dist/src/test/java/net/sourceforge/pmd/it/ZipFileExtractor.java +++ b/pmd-dist/src/test/java/net/sourceforge/pmd/it/ZipFileExtractor.java @@ -11,7 +11,9 @@ import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Path; +import java.util.ArrayList; import java.util.Enumeration; +import java.util.List; import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; import org.apache.commons.compress.archivers.zip.ZipFile; @@ -59,4 +61,25 @@ public class ZipFileExtractor { zip.close(); } } + + /** + * Compiles a list of all the files/directories contained in the given zip file. + * @param zipPath the zip file to look into + * @return list of all entries + * @throws Exception if any error happens during read of the zip file + */ + public static List readZipFile(Path zipPath) throws Exception { + List result = new ArrayList<>(); + ZipFile zip = new ZipFile(zipPath.toFile()); + try { + Enumeration entries = zip.getEntries(); + while (entries.hasMoreElements()) { + ZipArchiveEntry entry = entries.nextElement(); + result.add(entry.getName()); + } + } finally { + zip.close(); + } + return result; + } }