Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NO-TICKET] Add validation for gem file permissions #3531

Merged
merged 3 commits into from
Mar 18, 2024
Merged

[NO-TICKET] Add validation for gem file permissions #3531

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
deff9cf
[NO-TICKET] Add validation for gem file permissions
ivoanjo Mar 18, 2024
b059258
Check permissions for every file in `pkg` directory
ivoanjo Mar 18, 2024
37b85eb
Skip `gem_packaging_spec` by default when running `spec:main`
ivoanjo Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions spec/ddtrace/gem_packaging_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
require 'rubygems'
require 'rubygems/package'
require 'rubygems/package/tar_reader'

RSpec.describe 'gem release process (after packaging)' do
# TODO: This will need to be updated for the 2.0 branch
Copy link
Contributor

@AlexJF AlexJF Mar 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the release task copies all gems under /pkg maybe we could run this check against all *.gem files in pkg atm? May be slightly annoying in that it may match on things not produced by the build that just ran but any failing files would be invalid gems and should be deleted sooner rather than later anyway?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I still kept a check that the file we expect is there (just in case we run the spec out-of-order or something like that), but I've expanded it to check every file: b059258

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah keeping the file check is smart indeed!

let(:gem_name) { 'ddtrace' }
let(:gem_version) { DDTrace::VERSION::STRING }
let(:packaged_gem_file) { "pkg/#{gem_name}-#{gem_version}.gem" }
let(:executable_permissions) { ['bin/ddprofrb', 'bin/ddtracerb'] }

it 'sets the right permissions on the gem files' do
gem_files = Dir.glob('pkg/*.gem')
expect(gem_files).to include(packaged_gem_file)

gem_files.each do |gem_file|
Gem::Package::TarReader.new(File.open(gem_file)) do |tar|
data = tar.find { |entry| entry.header.name == 'data.tar.gz' }

Gem::Package::TarReader.new(Zlib::GzipReader.new(StringIO.new(data.read))) do |data_tar|
data_tar.each do |entry|
filename = entry.header.name
octal_permissions = entry.header.mode.to_s(8)[-3..-1]

expected_permissions = executable_permissions.include?(filename) ? '755' : '644'

expect(octal_permissions).to eq(expected_permissions),
"Unexpected permissions for #{filename} inside #{gem_file} (got #{octal_permissions}, " \
"expected #{expected_permissions})"
end
end
end
end
end
end
13 changes: 13 additions & 0 deletions tasks/release_gem.rake
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,25 @@
Rake::Task["build"].enhance(["build:pre_check"])
Rake::Task["build"].enhance do
# This syntax makes this task run after build -- see https://dev.to/molly/rake-task-enhance-method-explained-3bo0
Rake::Task["build:after_check"].execute
end

desc 'Checks executed before gem is built'
task :'build:pre_check' do
require 'rspec'
RSpec.world.reset # If any other tests ran before, flushes them
ret = RSpec::Core::Runner.run(['spec/ddtrace/release_gem_spec.rb'])
raise "Release tests failed! See error output above." if ret != 0
end

desc 'Checks executed after gem is built'
task :'build:after_check' do
require 'rspec'
RSpec.world.reset # If any other tests ran before, flushes them
ret = RSpec::Core::Runner.run(['spec/ddtrace/gem_packaging_spec.rb'])
raise "Release tests failed! See error output above." if ret != 0
end

desc 'Create a new indexed repository'
task :'release:gem' do
raise 'Missing environment variable S3_DIR' if !S3_DIR || S3_DIR.empty?
Expand Down
Loading