search

transcend-io / terragrunt-atlantis-config

Generate Atlantis config for Terragrunt projects.
https://transcend.io/blog/why-we-use-terragrunt
MIT License
627 stars 99 forks source link

Invalid Release Checksum Format #309

Open michaelprice232 opened 9 months ago

michaelprice232 commented 9 months ago

Since a recent PR to move away from using a missing GH Action - https://github.com/transcend-io/terragrunt-atlantis-config/pull/305 - it appears the release checksum files are in an invalid state.

When attempting to use CLI tools such as sha512sum to validate the signatures they are failing, reporting the checksums do not match.

It appears there are 2 breaking changes which have been introduced since release v1.17.3:

  1. There is a only a single (not double space) between the checksum and the file path
  2. The file path now includes a directory prefix (previously it was just the standalone filename)

Example previous (working) format:

2e04234f99477df7c134db4637cdb1d3ec7a3d156ddb579ec282f76f0a5a0e533e3f014f7416fabf2063709ffd6cd77db1a99d5f754759bcf89f76f4aa015e7e  README.md
b6fabbbd5a9bd16f2e6ad95b68b157403f69cf38f4f402db4c73e23441e3d3b9689cc6d2bff7ce867cbf037b182ca35fa0b634b3a6621498da25ee51b79da8c1  SHA256SUMS
ef49861fa05d62d8d1a38ae2a15bfa954815cd57f39474797a27b87d49e2c57f6f968204eb9ac16de0d92613af4a9e704d74c88992f576a6c56dc6f3897387ff  terragrunt-atlantis-config_1.16.0_darwin_amd64.zip
881ad184a3b6d76bd5cd8808bebaa32a24e1eed6b16b8d0b3139452aef2dc109a51f0832516cc99d35197d3cb46adb0b85a72006f2667d67bb4f264e92477c33  terragrunt-atlantis-config_1.16.0_linux_amd64.tar.gz
b16cc44075401e8d42c0ca23cab05e8e1b59d42b75cd5cffe6f02db7baf5569555d375f1aefd821d0279190a6d9a018cfdc46b9d99e40a2e3b28e0446b6db67b  terragrunt-atlantis-config_1.16.0_linux_arm.tar.gz
252519254c07df5c03ac6cd9f7f3aa7a32cdfb00f62049b49ad815cba27b57640441ed634254078b215b409ebaf0a17901210cfbd6ec95fa7ac9d95fc4daddee  terragrunt-atlantis-config_1.16.0_windows_amd64.zip

Example new (not working format):

27d3091cb83b7b275b94f4886403a73c155833e088e6f72d4cc7505569b04906f0eb3cc51966b98f459bb6a6bf6e1536e73fceadc86d497f754f8d0cc96dc339 build/1.17.4/terragrunt-atlantis-config_1.17.4_windows_amd64.zip
b337ff52638a5a122573a75513937ad8f638702594aebe3bd22aed844d6ae3b4ad5373de88e960ab2198d4325166bcf8a828474cbefbe26339ed3a40de4cc451 build/1.17.4/README.md
0f04b72554f5eb56c2dedd652c9d880d86909d71d9e0f38ec64dee83b18d78baf2ef689316fca35586e37630799b7f834bb777b0befd69ae5dbeb3200e1b3ce1 build/1.17.4/terragrunt-atlantis-config_1.17.4_darwin_amd64.zip
aed098b265ddd41c5caedeb13ff8a762a1c569fffbb31ae425efe58ead7fb9a0d78f74ffb2e14e0cdf69dc478b0d36973c5a2b5b281482ca621dce18ada69340 build/1.17.4/terragrunt-atlantis-config_1.17.4_linux_amd64.tar.gz
5d782cc6f89cbb8354eaf55e244a6c2d55188372ffd9f145de1712aaa3e99feef17a6a61fdeb2f222121a9a852604e0ae81e703ec65908fe690d423162288755 build/1.17.4/terragrunt-atlantis-config_1.17.4_linux_arm.tar.gz

Feels like we need to update these 2 lines to add in the extra whitespace character and fix issue 1. I was able to get the correct format by adding in an extra section to the awk command (I am not an awk expert so didn't want to submit a PR as expect it isn't the cleanest solution): find "$BUILD_DIR" -type f -exec sha512sum {} + | awk -v build_dir="$BUILD_DIR" '{sub("^"build_dir"/", ""); print $1,"",$2}' > SHA512SUMS

With regards to issue 2 - we could refactor our internal build pipelines to use the new prefix, but with it being a breaking change I thought I'd call it out in case you wanted to revert to the previous (pre v1.17.3) behaviour.

I have been using sha512sum -c SHA512SUMS to test locally.

cc @dmattia (it looks like you were involved in the original change)

Almenon commented 9 months ago

@relu is refactoring the checksum code in #307 but it looks like it has the same issue based on the checksum file I saw in his fork. I'll open a issue in the action they are using.

Almenon commented 9 months ago

I opened an issue but it looks like the action is not maintained based on the open PR that has been around for months. If the maintainer does not respond soon I would switch back to generating the checksum manually.

Almenon commented 9 months ago

The maintainer said:

Hi,

I went through and updated everything. I did a manual test with some files in the local repos and the checksums matched. Let me know if the issue persists.

michaelprice232 commented 9 months ago

Thanks for looking into this.

I can see the maintainer has pushed some additional commits and cut release v1.0.1.

Am I correct in thinking that the next steps are to pull this into the #307 and retest?

dmattia commented 9 months ago

Pulling into #307 and retesting sounds good! Apologies I got the sha generation files wrong, thanks for fixing this!

pseudomorph commented 6 months ago

Re-opening as the checksum change was reverted in #332.