Skip to content

P1: Include zip in SHA256SUMS.txt for releases #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Kinin-Code-Offical merged 1 commit into from
Dec 22, 2025
Merged

P1: Include zip in SHA256SUMS.txt for releases #48

Kinin-Code-Offical merged 1 commit into from
Dec 22, 2025

Conversation

@Kinin-Code-Offical
Copy link
Owner

@Kinin-Code-Offical Kinin-Code-Offical commented Dec 22, 2025
edited by sourcery-ai bot
Loading

Closes #47

Summary

  • ools/stage-artifacts.ps1 now includes cloudsqlctl-windows-x64.zip in SHA256SUMS.txt (in addition to the exe and installer).

Local tests

  • npm ci (PASS)
  • npm run lint (PASS)
  • npm test (PASS)
  • npm run build (PASS)
  • npm run package (PASS)
  • npm run installer (PASS)
  • npm run stage (PASS; SHA256SUMS includes zip)

Rollback

  • Revert this PR.

Summary by Sourcery

Include the Windows distribution zip in the staged artifacts and checksum generation for releases.

New Features:

  • Generate a cloudsqlctl-windows-x64.zip distribution archive as part of the staging process.

Enhancements:

  • Update SHA256SUMS.txt generation to include hashes for both .exe installers and the new .zip artifact, ordered by name.

Copilot AI review requested due to automatic review settings December 22, 2025 03:35
@sourcery-ai
Copy link

sourcery-ai bot commented Dec 22, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates the Windows artifact staging script so that the generated distribution .zip is created before checksum generation and is included alongside .exe files in SHA256SUMS.txt.

Sequence diagram for updated checksum generation including zip artifact

sequenceDiagram
    participant Script as stage_artifacts_ps1
    participant FS as FileSystem
    participant Archiver as Compress_Archive
    participant Hasher as Get_Sha256Hash

    Script->>FS: Copy cloudsqlctl.exe to artifacts directory
    Script->>FS: Resolve files for zip (exe, installer, README, LICENSE, docs, changelog)
    Script->>FS: Filter nonexisting files
    Script->>Archiver: Compress files into cloudsqlctl-windows-x64.zip
    Archiver->>FS: Write cloudsqlctl-windows-x64.zip

    Script->>FS: Get items in artifacts directory
    Script->>FS: Filter artifacts by extension (.exe, .zip)
    loop For each artifact (.exe and .zip)
        Script->>Hasher: Get_Sha256Hash(artifact_path)
        Hasher->>FS: Read artifact file
        Hasher-->>Script: SHA256 hash
        Script->>FS: Append hash and filename to SHA256SUMS.txt
    end

    Script->>FS: List staged artifacts
    Script-->>Script: Stage complete
Loading

File-Level Changes

Change Details Files
Include the Windows distribution zip in SHA256SUMS.txt by generating it before computing checksums and hashing both .exe and .zip artifacts.
  • Reordered the script to create cloudsqlctl-windows-x64.zip before checksum generation instead of after it.
  • Introduced a collection of artifacts to hash using Get-ChildItem and Where-Object to select .exe and .zip files, then sort by name before hashing.
  • Updated the checksum generation loop to iterate over the selected artifacts and write their SHA256 hashes and filenames to SHA256SUMS.txt.
  • Moved the zip creation block (Compress-Archive and related file list construction and filtering) earlier in the script, removing the duplicated block at the end.
 tools/stage-artifacts.ps1

Assessment against linked issues

Issue Objective Addressed Explanation
#47 Update tools/stage-artifacts.ps1 so that SHA256SUMS.txt includes SHA256 entries for cloudsqlctl.exe, cloudsqlctl-setup.exe, and cloudsqlctl-windows-x64.zip.
#47 Ensure the release process continues to upload the (now updated) SHA256SUMS.txt file as part of the release assets.

Possibly linked issues

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Dec 22, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • When collecting artifacts to hash, consider adding -File to Get-ChildItem to ensure directories or other non-file entries in $ArtifactsDir are not accidentally included in the checksum list.
  • You might want to guard Compress-Archive with a check that $FilesToZip is non-empty (and/or add -ErrorAction Stop) so the script fails fast with a clear message if expected inputs are missing rather than silently creating an unexpected archive.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- When collecting artifacts to hash, consider adding `-File` to `Get-ChildItem` to ensure directories or other non-file entries in `$ArtifactsDir` are not accidentally included in the checksum list.
- You might want to guard `Compress-Archive` with a check that `$FilesToZip` is non-empty (and/or add `-ErrorAction Stop`) so the script fails fast with a clear message if expected inputs are missing rather than silently creating an unexpected archive.

## Individual Comments

### Comment 1
<location> `tools/stage-artifacts.ps1:65` </location>
<code_context>
 }

-Get-ChildItem $ArtifactsDir -Filter "*.exe" | ForEach-Object {
+$ArtifactsToHash = Get-ChildItem $ArtifactsDir | Where-Object { $_.Extension -in @('.exe', '.zip') } | Sort-Object Name
+$ArtifactsToHash | ForEach-Object {
     $hash = Get-Sha256Hash -FilePath $_.FullName
</code_context>

<issue_to_address>
**suggestion:** Consider restricting `Get-ChildItem` to files only to avoid unexpected directory matches.

Using `-File` makes it clear we only intend to hash files and avoids rare cases where non-file items with matching extensions are returned. For example:

```powershell
$ArtifactsToHash = Get-ChildItem $ArtifactsDir -File |
    Where-Object { $_.Extension -in @('.exe', '.zip') } |
    Sort-Object Name
```

```suggestion
$ArtifactsToHash = Get-ChildItem $ArtifactsDir -File | Where-Object { $_.Extension -in @('.exe', '.zip') } | Sort-Object Name
```
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Copilot AI reviewed Dec 22, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the artifact staging process to include the Windows distribution zip file in the SHA256SUMS.txt checksum file for releases.

  • Reorders the zip file creation to occur before checksum generation (previously after)
  • Updates checksum generation to include .zip files in addition to .exe files
  • Maintains deterministic output by sorting artifacts by name

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Kinin-Code-Offical Kinin-Code-Offical merged commit 0b85a1d into main Dec 22, 2025
11 checks passed
@Kinin-Code-Offical Kinin-Code-Offical deleted the p1/checksums-zip branch December 22, 2025 03:37
@Kinin-Code-Offical Kinin-Code-Offical mentioned this pull request Dec 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

P1: Include zip in SHA256SUMS.txt for releases

2 participants

@Kinin-Code-Offical