Merge pull request #239 from NishantBansal2003/checksum-report-workflow

added Github action for modules checksum report

.github/workflows/check-kcl-checksums.yml

@@ -0,0 +1,32 @@
+name: Check KCL Modules Checksum
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  check_modules_checksum:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Get dependencies
+        run: go get -v ./...
+
+      - name: Run checksum tool
+        run: go run ./checksum-tool/main.go
+
+      - name: Upload Checksum Report Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: checksum-report
+          path: ./checksum-report.md

checksum-tool/main.go

@@ -0,0 +1,163 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"kcl-lang.io/kpm/pkg/client"
+	"kcl-lang.io/kpm/pkg/downloader"
+	pkg "kcl-lang.io/kpm/pkg/package"
+	"kcl-lang.io/kpm/pkg/utils"
+)
+
+const (
+	OutputFileName = "checksum-report.md"
+	KclModFile     = "kcl.mod"
+)
+
+// findKCLModFiles locates all kcl.mod files in the specified directory and returns their paths.
+func findKCLModFiles(root string) ([]string, error) {
+	var locations []string
+
+	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		if !info.IsDir() && info.Name() == KclModFile {
+			dir := filepath.Dir(path)
+			locations = append(locations, dir)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return locations, nil
+}
+
+// hasChecksum checks if the package at the given location has a checksum.
+func hasChecksum(directory string) (string, bool) {
+	kpmCli, err := client.NewKpmClient()
+	if err != nil {
+		fmt.Printf("Failed to create KPM client: %v\n", err)
+		return "", false
+	}
+
+	kclPkg, err := kpmCli.LoadPkgFromPath(directory)
+	if err != nil {
+		fmt.Printf("Failed to load package from path %s: %v\n", directory, err)
+		return "", false
+	}
+
+	dep := &pkg.Dependency{
+		Name: kclPkg.ModFile.Pkg.Name,
+		Source: downloader.Source{
+			Oci: &downloader.Oci{
+				Reg:  kpmCli.GetSettings().DefaultOciRegistry(),
+				Repo: utils.JoinPath(kpmCli.GetSettings().DefaultOciRepo(), kclPkg.GetPkgName()),
+				Tag:  kclPkg.GetPkgTag(),
+			},
+		},
+	}
+	dep.FromKclPkg(kclPkg)
+
+	sum, err := kpmCli.AcquireDepSum(*dep)
+	if err != nil || len(sum) == 0 {
+		return kclPkg.GetPkgFullName(), false
+	}
+	return kclPkg.GetPkgFullName(), true
+}
+
+func generateMarkdownReport(locations []string) error {
+	outputFile, err := os.Create(OutputFileName)
+	if err != nil {
+		return fmt.Errorf("error creating output file: %w", err)
+	}
+	defer outputFile.Close()
+
+	_, err = outputFile.WriteString("# Checksum Report\n\n")
+	if err != nil {
+		return fmt.Errorf("error writing header to output file: %w", err)
+	}
+	_, err = outputFile.WriteString("| Package Full Name | Package Location | Checksum Status|\n")
+	if err != nil {
+		return fmt.Errorf("error writing table header to output file: %w", err)
+	}
+	_, err = outputFile.WriteString("|-------------------|------------------|----------------|\n")
+	if err != nil {
+		return fmt.Errorf("error writing table separator to output file: %w", err)
+	}
+
+	pkgWithChecksum := 0
+
+	for _, loc := range locations {
+		checksumStatus := "❌ No"
+		pkgName, hasSum := hasChecksum(loc)
+		if hasSum {
+			checksumStatus = "✅ Yes"
+			pkgWithChecksum++
+		}
+
+		_, err = outputFile.WriteString(fmt.Sprintf("| %s | %s | %s |\n", pkgName, loc, checksumStatus))
+		if err != nil {
+			return fmt.Errorf("error writing package info to output file: %w", err)
+		}
+	}
+
+	_, err = outputFile.WriteString("\n---\n")
+	if err != nil {
+		return fmt.Errorf("error writing separator to output file: %w", err)
+	}
+
+	_, err = outputFile.WriteString("## Summary\n")
+	if err != nil {
+		return fmt.Errorf("error writing summary header to output file: %w", err)
+	}
+	_, err = outputFile.WriteString("| Metric                     | Count |\n")
+	if err != nil {
+		return fmt.Errorf("error writing summary table header to output file: %w", err)
+	}
+	_, err = outputFile.WriteString("|----------------------------|-------|\n")
+	if err != nil {
+		return fmt.Errorf("error writing summary table separator to output file: %w", err)
+	}
+	_, err = outputFile.WriteString(fmt.Sprintf("| Total Packages Checked      | %d     |\n", len(locations)))
+	if err != nil {
+		return fmt.Errorf("error writing total packages to output file: %w", err)
+	}
+	_, err = outputFile.WriteString(fmt.Sprintf("| Packages with Checksum      | %d     |\n", pkgWithChecksum))
+	if err != nil {
+		return fmt.Errorf("error writing packages with checksum to output file: %w", err)
+	}
+	_, err = outputFile.WriteString("\n---\n")
+	if err != nil {
+		return fmt.Errorf("error writing final separator to output file: %w", err)
+	}
+
+	return nil
+}
+
+func main() {
+	root, err := os.Getwd()
+	if err != nil {
+		fmt.Println("Error getting current directory:", err)
+		return
+	}
+
+	locations, err := findKCLModFiles(root)
+	if err != nil {
+		fmt.Println("Error finding kcl.mod files:", err)
+		return
+	}
+
+	err = generateMarkdownReport(locations)
+	if err != nil {
+		fmt.Println("Error generating markdown report:", err)
+		return
+	}
+
+	fmt.Println("Markdown report generated:", OutputFileName)
+}

go.mod

@@ -1,90 +1,138 @@
 module artifacthub
 
-go 1.21
+go 1.23
+
+toolchain go1.23.1
 
 require (
-	github.com/opencontainers/image-spec v1.1.0-rc4
-	github.com/otiai10/copy v1.9.0
+	github.com/opencontainers/image-spec v1.1.0
+	github.com/otiai10/copy v1.14.0
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools v2.2.0+incompatible
-	kcl-lang.io/kpm v0.3.7
-	oras.land/oras-go/v2 v2.3.0
+	kcl-lang.io/kpm v0.10.0
+	oras.land/oras-go/v2 v2.5.0
 )
 
 require (
+	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/iam v1.1.6 // indirect
+	cloud.google.com/go/storage v1.38.0 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/BurntSushi/toml v1.2.1 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/aws/aws-sdk-go v1.44.122 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/jsonv v1.1.3 // indirect
 	github.com/chai2010/protorpc v1.1.4 // indirect
+	github.com/chainguard-dev/git-urls v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/containerd/containerd v1.7.0 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/docker/cli v23.0.1+incompatible // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v23.0.7+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/containerd/containerd v1.7.20 // indirect
+	github.com/containerd/errdefs v0.1.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/containers/image/v5 v5.32.2 // indirect
+	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
+	github.com/containers/ocicrypt v1.2.0 // indirect
+	github.com/containers/storage v1.55.0 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.1 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/cli v27.1.1+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v27.1.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.2 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/dominikbraun/graph v0.23.0 // indirect
+	github.com/elliotchance/orderedmap/v2 v2.4.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gofrs/flock v0.8.1 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/goccy/go-yaml v1.12.0 // indirect
+	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-getter v1.7.6 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/julienschmidt/httprouter v1.3.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.16.0 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/kubescape/go-git-url v0.0.30 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/powerman/rpc-codec v1.2.2 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/prometheus/client_golang v1.20.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/thoas/go-funk v0.9.3 // indirect
+	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.56.3 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	google.golang.org/api v0.169.0 // indirect
+	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/grpc v1.66.2 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	kcl-lang.io/kcl-artifact-go v0.6.0 // indirect
-	kcl-lang.io/kcl-go v0.6.0 // indirect
-	oras.land/oras-go v1.2.3 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
+	kcl-lang.io/kcl-go v0.10.1 // indirect
+	kcl-lang.io/lib v0.10.0 // indirect
+	oras.land/oras-go v1.2.6 // indirect
 )