chore: require hashes when installing dependencies in owlbot postproc…

…essor job (#1691) (#768) * chore: install dependencies through requirements file Source-Link: https://togithub.com/googleapis/synthtool/commit/35f4cbaf1295a726cb43fd4471129ec74b48e04e Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:821ab7aba89af2c7907e29297bba024d4cd5366d0684e5eb463391cdf4edc9ee
googleapis · Nov 8, 2022 · 9e82116 · 9e82116
1 parent 237618e
commit 9e82116
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 58 deletions.
diff --git a/java-phishingprotection/.github/.OwlBot.lock.yaml b/java-phishingprotection/.github/.OwlBot.lock.yaml
@@ -13,5 +13,4 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
-  digest: sha256:f14e3fefe8e361e85752bd9890c8e56f2fe25f1e89cbb9597e4e3c7a429203a3
-
+  digest: sha256:821ab7aba89af2c7907e29297bba024d4cd5366d0684e5eb463391cdf4edc9ee
diff --git a/java-phishingprotection/.kokoro/dependencies.sh b/java-phishingprotection/.kokoro/dependencies.sh
@@ -57,54 +57,3 @@ retry_with_backoff 3 10 \
     -Dclirr.skip=true
 
 mvn -B dependency:analyze -DfailOnWarning=true
-
-echo "****************** DEPENDENCY LIST COMPLETENESS CHECK *******************"
-## Run dependency list completeness check
-function completenessCheck() {
-  # Output dep list with compile scope generated using the original pom
-  # Running mvn dependency:list on Java versions that support modules will also include the module of the dependency.
-  # This is stripped from the output as it is not present in the flattened pom.
-  # Only dependencies with 'compile' or 'runtime' scope are included from original dependency list.
-  msg "Generating dependency list using original pom..."
-  mvn dependency:list -f pom.xml -DincludeScope=runtime -Dsort=true | grep '\[INFO]    .*:.*:.*:.*:.*' | sed -e 's/ --.*//' >.org-list.txt
-
-  # Output dep list generated using the flattened pom (only 'compile' and 'runtime' scopes)
-  msg "Generating dependency list using flattened pom..."
-  mvn dependency:list -f .flattened-pom.xml -DincludeScope=runtime -Dsort=true | grep '\[INFO]    .*:.*:.*:.*:.*' >.new-list.txt
-
-  # Compare two dependency lists
-  msg "Comparing dependency lists..."
-  diff .org-list.txt .new-list.txt >.diff.txt
-  if [[ $? == 0 ]]
-    then
-      msg "Success. No diff!"
-  else
-    msg "Diff found. See below: "
-    msg "You can also check .diff.txt file located in $1."
-    cat .diff.txt
-    return 1
-  fi
-}
-
-# Allow failures to continue running the script
-set +e
-
-error_count=0
-for path in **/.flattened-pom.xml
-do
-  # Check flattened pom in each dir that contains it for completeness
-  dir=$(dirname "$path")
-  pushd "$dir"
-  completenessCheck "$dir"
-  error_count=$(($error_count + $?))
-  popd
-done
-
-if [[ $error_count == 0 ]]
-then
-  msg "All checks passed."
-  exit 0
-else
-  msg "Errors found. See log statements above."
-  exit 1
-fi
diff --git a/java-phishingprotection/.kokoro/requirements.in b/java-phishingprotection/.kokoro/requirements.in
@@ -16,10 +16,12 @@ pycparser==2.21
 pyperclip==1.8.2
 python-dateutil==2.8.2
 requests==2.27.1
+certifi==2022.9.24
 importlib-metadata==4.8.3
 zipp==3.6.0
 google_api_core==2.8.2
 google-cloud-storage==2.0.0
+google-resumable-media==2.3.3
 google-cloud-core==2.3.1
 typing-extensions==4.1.1
 urllib3==1.26.12

diff --git a/java-phishingprotection/.kokoro/requirements.txt b/java-phishingprotection/.kokoro/requirements.txt
@@ -16,10 +16,12 @@ cachetools==4.2.4 \
     # via
     #   -r requirements.in
     #   google-auth
-certifi==2022.9.14 \
-    --hash=sha256:36973885b9542e6bd01dea287b2b4b3b21236307c56324fcc3f1160f2d655ed5 \
-    --hash=sha256:e232343de1ab72c2aa521b625c80f699e356830fd0e2c620b465b304b17b0516
-    # via requests
+certifi==2022.9.24 \
+    --hash=sha256:0d9c601124e5a6ba9712dbc60d9c53c21e34f5f641fe83002317394311bdce14 \
+    --hash=sha256:90c1a32f1d68f940488354e36370f6cca89f0f106db09518524c88d6ed83f382
+    # via
+    #   -r requirements.in
+    #   requests
 cffi==1.15.1 \
     --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \
     --hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \
@@ -218,7 +220,9 @@ google-crc32c==1.3.0 \
 google-resumable-media==2.3.3 \
     --hash=sha256:27c52620bd364d1c8116eaac4ea2afcbfb81ae9139fb3199652fcac1724bfb6c \
     --hash=sha256:5b52774ea7a829a8cdaa8bd2d4c3d4bc660c91b30857ab2668d0eb830f4ea8c5
-    # via google-cloud-storage
+    # via
+    #   -r requirements.in
+    #   google-cloud-storage
 googleapis-common-protos==1.56.3 \
     --hash=sha256:6f1369b58ed6cf3a4b7054a44ebe8d03b29c309257583a2bbdc064cd1e4a1442 \
     --hash=sha256:87955d7b3a73e6e803f2572a33179de23989ebba725e05ea42f24838b792e461