Merge pull request #1080 from GitGuardian/jgriffe/fix-choco-package

gg-jonathangriffe · web-flow · commit d53060686991 · 2025-04-16T15:57:27.000+02:00
chore: fix chocolatey package to follow guidelines
diff --git a/scripts/push-to-chocolatey/VERIFICATION.txt b/scripts/push-to-chocolatey/VERIFICATION.txt
@@ -0,0 +1,31 @@
+VERIFICATION
+Verification is intended to assist the Chocolatey moderators and community
+in verifying that this package's contents are trustworthy.
+
+1. Go to the releases page and download the windows package for the relevant version:
+https://github.com/GitGuardian/ggshield/releases
+
+2. Extract the archive
+
+3. Get the hashes from both the downloaded release and the choco package. The hashes should match.
+
+To verify all files, you can use the following powershell script:
+
+$folder1 = "C:\Absolute\Path\To\Folder1"
+$folder2 = "C:\Absolute\Path\To\Folder2"
+
+$hashes1 = Get-ChildItem -Path $folder1 -Recurse -File | ForEach-Object {
+    [PSCustomObject]@{
+        RelativePath = $_.FullName.Substring($folder1.Length).TrimStart('\')
+        Hash = (Get-FileHash $_.FullName).Hash
+    }
+}
+
+$hashes2 = Get-ChildItem -Path $folder2 -Recurse -File | ForEach-Object {
+    [PSCustomObject]@{
+        RelativePath = $_.FullName.Substring($folder2.Length).TrimStart('\')
+        Hash = (Get-FileHash $_.FullName).Hash
+    }
+}
+
+Compare-Object -ReferenceObject $hashes1 -DifferenceObject $hashes2 -Property RelativePath, Hash
diff --git a/scripts/push-to-chocolatey/ggshield.nuspec b/scripts/push-to-chocolatey/ggshield.nuspec
@@ -11,6 +11,7 @@
     <licenseUrl>https://raw.githubusercontent.com/GitGuardian/ggshield/refs/heads/main/LICENSE</licenseUrl>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <projectSourceUrl>https://github.com/GitGuardian/ggshield</projectSourceUrl>
+    <packageSourceUrl>https://github.com/GitGuardian/ggshield/tree/main/scripts/push-to-chocolatey</packageSourceUrl>
     <docsUrl>https://docs.gitguardian.com/ggshield-docs/getting-started</docsUrl>
     <tags>ggshield</tags>
     <summary>ggshield is a CLI application that helps you detect secrets.</summary>
diff --git a/scripts/push-to-chocolatey/push-to-chocolatey b/scripts/push-to-chocolatey/push-to-chocolatey
@@ -26,6 +26,7 @@ mkdir ggshield-package/tools
 mv packages/*/_internal ggshield-package/tools
 mv packages/*/ggshield.exe ggshield-package/tools
 cp scripts/push-to-chocolatey/ggshield.nuspec ggshield-package
+cp scripts/push-to-chocolatey/VERIFICATION.txt ggshield-package
 sed -i "s/__VERSION__/$version/" ggshield-package/ggshield.nuspec
 
 cd ggshield-package
