feat(sdk): AuthConfigs, JSON Schema, examples, and release checksum CI

Add craftlabs-auth-config.schema.json, Java AuthConfigs model with tests, example configs aligned to BP-10, C/Java/auth-config documentation, native header notes, RELEASING guide, and workflow to verify SDK artifact checksums on release tags. Made-with: Cursor
2026-06-09 10:00:30 +08:00 · 2026-04-06 21:05:12 +08:00
parent 65eb983035
commit f94f03bcc2
31 changed files with 1219 additions and 22 deletions
@@ -0,0 +1,126 @@
+#!/usr/bin/env bash
+# 生成对外发布用 SHA256SUMS（相对仓库根路径，便于客户执行 sha256sum -c）。
+# 用法见 java/RELEASING.md
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+OUTPUT="${ROOT}/dist/sdk-release"
+RUN_MVN="package"
+SKIP_TESTS="-DskipTests"
+NATIVE_PATH=""
+SIGN="${SIGN:-0}"
+
+usage() {
+  sed -n '2,20p' "$0" | head -5
+  echo "用法: $0 [--output DIR] [--verify] [--native-path DIR] [--no-mvn]"
+  echo "  --output DIR       输出目录（默认 dist/sdk-release）"
+  echo "  --verify           执行 mvn verify（默认为 package -DskipTests）"
+  echo "  --native-path DIR  额外哈希该目录下 .so/.dylib/.dll"
+  echo "  --no-mvn           不执行 Maven（假定已 package）"
+  echo "环境变量 SIGN=1 且已配置 gpg 时，生成 SHA256SUMS.asc"
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --output)
+      OUTPUT="$2"
+      shift 2
+      ;;
+    --verify)
+      RUN_MVN="verify"
+      SKIP_TESTS=""
+      shift
+      ;;
+    --native-path)
+      NATIVE_PATH="$2"
+      shift 2
+      ;;
+    --no-mvn)
+      NO_MVN=1
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "未知参数: $1" >&2
+      usage >&2
+      exit 1
+      ;;
+  esac
+done
+
+mkdir -p "$OUTPUT"
+
+if [[ -z "${NO_MVN:-}" ]]; then
+  if [[ -n "$SKIP_TESTS" ]]; then
+    (cd "$ROOT/java" && mvn -q $SKIP_TESTS "$RUN_MVN")
+  else
+    (cd "$ROOT/java" && mvn -q "$RUN_MVN")
+  fi
+fi
+
+SUMFILE="${OUTPUT}/SHA256SUMS"
+: >"$SUMFILE"
+
+add_hash() {
+  local file="$1"
+  local rel="$2"
+  local h
+  if command -v sha256sum >/dev/null 2>&1; then
+    h=$(sha256sum "$file" | awk '{print $1}')
+  else
+    h=$(shasum -a 256 "$file" | awk '{print $1}')
+  fi
+  echo "$h  $rel" >>"$SUMFILE"
+}
+
+for mod in craftlabs-auth-core craftlabs-auth-bitanswer craftlabs-auth-selfhosted; do
+  dir="$ROOT/java/$mod/target"
+  [[ -d "$dir" ]] || {
+    echo "缺少目录: $dir（请先 mvn package）" >&2
+    exit 1
+  }
+  shopt -s nullglob
+  for f in "$dir"/*.jar; do
+    bn=$(basename "$f")
+    [[ "$bn" == *-sources.jar ]] && continue
+    [[ "$bn" == *-javadoc.jar ]] && continue
+    add_hash "$f" "java/$mod/target/$bn"
+  done
+  shopt -u nullglob
+done
+
+if [[ -f "$ROOT/schemas/craftlabs-auth-config.schema.json" ]]; then
+  add_hash "$ROOT/schemas/craftlabs-auth-config.schema.json" "schemas/craftlabs-auth-config.schema.json"
+fi
+
+if [[ -n "$NATIVE_PATH" ]]; then
+  [[ -d "$NATIVE_PATH" ]] || {
+    echo "无效 --native-path: $NATIVE_PATH" >&2
+    exit 1
+  }
+  find "$NATIVE_PATH" -type f \( -name '*.so' -o -name '*.dylib' -o -name '*.dll' \) | while IFS= read -r nf; do
+    rel="${nf#$ROOT/}"
+    add_hash "$nf" "$rel"
+  done
+fi
+
+{
+  echo "repo=$(basename "$ROOT")"
+  git -C "$ROOT" rev-parse HEAD 2>/dev/null || echo "git=n/a"
+  date -u +"%Y-%m-%dT%H:%M:%SZ"
+} >"${OUTPUT}/RELEASE-MANIFEST.txt"
+
+echo "已写入: $SUMFILE"
+wc -l "$SUMFILE"
+
+if [[ "$SIGN" == "1" ]] && command -v gpg >/dev/null 2>&1; then
+  gpg --batch --yes --armor --detach-sign --output "${SUMFILE}.asc" "$SUMFILE"
+  echo "已写入: ${SUMFILE}.asc"
+fi
+
+echo ""
+echo "校验（在仓库根目录执行）:"
+echo "  cd \"$ROOT\" && sha256sum -c \"${SUMFILE#$ROOT/}\""