I have stored a NuGet package in Artifactory or Nexus. Octopus pulls package from Artifactory and push to the target server.
Now, I want to check whether the package is correctly transferred to the target machine without any data corruption due to network, etc. To achieve this, I’m trying to use Checksum to check the file for any errors. Algo (SHA-256, MD5, etc.)
I have 2 steps in Octopus project:
Transfer package from Artifactory to Target server
Powershell script – Pull Checksum value from Step #1 (step output or logs) and use it for further validations
Note:
There is a SHA-1, SHA-256 or MD5 checksum associated with every package stored in Artifactory/Nexus.
When package is transferred to the target machine, I can find checksum value in the Octopus release deployment logs – raw data.
Question : How can I pull Checksum value from Step #1 (step output or logs) and use in the Step #2?
Assuming that you have configured this NuGet repository as an external feed within Octopus and are using a step like ‘Deploy a Package’. When Octopus downloads the package from the NuGet feed and transfer it to the tentacle on the target machine, a checksum test will be occurring already to ensure the file is intact on arrival.
Yes, have configured NuGet repository as an external feed within Octopus but using step ‘Transfer a Package’. I hope checksum test will occur in that step as well?
I followed this up with our engineers to confirm, and it turns out I was incorrect. The checksum is only carried out for packages within the internal repository, not for external ones.
Unfortunately, I don’t see any easy way of extracting the checksum that is output in the deployment logs. It doesn’t exist as a variable anywhere in Octopus, just in a raw text file.
The only way I could see this being retrieved would be to have a script retrieve the deployment Task ID (e.g. ServerTasks-342) using the system variable Octopus.Task.Id.
You could then have the script retrieve the raw log file with https://octopusUrl/api/tasks/ServerTasks-342/raw
Then run a matching command to extract the checksum value from the text file.
This seems quite messy, so the best option may be to ignore the log and perform the checksum directly against the package on the deployment target, and then check it against the checksum value stored in Artifactory/Nexus. This would likely involve interacting with their APIs directly to retrieve the checksum value.
Apologies that I couldn’t provide a better answer for you.
Thanks for getting that clarified. And I really appreciate the effort you have put so far to help me out.
I think below option sounds really good and could be achieved without any challenges:
‘Perform the checksum directly against the package on the deployment target, and then check it against the checksum value stored in Artifactory/Nexus. This would likely involve interacting with their APIs directly to retrieve the checksum value.’
