Skip to content

GT-2601: Download translation files from CDN with SHA-256 verification#4424

Merged
frett merged 4 commits into
developfrom
cdnResources
May 26, 2026
Merged

GT-2601: Download translation files from CDN with SHA-256 verification#4424
frett merged 4 commits into
developfrom
cdnResources

Conversation

@frett

@frett frett commented May 12, 2026
edited by tjohnson009
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Introduces ApiConfig to consolidate API/CDN base URL configuration, replacing the scattered @Named string injection
  • Adds CdnApi (Retrofit) for downloading published translation files from the CDN, with base URLs configured per flavor (mobilecontent-stage.cru.org / mobilecontent.cru.org)
  • Verifies SHA-256 checksum and byte size when storing downloaded files, rejecting any file that doesn't match the manifest metadata
  • Prefers the CDN when downloading published translation files, falling back to the existing TranslationsApi on 4xx errors or IOException

Test plan

  • New unit tests cover: CDN preferred over API, fallback to API on CDN 404, fallback on IOException, both sources failing returns false, correct/wrong SHA-256 accepted/rejected, correct/wrong size accepted/rejected
  • Run ./gradlew :library:download-manager:test to verify all download manager tests pass
  • Run ./gradlew :build-logic:ktlintCheck ktlintCheck to verify code style
  • Smoke test on stage build: download a tool and confirm it completes successfully

🤖 Generated with Claude Code

@frett frett changed the title Download translation files from CDN with SHA-256 verification GT-2601: Download translation files from CDN with SHA-256 verification May 12, 2026
@codecov

codecov Bot commented May 12, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 68.75000% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.08%. Comparing base (eee004b) to head (82e7fb2).

Files with missing lines Patch % Lines
.../src/main/kotlin/org/cru/godtools/api/ApiModule.kt 0.00% 7 Missing ⚠️
...odtools/downloadmanager/GodToolsDownloadManager.kt 89.18% 1 Missing and 3 partials ⚠️
...ain/kotlin/org/cru/godtools/dagger/ConfigModule.kt 0.00% 3 Missing ⚠️
.../src/main/kotlin/org/cru/godtools/api/ApiConfig.kt 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #4424      +/-   ##
===========================================
+ Coverage    51.98%   52.08%   +0.10%     
===========================================
  Files          454      455       +1     
  Lines        12075    12110      +35     
  Branches      2092     2097       +5     
===========================================
+ Hits          6277     6308      +31     
- Misses        5181     5188       +7     
+ Partials       617      614       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

frett and others added 4 commits May 26, 2026 13:30
@frett @claude
Introduce ApiConfig to consolidate API configuration
2bf32ed 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@frett @claude
Verify SHA-256 checksum and size when downloading translation files
c7bc7f4 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@frett @claude
Introduce CdnApi and configure CDN base URL per flavor
c778f34 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@frett @claude
Prefer CDN when downloading published translation files, falling back…
82e7fb2 
… to API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@frett frett requested a review from tjohnson009 May 26, 2026 19:54
tjohnson009
tjohnson009 reviewed May 26, 2026
View reviewed changes
Comment thread ...download-manager/src/main/kotlin/org/cru/godtools/downloadmanager/GodToolsDownloadManager.kt Outdated
async {
downloadTranslationFileIfNecessary(it).also {
val src = file.src ?: return@async true
downloadTranslationFileIfNecessary(src, sha256 = file.checksumSha256, size = file.size).also {

@tjohnson009 tjohnson009 May 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why we're using the sha256 now. Sha256 is encryption right? What do we need to encrypt while getting the translation file?

@frett frett May 26, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sha256 is a checksum. This allows us to verify the file is what we are expecting and not corrupted

tjohnson009
tjohnson009 reviewed May 26, 2026
View reviewed changes
Comment thread ...download-manager/src/main/kotlin/org/cru/godtools/downloadmanager/GodToolsDownloadManager.kt Outdated
fileName: String,
sha256: String? = null,
size: Long? = null,
): Boolean = filesMutex.withLock(fileName) {

@tjohnson009 tjohnson009 May 26, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I needed to look up what a mutex is vs a semaphore again. A mutex is basically we are controlling one gate vs several with a semaphore, right?

Why do we want/use a mutex here vs a semaphore? Is it because we only deal with one file at a time in this context?

tjohnson009
tjohnson009 approved these changes May 26, 2026
View reviewed changes

@tjohnson009 tjohnson009 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worked up to understanding a good bit of this. Thanks for letting me see

@frett frett merged commit e89ab02 into develop May 26, 2026
13 checks passed
@frett frett deleted the cdnResources branch May 26, 2026 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tjohnson009 tjohnson009 tjohnson009 approved these changes

Assignees

@tjohnson009 tjohnson009

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frett @tjohnson009