Skip to content

feat(scripts): add verified download utility with hash checking#180

Merged
WilliamBerryiii merged 5 commits intomainfrom
feat/issue-54-verified-download-utility
Feb 16, 2026
Merged

feat(scripts): add verified download utility with hash checking#180
WilliamBerryiii merged 5 commits intomainfrom
feat/issue-54-verified-download-utility

Conversation

@WilliamBerryiii
Copy link
Member

@WilliamBerryiii WilliamBerryiii commented Feb 14, 2026
edited
Loading

Description

Closes #54

Adds Get-VerifiedDownload.ps1, a hash-verified download utility supporting SHA-256, SHA-384, and SHA-512 checksum validation with optional archive extraction for .zip, .tar.gz, .tgz, and .tar formats. Ported from hve-core with bug fixes applied from review feedback.

  • feat(scripts): add Get-VerifiedDownload.ps1 with pure-function architecture for testability and an I/O wrapper for orchestration
  • feat(scripts): add Pester test suite with 39 tests covering hash computation, path resolution, cache-hit logic, download flow, extraction, and error handling
  • fix(scripts): persist archive at target path before extraction so the file remains on disk after Expand-Archive or tar runs
  • fix(scripts): add extraction logic to the cache-hit early-return path when the -Extract flag is set

Type of Change

  • 🐛 Bug fix (non-breaking change fixing an issue)
  • ✨ New feature (non-breaking change adding functionality)
  • 💥 Breaking change (fix or feature causing existing functionality to change)
  • 📚 Documentation update
  • 🏗️ Infrastructure change (Terraform/IaC)
  • ♻️ Refactoring (no functional changes)

Component(s) Affected

  • deploy/000-prerequisites - Azure subscription setup
  • deploy/001-iac - Terraform infrastructure
  • deploy/002-setup - OSMO control plane / Helm
  • deploy/004-workflow - Training workflows
  • src/training - Python training scripts
  • docs/ - Documentation

Testing Performed

  • Terraform plan reviewed (no unexpected changes)
  • Terraform apply tested in dev environment
  • Training scripts tested locally with Isaac Sim
  • OSMO workflow submitted successfully
  • Smoke tests passed (smoke_test_azure.py)

Documentation Impact

  • No documentation changes needed
  • Documentation updated in this PR
  • Documentation issue filed

Checklist

🔧 - Generated by Copilot

@WilliamBerryiii
feat(scripts): add verified download utility with hash checking
66cf454 
- port Get-VerifiedDownload.ps1 from hve-core (zero-delta copy)
- add Pester test suite for all download and hash functions
- support SHA-256, SHA-384, SHA-512 with optional archive extraction

🔒 - Generated by Copilot
Copilot AI review requested due to automatic review settings February 14, 2026 05:48
@WilliamBerryiii WilliamBerryiii added this to the v0.3.0 milestone Feb 14, 2026
Copilot AI reviewed Feb 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR ports the Get-VerifiedDownload.ps1 utility and its comprehensive Pester test suite from the hve-core repository as a zero-delta copy. The utility provides secure, hash-verified file downloads with support for SHA-256, SHA-384, and SHA-512 algorithms, plus optional archive extraction for .zip, .tar.gz, and .tar formats. The implementation follows a functional design pattern with 7 pure functions for testability and 1 I/O orchestrator function.

Changes:

  • Added Get-VerifiedDownload.ps1 with hash-verified download and extraction capabilities
  • Added comprehensive Pester test suite with 37 tests covering all functions and edge cases

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File Description
scripts/lib/Get-VerifiedDownload.ps1 New utility script providing hash-verified downloads with multi-algorithm support (SHA-256/384/512) and archive extraction (zip, tar.gz, tar)
scripts/tests/lib/Get-VerifiedDownload.Tests.ps1 Comprehensive Pester test suite with 37 tests covering pure functions, I/O orchestration, cache hits, hash mismatches, network errors, and extraction scenarios

@WilliamBerryiii
fix(scripts): address PR #180 review comments on Get-VerifiedDownload
30cc701 
- add shebang and fix synopsis/description to list all hash algorithms
- remove trailing whitespace from OutputPath parameter
- move archive to target path before extraction so file persists on disk
- add extraction logic to cache-hit path when Extract flag is set
- add tests for archive persistence and cache-hit extraction

🔧 - Generated by Copilot
@WilliamBerryiii
fix(scripts): return extraction directory path when -Extract flag is set
672c2a9 
- return extractDir instead of targetPath in both download and cache-hit paths
- update test assertion to verify result path equals extract directory

🐛 - Generated by Copilot
Copilot AI review requested due to automatic review settings February 16, 2026 18:32
@github-actions
Copy link

github-actions bot commented Feb 16, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copilot AI reviewed Feb 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

@WilliamBerryiii
fix(scripts): resolve PR #180 review comments and CI failure
4a436e0 
- fix TestPaths param name mismatch in pester-tests.yml workflow
- scope ErrorActionPreference to function and main block
- use targetPath instead of Url for archive type detection
- update synopsis to clarify SHA-256 script-level support
- fix Remove-Item mock to pass through in Pester tests

🔧 - Generated by Copilot
@WilliamBerryiii WilliamBerryiii merged commit 063dd69 into main Feb 16, 2026
10 checks passed
@azure-robotics-release-bot azure-robotics-release-bot bot mentioned this pull request Feb 18, 2026
Merged
@WilliamBerryiii WilliamBerryiii mentioned this pull request Feb 19, 2026
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@agreaves-ms agreaves-ms agreaves-ms approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.3.0

Development

Successfully merging this pull request may close these issues.

feat(scripts): add verified download utility with hash checking

3 participants

@WilliamBerryiii @agreaves-ms