From d30fdb759d07e54d36309680ffa4247f1481ceb2 Mon Sep 17 00:00:00 2001
From: Alex Peterson <26804013+AMZN-alexpete@users.noreply.github.com>
Date: Thu, 18 Nov 2021 21:27:43 -0800
Subject: [PATCH] Gem repo template (#5774)

Signed-off-by: Alex Peterson <26804013+AMZN-alexpete@users.noreply.github.com>
---
 Templates/CMakeLists.txt             |  1 +
 Templates/GemRepo/Template/gem.json  | 19 +++++++++++++++++++
 Templates/GemRepo/Template/repo.json | 11 +++++++++++
 Templates/GemRepo/preview.png        |  3 +++
 Templates/GemRepo/template.json      | 27 +++++++++++++++++++++++++++
 engine.json                          |  1 +
 scripts/o3de/o3de/download.py        |  5 +++++
 7 files changed, 67 insertions(+)
 create mode 100644 Templates/GemRepo/Template/gem.json
 create mode 100644 Templates/GemRepo/Template/repo.json
 create mode 100644 Templates/GemRepo/preview.png
 create mode 100644 Templates/GemRepo/template.json

diff --git a/Templates/CMakeLists.txt b/Templates/CMakeLists.txt
index 9735907a6a..5f5d561a9f 100644
--- a/Templates/CMakeLists.txt
+++ b/Templates/CMakeLists.txt
@@ -14,5 +14,6 @@ ly_install_directory(
         DefaultGem
         DefaultProject
         MinimalProject
+        GemRepo
     VERBATIM
 )
diff --git a/Templates/GemRepo/Template/gem.json b/Templates/GemRepo/Template/gem.json
new file mode 100644
index 0000000000..292681b2b5
--- /dev/null
+++ b/Templates/GemRepo/Template/gem.json
@@ -0,0 +1,19 @@
+{
+    "gem_name": "${Name}Gem",
+    "display_name": "${Name}Gem",
+    "license": "What license ${Name}Gem uses goes here: i.e. Apache-2.0 Or MIT",
+    "license_url": "",
+    "origin": "The primary repo for ${Name}Gem goes here: i.e. http://www.mydomain.com",
+    "summary": "A short description of ${Name}Gem which is zipped up in an archive named gem.zip in the root of the Gem Repo. Though not required, it is recommended that the sha256 of the gem.zip file should be placed in the sha256 field of this gem.json so the download can be verified.",
+    "origin_uri": "${RepoURI}/gem.zip",
+    "sha256": "",
+    "type": "Code",
+    "canonical_tags": [
+        "Gem"
+    ],
+    "user_tags": [
+        "${Name}Gem"
+    ],
+    "icon_path": "preview.png",
+    "requirements": ""
+}
diff --git a/Templates/GemRepo/Template/repo.json b/Templates/GemRepo/Template/repo.json
new file mode 100644
index 0000000000..2af1fcfd2a
--- /dev/null
+++ b/Templates/GemRepo/Template/repo.json
@@ -0,0 +1,11 @@
+{
+    "repo_name":"${Name}",
+    "origin":"Origin for the ${Name} Gem Repository",
+    "repo_uri": "${RepoURI}",
+    "summary": "A Gem Repository with a single Gem in the root of the repository.",
+    "additional_info": "Additional info for ${Name}",
+    "last_updated": "",
+    "gems": [
+        "${RepoURI}"
+    ]
+}
diff --git a/Templates/GemRepo/preview.png b/Templates/GemRepo/preview.png
new file mode 100644
index 0000000000..78a2a735d2
--- /dev/null
+++ b/Templates/GemRepo/preview.png
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6ae503ec99c8358991dc3c6e50737844d3602b81a49abbbed7d697d7238547c0
+size 28026
diff --git a/Templates/GemRepo/template.json b/Templates/GemRepo/template.json
new file mode 100644
index 0000000000..88123a9dae
--- /dev/null
+++ b/Templates/GemRepo/template.json
@@ -0,0 +1,27 @@
+{
+    "template_name": "GemRepo",
+    "origin": "The primary repo for GemRepo goes here: i.e. http://www.mydomain.com",
+    "license": "What license GemRepo uses goes here: i.e. https://opensource.org/licenses/MIT",
+    "display_name": "GemRepo",
+    "summary": "A Gem Repository that contains a single Gem.",
+    "canonical_tags": [],
+    "user_tags": [
+        "GemRepo"
+    ],
+    "icon_path": "preview.png",
+    "copyFiles": [
+        {
+            "file": "gem.json",
+            "origin": "gem.json",
+            "isTemplated": true,
+            "isOptional": false
+        },
+        {
+            "file": "repo.json",
+            "origin": "repo.json",
+            "isTemplated": true,
+            "isOptional": false
+        }
+    ],
+    "createDirectories": []
+}
diff --git a/engine.json b/engine.json
index 05ccd0abfd..2d182c78aa 100644
--- a/engine.json
+++ b/engine.json
@@ -90,6 +90,7 @@
         "AutomatedTesting"
     ],
     "templates": [
+        "Templates/GemRepo",
         "Templates/AssetGem",
         "Templates/DefaultGem",
         "Templates/DefaultProject",
diff --git a/scripts/o3de/o3de/download.py b/scripts/o3de/o3de/download.py
index a3dca1a97e..e88355bf06 100644
--- a/scripts/o3de/o3de/download.py
+++ b/scripts/o3de/o3de/download.py
@@ -48,6 +48,11 @@ def validate_downloaded_zip_sha256(download_uri_json_data: dict, download_zip_pa
                     ' We cannot verify this is the actually the advertised object!!!')
         return 1
     else:
+        if len(sha256A) == 0:
+            logger.warning('SECURITY WARNING: The advertised o3de object you downloaded has no "sha256"!!! Be VERY careful!!!'
+                        ' We cannot verify this is the actually the advertised object!!!')
+            return 1
+
         with download_zip_path.open('rb') as f:
             sha256B = hashlib.sha256(f.read()).hexdigest()
             if sha256A != sha256B: