pyTooling/Actions
1
0
Fork 0
mirror of https://github.com/pyTooling/Actions.git synced 2026-02-12 02:56:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compute and verify SHA256 checksums.

Browse Source
This commit is contained in:
Patrick Lehmann
2025-06-19 15:35:41 +02:00
parent 68f708d79c
commit 2f7fa88c36
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
.github/workflows/PublishReleaseNotes.yml vendored
View File

@@ -525,6 +525,8 @@ jobs:
declare -A downloadedArtifacts declare -A downloadedArtifacts
# A dictionary to check for duplicate asset files in release # A dictionary to check for duplicate asset files in release
declare -A assetFilenames declare -A assetFilenames
# A dictionary of SHA256 checksums
declare -A sha256Checksums
while IFS=$'\r\n' read -r assetLine; do while IFS=$'\r\n' read -r assetLine; do
if [[ "${assetLine}" == "" || "${assetLine:0:1}" == "#" ]]; then if [[ "${assetLine}" == "" || "${assetLine:0:1}" == "#" ]]; then
continue continue
@@ -552,7 +554,7 @@ jobs:
asset="$(Replace "${asset}")" asset="$(Replace "${asset}")"
title="$(Replace "${title}")" title="$(Replace "${title}")"
printf "Publish asset '%s' from artifact '%s' with title '%s'\n" "${asset}" "${artifact}" "${title}" printf "${ANSI_LIGHT_BLUE}Publish asset '%s' from artifact '%s' with title '%s'${ANSI_NOCOLOR}\n" "${asset}" "${artifact}" "${title}"
printf " Checked asset for duplicates ... " printf " Checked asset for duplicates ... "
if [[ -n "${assetFilenames[$asset]}" ]]; then if [[ -n "${assetFilenames[$asset]}" ]]; then
printf "${ANSI_LIGHT_RED}[ERROR]${ANSI_NOCOLOR}\n" printf "${ANSI_LIGHT_RED}[ERROR]${ANSI_NOCOLOR}\n"
@@ -566,7 +568,7 @@ jobs:
# Download artifact by artifact name # Download artifact by artifact name
if [[ -n "${downloadedArtifacts[$artifact]}" ]]; then if [[ -n "${downloadedArtifacts[$artifact]}" ]]; then
printf " downloading '%s' ... ${ANSI_LIGHT_YELLOW}[SKIPPED]${ANSI_NOCOLOR}\n" "${artifact}" printf " downloading artifact '%s' ... ${ANSI_LIGHT_YELLOW}[SKIPPED]${ANSI_NOCOLOR}\n" "${artifact}"
else else
echo " downloading '${artifact}' ... " echo " downloading '${artifact}' ... "
printf " gh run download $GITHUB_RUN_ID --dir \"%s\" --name \"%s\" " "${artifact}" "${artifact}" printf " gh run download $GITHUB_RUN_ID --dir \"%s\" --name \"%s\" " "${artifact}" "${artifact}"
@@ -701,6 +703,11 @@ jobs:
continue continue
fi fi
printf " compute SHA256 checksum of '${uploadFile}' ... "
sha256=$(sha256sum -b ${uploadFile} | cut -d " " -f1)
sha256Checksums[$asset]="sha256:${sha256}"
printf "${ANSI_LIGHT_BLUE}${sha256}${ANSI_NOCOLOR}\n"
# Add asset to JSON inventory # Add asset to JSON inventory
if [[ "${{ inputs.inventory-json }}" != "" ]]; then if [[ "${{ inputs.inventory-json }}" != "" ]]; then
if [[ "${categories}" != "${title}" ]]; then if [[ "${categories}" != "${title}" ]]; then
@@ -708,8 +715,9 @@ jobs:
category="" category=""
jsonEntry=$(jq -c -n \ jsonEntry=$(jq -c -n \
--arg title "${title}" \ --arg title "${title}" \
--arg sha256 "${sha256}" \
--arg file "${uploadFile#*/}" \ --arg file "${uploadFile#*/}" \
'{"file": $file, "title": $title}' \ '{"file": $file, "sha256": $sha256, "title": $title}' \
) )
while [[ "${categories}" != "${category}" ]]; do while [[ "${categories}" != "${category}" ]]; do
@@ -733,6 +741,20 @@ jobs:
gh release upload ${{ inputs.tag }} "${uploadFile}#${title}" --clobber gh release upload ${{ inputs.tag }} "${uploadFile}#${title}" --clobber
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
printf "${ANSI_LIGHT_GREEN}[OK]${ANSI_NOCOLOR}\n" printf "${ANSI_LIGHT_GREEN}[OK]${ANSI_NOCOLOR}\n"
printf " checking assets SHA256 checksum ... \n"
ghSHA256=$(gh release view --json assets --jq ".assets[] | select(.name == \"${asset}\") | .digest" ${{ inputs.tag }})
if [[ "${ghSHA256}" == "${sha256Checksums[$asset]}" ]]; then
printf "${ANSI_LIGHT_GREEN}[PASSED]${ANSI_NOCOLOR}\n"
else
printf "${ANSI_LIGHT_RED}[FAILED]${ANSI_NOCOLOR}\n"
printf " ${ANSI_LIGHT_RED}SHA256 checksum compare failed.${ANSI_NOCOLOR}\n"
printf " ${ANSI_LIGHT_RED}Local: %s${ANSI_NOCOLOR}\n" "${sha256Checksums[$asset]}"
printf " ${ANSI_LIGHT_RED}GitHub: %s${ANSI_NOCOLOR}\n" "${ghSHA256}"
printf "::error title=%s::%s\n" "ChecksumError" "SHA256 checksum compare failed. Local=${sha256Checksums[$asset]} GitHub=${ghSHA256}"
ERRORS=$((ERRORS + 1))
continue
fi
else else
printf "${ANSI_LIGHT_RED}[ERROR]${ANSI_NOCOLOR}\n" printf "${ANSI_LIGHT_RED}[ERROR]${ANSI_NOCOLOR}\n"
printf " ${ANSI_LIGHT_RED}Couldn't upload asset '%s' from '%s' to release '%s'.${ANSI_NOCOLOR}\n" "${asset}" "${uploadFile}" "${{ inputs.tag }}" printf " ${ANSI_LIGHT_RED}Couldn't upload asset '%s' from '%s' to release '%s'.${ANSI_NOCOLOR}\n" "${asset}" "${uploadFile}" "${{ inputs.tag }}"

2
tests/requirements.txt
View File

@@ -9,5 +9,5 @@ pytest-cov ~= 6.2
# Static Type Checking # Static Type Checking
mypy ~= 1.16 mypy ~= 1.16
typing_extensions ~= 4.13 typing_extensions ~= 4.14
lxml ~= 5.4 lxml ~= 5.4