Skip to content

feat(installer): use GitHub API digests for checksum verification#108

Merged
CalvinAllen merged 2 commits intomainfrom
feature/github-api-digests
Dec 12, 2025
Merged

feat(installer): use GitHub API digests for checksum verification#108
CalvinAllen merged 2 commits intomainfrom
feature/github-api-digests

Conversation

@CalvinAllen
Copy link
Contributor

@CalvinAllen CalvinAllen commented Dec 12, 2025

Summary

  • Replace separate .sha256 checksum files with GitHub's built-in SHA256 digests from the release API
  • Update install.sh to fetch release info from API and extract digest using grep/sed (no jq dependency)
  • Update install.ps1 to use Invoke-RestMethod for native JSON parsing of release data
  • Remove .sha256 file generation and upload steps from release workflow
  • Graceful fallback: If digest is not available (older releases), verification is skipped with a warning

Test plan

  • Test install.sh on Linux/macOS with current release (should warn about missing digest)
  • Test install.ps1 on Windows with current release (should warn about missing digest)
  • Verify release workflow builds successfully without .sha256 generation
  • After next release, verify installers correctly fetch and verify digests from API

Closes #103

@CalvinAllen
feat(installer): use GitHub API digests for checksum verification
176fcc1 
Replace separate .sha256 checksum files with GitHub's built-in SHA256
digests from the release API. This simplifies the release process and
leverages GitHub's native asset digest feature.

Changes:
- install.sh: Fetch release info and extract digest from API response
- install.ps1: Use Invoke-RestMethod to get release data with digests
- release.yml: Remove .sha256 file generation and upload steps

Closes #103
@CalvinAllen
Merge branch 'main' into feature/github-api-digests
ab8fcfa
@CalvinAllen CalvinAllen merged commit 19e25b1 into main Dec 12, 2025
12 checks passed
@CalvinAllen CalvinAllen deleted the feature/github-api-digests branch December 12, 2025 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Consider using GitHub API digests instead of .sha256 files

1 participant

@CalvinAllen