Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SHA's for released packages and include them in package notes #948

Merged
merged 9 commits into from
Jan 28, 2021
Merged

Generate SHA's for released packages and include them in package notes #948

merged 9 commits into from
Jan 28, 2021

Conversation

thboop
Copy link
Collaborator

@thboop thboop commented Jan 27, 2021
edited
Loading

This PR updates the release process to include sha256 hashes of the runner downloads. Users can use these to verify that they have downloaded the correct runner and it has not been tampered with.

Example (fake) runner release is found here

@thboop thboop requested a review from TingluoHuang January 27, 2021 20:20
@thboop thboop requested a review from a team as a code owner January 27, 2021 20:20
thboop
thboop commented Jan 27, 2021
View reviewed changes
.github/workflows/release.yml
- run: |
file=$(ls)
sha=$(sha256sum $file | awk '{ print $1 }')
echo "Computed sha256: $sha for $file"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

helpful for debugging and lets us ensure the sha gets into the build log.

ericsciple
ericsciple reviewed Jan 27, 2021
View reviewed changes
.github/workflows/release.yml
@@ -45,6 +45,12 @@ jobs:

build:
needs: check
outputs:
linux-x64-sha: ${{ steps.sha.outputs.linux-x64-sha256 }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curious whether ${{ matrix.runtime }}-sha: ${{ steps.compute-sha.outputs.sha }} would work?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok to be explicit too... looks like there is another place below where we have to repeat the runtimes, so whatevs :)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other way around repeating platforms in multiple places might be to upload as part of artifact

@thboop thboop merged commit fe8a56f into actions:main Jan 28, 2021
TingluoHuang pushed a commit that referenced this pull request Apr 21, 2021
@thboop @TingluoHuang
Generate SHA's for released packages and include them in package notes (
81810c6 
#948)

* Update release.yml

Compute Sha's for release builds

* Update release notes with shas

* Update releaseNote.md

* Update release.yml

* Update release.yml

* Update release.yml

* Add Ability to Get Sha's

* fix typo

* remove debug code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericsciple ericsciple ericsciple left review comments

@TingluoHuang TingluoHuang TingluoHuang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thboop @TingluoHuang @ericsciple