build: upload checksums file #552
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For the 4.0.0-alpha.37 release, this file would contain:
64e801c83569759a0f877791fe0138fecbb3386eeb7167fd25a5e8f9624dda49 configlet-linux-64bit.tgz
6ad208cd881c048e42146dfc183cf4772b3ce4609460062b3ff4c67d856df81d configlet-mac-64bit.tgz
48c521bb514ea8af2bb91c1129e68c9e90dfa2218b732ddce5c34372a99013b1 configlet-windows-64bit.zip
A user can download the checksum file and a release archive, and then
verify the archive was downloaded correctly. For example, on Linux:
$ sha256sum --check --ignore-missing configlet_4.0.0-alpha.37_checksums_sha256.txt
configlet-linux-64bit.tgz: OK
I didn't need this in my initial implementation, because I was uploading in `publish-release` conditionally (without a dependent job).
ee7
commented
Apr 12, 2022
|
|
||
| # Write checksums file | ||
| cd "${download_dir}" || exit | ||
| checksums_file="configlet_${build_tag}_checksums_sha256.txt" |
There was a problem hiding this comment.
I'm using underscores here (despite the current naming convention using hyphens) because:
- We need to change the naming convention in the future to support extra platforms.
- Semantic versioning allows only hyphens for naming prerelease versions, and using underscores everywhere else helps indicate that.
- I think it's more readable.
One project that uses underscores for release assets is https://github.com/cli/cli/releases
See #363.
There was a problem hiding this comment.
Those seem like reasonable arguments.
ErikSchierboom
approved these changes
Apr 13, 2022
|
|
||
| # Write checksums file | ||
| cd "${download_dir}" || exit | ||
| checksums_file="configlet_${build_tag}_checksums_sha256.txt" |
There was a problem hiding this comment.
Those seem like reasonable arguments.
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For the configlet 4.0.0-alpha.37 release, this file would contain:
A user can download the checksum file and a release archive, and then
verify the archive was downloaded correctly. For example, on Linux:
In the future, we can consider signing this file (see #548).
Closes: #457
Tested on my fork (triggered by pushing a tag named
build-upload-checksums.3to my fork):Verifying by downloading the assets: