NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add publishing integrity check after releasing (#4045)

Browse Source 
Co-authored-by: Francisco <fg@frang.io>
This commit is contained in:
Ernesto García
2023-02-15 15:21:29 -06:00
committed by GitHub
parent 6d18435098
commit 4e8aa43a90
4 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/release-cycle.yml vendored
View File

@ -142,6 +142,11 @@ jobs:
run: bash scripts/release/workflow/pack.sh run: bash scripts/release/workflow/pack.sh
env: env:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }} PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
- name: Upload tarball artifact
uses: actions/upload-artifact@v3
with:
name: ${{ github.ref_name }}
path: ${{ steps.pack.outputs.tarball }}
- name: Tag - name: Tag
run: npx changeset tag run: npx changeset tag
- name: Publish - name: Publish
@ -158,6 +163,26 @@ jobs:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }} PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
with: with:
script: await require('./scripts/release/workflow/github-release.js')({ github, context }) script: await require('./scripts/release/workflow/github-release.js')({ github, context })
outputs:
tarball_name: ${{ steps.pack.outputs.tarball_name }}
integrity_check:
needs: publish
name: Tarball Integrity Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download tarball artifact
id: artifact
# Replace with actions/upload-artifact@v3 when
# https://github.com/actions/download-artifact/pull/194 gets released
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: ${{ github.ref_name }}
- name: Check integrity
run: bash scripts/release/workflow/integrity-check.sh
env:
TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
merge: merge:
needs: state needs: state

20
scripts/release/workflow/integrity-check.sh Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -euo pipefail
CHECKSUMS="$RUNNER_TEMP/checksums.txt"
# Extract tarball content into a tmp directory
tar xf "$TARBALL" -C "$RUNNER_TEMP"
# Move to extracted directory
cd "$RUNNER_TEMP/package"
# Checksum all Solidity files
find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS"
# Back to directory with git contents
cd "$GITHUB_WORKSPACE/contracts"
# Check against tarball contents
shasum -c "$CHECKSUMS"

1
scripts/release/workflow/pack.sh
View File

@ -20,6 +20,7 @@ dist_tag() {
cd contracts cd contracts
TARBALL="$(npm pack | tee /dev/stderr | tail -1)" TARBALL="$(npm pack | tee /dev/stderr | tail -1)"
echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT
echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT
echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT
cd .. cd ..

2
scripts/release/workflow/publish.sh
View File

@ -15,6 +15,6 @@ delete_tag() {
if [ "$TAG" = tmp ]; then if [ "$TAG" = tmp ]; then
delete_tag "$TAG" delete_tag "$TAG"
elif ["$TAG" = latest ]; then elif [ "$TAG" = latest ]; then
delete_tag next delete_tag next
fi fi