Add publishing integrity check after releasing (#4045)
Co-authored-by: Francisco <fg@frang.io>
This commit is contained in:
Ernesto García
GitHub
25
.github/workflows/release-cycle.yml
vendored
25
.github/workflows/release-cycle.yml
vendored
@ -142,6 +142,11 @@ jobs:
|
||||
run: bash scripts/release/workflow/pack.sh
|
||||
env:
|
||||
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
|
||||
- name: Upload tarball artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: ${{ github.ref_name }}
|
||||
path: ${{ steps.pack.outputs.tarball }}
|
||||
- name: Tag
|
||||
run: npx changeset tag
|
||||
- name: Publish
|
||||
@ -158,6 +163,26 @@ jobs:
|
||||
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
|
||||
with:
|
||||
script: await require('./scripts/release/workflow/github-release.js')({ github, context })
|
||||
outputs:
|
||||
tarball_name: ${{ steps.pack.outputs.tarball_name }}
|
||||
|
||||
integrity_check:
|
||||
needs: publish
|
||||
name: Tarball Integrity Check
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Download tarball artifact
|
||||
id: artifact
|
||||
# Replace with actions/upload-artifact@v3 when
|
||||
# https://github.com/actions/download-artifact/pull/194 gets released
|
||||
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
|
||||
with:
|
||||
name: ${{ github.ref_name }}
|
||||
- name: Check integrity
|
||||
run: bash scripts/release/workflow/integrity-check.sh
|
||||
env:
|
||||
TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
|
||||
|
||||
merge:
|
||||
needs: state
|
||||
|
||||
20
scripts/release/workflow/integrity-check.sh
Normal file
20
scripts/release/workflow/integrity-check.sh
Normal file
@ -0,0 +1,20 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
CHECKSUMS="$RUNNER_TEMP/checksums.txt"
|
||||
|
||||
# Extract tarball content into a tmp directory
|
||||
tar xf "$TARBALL" -C "$RUNNER_TEMP"
|
||||
|
||||
# Move to extracted directory
|
||||
cd "$RUNNER_TEMP/package"
|
||||
|
||||
# Checksum all Solidity files
|
||||
find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS"
|
||||
|
||||
# Back to directory with git contents
|
||||
cd "$GITHUB_WORKSPACE/contracts"
|
||||
|
||||
# Check against tarball contents
|
||||
shasum -c "$CHECKSUMS"
|
||||
@ -20,6 +20,7 @@ dist_tag() {
|
||||
|
||||
cd contracts
|
||||
TARBALL="$(npm pack | tee /dev/stderr | tail -1)"
|
||||
echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT
|
||||
echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT
|
||||
echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT
|
||||
cd ..
|
||||
|
||||
@ -15,6 +15,6 @@ delete_tag() {
|
||||
|
||||
if [ "$TAG" = tmp ]; then
|
||||
delete_tag "$TAG"
|
||||
elif ["$TAG" = latest ]; then
|
||||
elif [ "$TAG" = latest ]; then
|
||||
delete_tag next
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user