Skip to content

fix: allow non-interactive package publish with signing key #808

fix: allow non-interactive package publish with signing key

fix: allow non-interactive package publish with signing key #808

name: Test Package Create Checksums
on:
pull_request:
merge_group:
permissions:
contents: read
concurrency:
group: package-create-${{ github.ref }}
cancel-in-progress: true
jobs:
test-checksums:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- name: Build Zarf
run: make build
- name: Build examples
run: make build-examples ARCH=amd64
- name: Compare checksums
run: |
set -e
for f in hack/examples-checksums/*.txt
do
NAME=$(basename $f .txt)
CHECKSUM=$(tar Oxf build/$NAME.tar.zst checksums.txt | grep -v sboms.tar)
EXPECTED_CHECKSUM=$(cat $f | grep -v sboms.tar)
if [[ "$CHECKSUM" != "$EXPECTED_CHECKSUM" ]]
then
echo "Package $f does not have expected checksum."
echo "$CHECKSUM"
echo "-----"
echo "$EXPECTED_CHECKSUM"
exit 1
fi
done