# Attempts to download all files from `gupax.io` # and verify the SHA256SUMS & PGP signature. name: gupax.io on: schedule: - cron: "0 2 * * *" workflow_dispatch: push: branches: [ "main" ] env: CARGO_TERM_COLOR: always jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Download Windows Bundle run: wget --content-disposition "https://gupax.io/windows-bundle" - name: Download Windows Standalone run: wget --content-disposition "https://gupax.io/windows" - name: Download macOS Bundle run: wget --content-disposition "https://gupax.io/macos-bundle" - name: Download macOS Standalone run: wget --content-disposition "https://gupax.io/macos" - name: Download Linux Bundle run: wget --content-disposition "https://gupax.io/linux-bundle" - name: Download Linux Standalone run: wget --content-disposition "https://gupax.io/linux" - name: Download Hashes run: wget --content-disposition "https://gupax.io/sha256sums" - name: Download PGP key run: wget --content-disposition "https://gupax.io/hinto" - name: Verify PGP key run: bash -c "[[ $(sha256sum "hinto.asc" | awk '{print $1}') == 02242a2c4b4dfb2f49d30a15630a301c72910e6e5c212d432c8b7ff438696b00 ]]" - name: Import PGP key run: gpg --import hinto.asc - name: Verify Hashes run: sha256sum -c SHA256SUMS.txt - name: Verify PGP Signature run: gpg --verify SHA256SUMS.txt - name: Remove Old Hashes run: rm SHA256SUMS.txt - name: Download Hashes (GitHub) run: wget --content-disposition "https://github.com/hinto-janai/gupax/releases/latest/download/SHA256SUMS" - name: Verify Hashes (GitHub) run: sha256sum -c SHA256SUMS - name: Verify PGP Signature (GitHub) run: gpg --verify SHA256SUMS