gupaxx/.github/workflows/download.yml
2023-03-27 14:08:00 -04:00

53 lines
1.9 KiB
YAML

# Attempt downloading all files from `gupax.io`
# and verifies the SHA256SUMS & PGP signature.
name: gupax.io
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
env:
CARGO_TERM_COLOR: always
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download Windows Bundle
run: wget --content-disposition "https://gupax.io/windows-bundle"
- name: Download Windows Standalone
run: wget --content-disposition "https://gupax.io/windows"
- name: Download macOS Bundle
run: wget --content-disposition "https://gupax.io/macos-bundle"
- name: Download macOS Standalone
run: wget --content-disposition "https://gupax.io/macos"
- name: Download Linux Bundle
run: wget --content-disposition "https://gupax.io/linux-bundle"
- name: Download Linux Standalone
run: wget --content-disposition "https://gupax.io/linux"
- name: Download Hashes
run: wget --content-disposition "https://gupax.io/sha256sums"
- name: Download PGP key
run: wget --content-disposition "https://gupax.io/hinto"
- name: Verify PGP key
run: bash -c "[[ $(sha256sum "hinto.asc" | awk '{print $1}') == 02242a2c4b4dfb2f49d30a15630a301c72910e6e5c212d432c8b7ff438696b00 ]]"
- name: Import PGP key
run: gpg --import hinto.asc
- name: Verify Hashes
run: sha256sum -c SHA256SUMS.txt
- name: Verify PGP Signature
run: gpg --verify SHA256SUMS.txt
- name: Remove Old Hashes
run: rm SHA256SUMS.txt
- name: Download Hashes (GitHub)
run: wget --content-disposition "https://github.com/hinto-janai/gupax/releases/latest/download/SHA256SUMS"
- name: Verify Hashes (GitHub)
run: sha256sum -c SHA256SUMS
- name: Verify PGP Signature (GitHub)
run: gpg --verify SHA256SUMS