mirror of
https://github.com/monero-project/monero-site.git
synced 2024-12-23 03:59:26 +00:00
ci: Validate hashes.txt
This commit is contained in:
parent
019da8e19b
commit
ad5987cc36
1 changed files with 50 additions and 0 deletions
50
.github/workflows/hashes.yaml
vendored
Normal file
50
.github/workflows/hashes.yaml
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
name: Validate Hashes
|
||||
on:
|
||||
push:
|
||||
paths:
|
||||
- 'downloads/hashes.txt'
|
||||
- '_data/downloads.yml'
|
||||
pull_request:
|
||||
paths:
|
||||
- 'downloads/hashes.txt'
|
||||
- '_data/downloads.yml'
|
||||
jobs:
|
||||
validate-hashes:
|
||||
name: Validate Hashes
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get install -y --no-install-recommends curl gpg jq python-pip
|
||||
sudo pip install yq
|
||||
- name: Verify hashes.txt signature
|
||||
run: |
|
||||
gpg --recv-keys 81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92
|
||||
gpg --verify downloads/hashes.txt
|
||||
- name: Download releases
|
||||
run: |
|
||||
for file in $(awk '/monero-/ {print $2}' downloads/hashes.txt); do
|
||||
[ -f $file ] && continue
|
||||
echo Downloading $file...
|
||||
dir=cli
|
||||
if [[ $file =~ gui ]]; then
|
||||
dir=gui
|
||||
fi
|
||||
url=https://dlsrc.getmonero.org/${dir}/${file}
|
||||
curl -sLO $url
|
||||
done
|
||||
- name: Verify hashes.txt hashes
|
||||
run: |
|
||||
grep monero- downloads/hashes.txt | sha256sum -c
|
||||
- name: Verify downloads.yml hashes
|
||||
run: |
|
||||
yq -r '.[] | .[0].downloads[] | "\(.link)|\(.hash)"' _data/downloads.yml | grep -v github |
|
||||
while read line; do
|
||||
[ -z "$line" ] && continue
|
||||
url=$(echo $line | cut -d'|' -f1)
|
||||
hash=$(echo $line | cut -d'|' -f2)
|
||||
filename=$(curl -sLI $url | awk -F '/' '/^Location:/ {print $NF}' | tail -n1 | sed 's/\r//')
|
||||
echo "$hash $filename" | sha256sum -c
|
||||
done
|
Loading…
Reference in a new issue