monero-site/.github/workflows/hashes.yaml
Matt Smith fcbae2a54e
ci: Fix hash checking workflow
* Download bF's key from GitHub instead of from unreliable keyserver
* Resolve redirects manually instead of checking server
2020-08-19 19:35:41 +01:00

72 lines
2.8 KiB
YAML

---
name: Validate Hashes
on:
push:
paths:
- 'downloads/hashes.txt'
- '_data/downloads.yml'
pull_request:
paths:
- 'downloads/hashes.txt'
- '_data/downloads.yml'
jobs:
validate-hashes:
name: Validate Hashes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: |
sudo apt-get install -y --no-install-recommends curl gpg jq python-pip
sudo pip install yq
- name: Verify hashes.txt signature
run: |
curl -sL https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc |
gpg --import
gpg --verify downloads/hashes.txt
- name: Download releases
run: |
for file in $(awk '/monero-/ {print $2}' downloads/hashes.txt); do
[ -f $file ] && continue
echo Downloading $file...
dir=cli
if [[ $file =~ gui ]]; then
dir=gui
fi
url=https://dlsrc.getmonero.org/${dir}/${file}
curl -sLO $url
done
- name: Verify hashes.txt hashes
run: |
grep monero- downloads/hashes.txt | sha256sum -c
- name: Verify downloads.yml hashes
run: |
yq -r '.[] | .[0].downloads[] | "\(.link)|\(.hash)"' _data/downloads.yml | grep -v github |
while read line; do
[ -z "$line" ] && continue
url=$(echo $line | cut -d'|' -f1)
hash=$(echo $line | cut -d'|' -f2)
filename=
case $url in
*gui/win64install) filename=monero-gui-install-win-x64 ;;
*gui/win64) filename=monero-gui-win-x64 ;;
*gui/mac64) filename=monero-gui-mac-x64 ;;
*gui/linux64) filename=monero-gui-linux-x64 ;;
*cli/win64) filename=monero-win-x64 ;;
*cli/win32) filename=monero-win-x86 ;;
*cli/mac64) filename=monero-mac-x64 ;;
*cli/linux64) filename=monero-linux-x64 ;;
*cli/linux32) filename=monero-linux-x86 ;;
*cli/linuxarm8) filename=monero-linux-armv8 ;;
*cli/linuxarm7) filename=monero-linux-armv7 ;;
*cli/androidarm8) filename=monero-android-armv8 ;;
*cli/androidarm7) filename=monero-android-armv7 ;;
*cli/freebsd64) filename=monero-freebsd-x64 ;;
*)
echo "Unknown url $url" >&2
exit 1
;;
esac
filename=$(awk "/${filename}/ {print \$2}" downloads/hashes.txt)
echo "$hash $filename" | sha256sum -c
done