ci: add sha256 checksums #103
Conversation
I want to create a scoop install manifest, but the version inside the zipped folder is pretty uncommon, the usual way is `$app_name-$target_platform` with the zip, can we please rename it?
|
Current scoop manifest {
"version": "0.11.3",
"description": "A CLI task runner defined by a simple markdown file.",
"homepage": "https://github.com/jacobdeichert/mask",
"license": "MIT",
"architecture": {
"64bit": {
"url": "https://github.com/jacobdeichert/mask/releases/download/v0.11.3/mask-v0.11.3-x86_64-pc-windows-msvc.zip",
"hash": "0d849c344fdcb64b0047ce1faf95f8c6cb9b4d282f1a6c78e9f30132d9bace55"
}
},
"extract_dir": "mask-x86_64-pc-windows-msvc",
"bin": "mask.exe",
"checkver": {
"github": "https://github.com/jacobdeichert/mask"
},
"autoupdate": {
"architecture": {
"64bit": {
"url": "https://github.com/jacobdeichert/mask/releases/download/v$version/mask-v$version-x86_64-pc-windows-msvc.zip"
}
},
"hash": {
"url": "$url.sha256"
}
}
} |
.github/workflows/release.yml
Outdated
| - name: Attach the binary to the release | ||
| shell: bash | ||
| run: ./.github/actions/attach-release-assets/run.sh ./*.sha256 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
I'm not sure if it is worth to have the hassle to change the whole bash script, so I just called it twice to upload the sha checksums as well? Is that ok?
|
Afaic |
simonsan
changed the title
|
Hey, thanks for the PR. I don't have time to review right now, but will aim to catch up with this in a few weeks. Regarding removing the version, I'm not sure yet, I'll have to consider it. Many other rust tools follow the same convention, including the version in the zip name. Here's another example https://github.com/sharkdp/fd/releases |
simonsan
changed the title
Found a way to circumvent that with the version name in the zip folder so I removed the code and just let the sha checksum stuff inside. 👍🏽 |
|
Hey @simonsan, thanks for keeping this PR open with the checksums - this looks pretty good! Before merging as is, I'm going to take a look at some other rust projects and see if it's common to upload checksums as a release asset or if it's more common to just add the checksums to the release notes/description area. If you happen to know of any other rust projects that do one or the other, let me know 👍 I'll get back to this within the next week hopefully. I plan on automating the mask release process this month and will be cutting a new release after that is done. |
That would be pretty bad, as that would actively work against automating checking checksums when downloading. Where you could just download both, checksums and the zipped binaries and use the checksums from the file. You would rather need to parse the checksum from the text description area. Unfortunately, fewer projects upload their checksums at all, so I can't really show examples in this very moment. I would recommend uploading them as an extra asset, though, as having them in the description would be a pretty bad idea going against automation. |
Oh, okay this makes sense for automation purposes 👍 |
I want to create a scoop install manifest, but the version inside the zipped folder is pretty uncommon, the usual way is
$app_name-$target_platformwith the zip, can we please rename it?It would be also lovely, if we could add SHA256 hashes to the release, do you want me to add that as well in this PR?