GitBross Acasă Explorează Ajutor
Înregistrare Autentificare
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

Add publishing integrity check after releasing (#4045)

Co-authored-by: Francisco <fg@frang.io>
Ernesto García 2 ani în urmă
părinte
6d18435098
comite
4e8aa43a90
4 a modificat fișierele cu 47 adăugiri și 1 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 25 0
      .github/workflows/release-cycle.yml
  2. 20 0
      scripts/release/workflow/integrity-check.sh
  3. 1 0
      scripts/release/workflow/pack.sh
  4. 1 1
      scripts/release/workflow/publish.sh

+ 25 - 0
.github/workflows/release-cycle.yml
Vizualizați fișierul 

@@ -142,6 +142,11 @@ jobs:
 
         run: bash scripts/release/workflow/pack.sh
 
         env:
 
           PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
 
+      - name: Upload tarball artifact
 
+        uses: actions/upload-artifact@v3
 
+        with:
 
+          name: ${{ github.ref_name }}
 
+          path: ${{ steps.pack.outputs.tarball }}
 
       - name: Tag
 
         run: npx changeset tag
 
       - name: Publish
 
@@ -158,6 +163,26 @@ jobs:
 
           PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
 
         with:
 
           script: await require('./scripts/release/workflow/github-release.js')({ github, context })
 
+    outputs:
 
+      tarball_name: ${{ steps.pack.outputs.tarball_name }}
 
+
 
+  integrity_check:
 
+    needs: publish
 
+    name: Tarball Integrity Check
 
+    runs-on: ubuntu-latest
 
+    steps:
 
+      - uses: actions/checkout@v3
 
+      - name: Download tarball artifact
 
+        id: artifact
 
+        # Replace with actions/upload-artifact@v3 when
 
+        # https://github.com/actions/download-artifact/pull/194 gets released
 
+        uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
 
+        with:
 
+          name: ${{ github.ref_name }}
 
+      - name: Check integrity
 
+        run: bash scripts/release/workflow/integrity-check.sh
 
+        env:
 
+          TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
 
 
   merge:
 
     needs: state

+ 20 - 0
scripts/release/workflow/integrity-check.sh
Vizualizați fișierul 

@@ -0,0 +1,20 @@
 
+#!/usr/bin/env bash
 
+
 
+set -euo pipefail
 
+
 
+CHECKSUMS="$RUNNER_TEMP/checksums.txt"
 
+
 
+# Extract tarball content into a tmp directory
 
+tar xf "$TARBALL" -C "$RUNNER_TEMP"
 
+
 
+# Move to extracted directory
 
+cd "$RUNNER_TEMP/package"
 
+
 
+# Checksum all Solidity files
 
+find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS"
 
+
 
+# Back to directory with git contents
 
+cd "$GITHUB_WORKSPACE/contracts"
 
+
 
+# Check against tarball contents
 
+shasum -c "$CHECKSUMS"

+ 1 - 0
scripts/release/workflow/pack.sh
Vizualizați fișierul 

@@ -20,6 +20,7 @@ dist_tag() {
 
 
 cd contracts
 
 TARBALL="$(npm pack | tee /dev/stderr | tail -1)"
 
+echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT
 
 echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT
 
 echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT
 
 cd ..

+ 1 - 1
scripts/release/workflow/publish.sh
Vizualizați fișierul 

@@ -15,6 +15,6 @@ delete_tag() {
 
 
 if [ "$TAG" = tmp ]; then
 
   delete_tag "$TAG"
 
-elif ["$TAG" = latest ]; then
 
+elif [ "$TAG" = latest ]; then
 
   delete_tag next
 
 fi