Importing JosiahSiegel's checksum-validate-action GitHub Action

.github/actions/checksum-validate-action/.github/dependabot.yml

@@ -0,0 +1,13 @@
+# Dependabot general documentation:
+# https://docs.github.com/en/code-security/dependabot
+# Please see the documentation for all configuration options:
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # GitHub Actions workflows
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/actions/checksum-validate-action/.github/workflows/test_action.yml

@@ -0,0 +1,119 @@
+name: Test Action
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  generate-checksums:
+    name: Test generate checksum on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Generate checksum of string
+        uses: ./
+        with:
+          key: test string
+          input: hello world
+
+      - name: Generate checksum of command output
+        uses: ./
+        with:
+          key: test command
+          input: $(cat action.yml)
+
+  validate-checksums:
+    name: Test validate checksum on ${{ matrix.os }}
+    needs:
+      - generate-checksums
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Validate checksum of valid string
+        id: valid-string
+        uses: ./
+        with:
+          key: test string
+          validate: true
+          fail-invalid: true
+          input: hello world
+      - name: Fail if output of valid string is wrong
+        if: steps.valid-string.outputs.valid != 'true'
+        run: exit 1
+
+      - name: Validate checksum of INVALID string
+        id: invalid-string
+        uses: ./
+        with:
+          key: test string
+          validate: true
+          fail-invalid: false
+          input: hello world!
+      - name: Fail if output of INVALID string is wrong
+        if: steps.invalid-string.outputs.valid != 'false'
+        run: exit 1
+
+      - name: Validate checksum of valid command output
+        id: valid-command
+        uses: ./
+        with:
+          key: test command
+          validate: true
+          fail-invalid: true
+          input: $(cat action.yml)
+      - name: Fail if output of valid command is wrong
+        if: steps.valid-command.outputs.valid != 'true'
+        run: exit 1
+
+      - name: Validate checksum of INVALID command output
+        id: invalid-command
+        uses: ./
+        with:
+          key: test command
+          validate: true
+          fail-invalid: false
+          input: $(cat README.md)
+      - name: Fail if output of INVALID command is wrong
+        if: steps.invalid-command.outputs.valid != 'false'
+        run: exit 1
+
+  validate-checksum-failures:
+    name: Test checksum failures on ${{ matrix.os }}
+    needs:
+      - generate-checksums
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Validate checksum of INVALID string
+        continue-on-error: true
+        uses: ./
+        with:
+          key: test string
+          validate: true
+          fail-invalid: true
+          input: hello world!
+
+      - name: Validate checksum of INVALID command output
+        continue-on-error: true
+        uses: ./
+        with:
+          key: test command
+          validate: true
+          fail-invalid: true
+          input: $(cat README.md)

.github/actions/checksum-validate-action/README.md

@@ -0,0 +1,94 @@
+# Checksum Validate Action
+
+[![Test Action](https://github.com/JosiahSiegel/checksum-validate-action/actions/workflows/test_action.yml/badge.svg)](https://github.com/JosiahSiegel/checksum-validate-action/actions/workflows/test_action.yml)
+
+## Synopsis
+
+1. Generate a checksum from either a string or shell command (use command substitution: `$()`).
+2. Validate if checksum is identical to input (even across multiple jobs), using a `key` to link the validation attempt with the correct generated checksum.
+   * Validation is possible across jobs since the checksum is uploaded as a workflow artifact
+
+## Usage
+
+```yml
+jobs:
+  generate-checksums:
+    name: Generate checksum
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Generate checksum of string
+        uses: JosiahSiegel/checksum-validate-action@v1
+        with:
+          key: test string
+          input: hello world
+
+      - name: Generate checksum of command output
+        uses: JosiahSiegel/checksum-validate-action@v1
+        with:
+          key: test command
+          input: $(cat action.yml)
+
+  validate-checksums:
+    name: Validate checksum
+    needs:
+      - generate-checksums
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Validate checksum of valid string
+        id: valid-string
+        uses: JosiahSiegel/checksum-validate-action@v1
+        with:
+          key: test string
+          validate: true
+          fail-invalid: true
+          input: hello world
+
+      - name: Validate checksum of valid command output
+        id: valid-command
+        uses: JosiahSiegel/checksum-validate-action@v1
+        with:
+          key: test command
+          validate: true
+          fail-invalid: true
+          input: $(cat action.yml)
+
+      - name: Get outputs
+        run: |
+          echo ${{ steps.valid-string.outputs.valid }}
+          echo ${{ steps.valid-command.outputs.valid }}
+```
+
+## Workflow summary
+
+### ✅ test string checksum valid ✅
+
+### ❌ test string checksum INVALID ❌
+
+## Inputs
+
+```yml
+inputs:
+  validate:
+    description: Check if checksums match
+    default: false
+  key:
+    description: String to keep unique checksums separate
+    required: true
+  fail-invalid:
+    description: Fail step if invalid checksum
+    default: false
+  input:
+    description: String or command for checksum
+    required: true
+```
+
+## Outputs
+```yml
+outputs:
+  valid:
+    description: True if checksums match
+```

.github/actions/checksum-validate-action/action.yml

@@ -0,0 +1,111 @@
+# action.yml
+name: Checksum Validate Action
+description: Generate and validate checksums
+branding:
+  icon: 'lock'
+  color: 'orange'
+inputs:
+  validate:
+    description: Check if checksums match
+    default: false
+  key:
+    description: String to keep unique checksums separate
+    required: true
+  fail-invalid:
+    description: Fail step if invalid checksum
+    default: false
+  input:
+    description: String or command for checksum
+    required: true
+outputs:
+  valid:
+    description: True if checksums match
+    value: ${{ steps.validate_checksum.outputs.valid }}
+
+runs:
+  using: "composite"
+  steps:
+
+    # CHECKSUM START
+    - name: Generate SHA
+      uses: nick-fields/[email protected]
+      with:
+        max_attempts: 5
+        retry_on: any
+        timeout_seconds: 10
+        retry_wait_seconds: 15
+        command: |
+          function fail {
+              printf '%s\n' "$1" >&2
+              exit "${2-1}"
+          }
+          input_cmd="${{ inputs.input }}" || fail
+          sha="$(echo "$input_cmd" | sha256sum)"
+          echo "sha=$sha" >> $GITHUB_ENV
+          echo "success=true" >> $GITHUB_ENV
+
+    - name: Get input SHA
+      if: env.success
+      id: input_sha
+      shell: bash
+      run: echo "sha=${{ env.sha }}" >> $GITHUB_OUTPUT
+
+    - name: Get input SHA
+      if: env.success != 'true'
+      shell: bash
+      run: |
+        echo "failed to generate sha"
+        exit 1
+    # CHECKSUM END
+
+    # UPLOAD FILE START
+    - name: Create checksum file
+      if: inputs.validate != 'true'
+      shell: bash
+      run: |
+        echo "${{ steps.input_sha.outputs.sha }}" > "${{ github.sha }}-${{ inputs.key }}.txt"
+
+    - name: Upload checksum file
+      if: inputs.validate != 'true'
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+      with:
+        name: "${{ github.sha }}-${{ inputs.key }}.txt"
+        path: "${{ github.sha }}-${{ inputs.key }}.txt"
+        retention-days: 5
+    # UPLOAD FILE END
+
+    # VALIDATE FILE START
+    - name: Download checksum file
+      if: inputs.validate == 'true'
+      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe
+      with:
+        name: "${{ github.sha }}-${{ inputs.key }}.txt"
+
+    - name: Validate pre and post checksums
+      if: inputs.validate == 'true'
+      id: validate_checksum
+      shell: bash
+      run: |
+        echo "${{ steps.input_sha.outputs.sha }}" > "${{ github.sha }}-${{ inputs.key }}-2.txt"
+        DIFF=$(diff -q "${{ github.sha }}-${{ inputs.key }}-2.txt" "${{ github.sha }}-${{ inputs.key }}.txt") || true
+        codevalid=true
+        if [ "$DIFF" != "" ]
+        then
+          codevalid=false
+        fi
+        echo "valid=$codevalid" >> $GITHUB_OUTPUT
+
+    - name: Create summary
+      if: inputs.validate == 'true'
+      run: |
+        # Use ternary operator to assign emoji based on validity
+        emoji=${{ steps.validate_checksum.outputs.valid == 'true' && '✅' || '❌' }}
+        valid=${{ steps.validate_checksum.outputs.valid == 'true' && 'valid' || 'INVALID' }}
+        echo "### $emoji ${{ inputs.key }} checksum $valid $emoji" >> $GITHUB_STEP_SUMMARY
+      shell: bash
+    # VALIDATE FILE END
+
+    - name: Fail if invalid checksum
+      if: inputs.validate == 'true' && steps.validate_checksum.outputs.valid == 'false' && inputs.fail-invalid == 'true'
+      run: exit 1
+      shell: bash