Generate .sha256sum files for release artifacts #2323
Conversation
I am *very much* not confident that sha256sum is available on the Windows runner images, so unsure that this will work in its current form.
There was a problem hiding this comment.
Nice! It's probably best not to make the different jobs depend on each other, since it might complicate debugging if something breaks.
On macOS you'll have to use shasum -a 256, which I think is also available on Linux, so you can use that on all non-windows machines.
If shasum -a 256 isn't available on Windows (I have no idea, but it's probably worth a shot, who knows what they have installed on the runners.) you can use certutil -hashfile FILE SHA256. (As much as I would like to pretend that I somehow knew this, Claude told me.)
So maybe change it to use shasum -a 256 on all platforms, and I'll kick off a job by pushing a test branch to GitHub.
Also, see the comment about possibly avoiding needing to create another output variable.
.github/workflows/release.yaml
Outdated
| files: ${{ steps.package.outputs.archive }} | ||
| files: | | ||
| ${{ steps.package.outputs.archive }} | ||
| ${{ steps.package.outputs.archive-checksum }} |
There was a problem hiding this comment.
Can you avoid needing to create another output variable by doing this:
| ${{ steps.package.outputs.archive-checksum }} | |
| ${{ steps.package.outputs.archive }}.sha256sum |
It looks like that's a Perl thing, and Perl is installed on the Windows runners. I'll standardize on it. |
|
Hopefully this works! 🤞 |
|
So |
There was a problem hiding this comment.
I tried certutil, however although it calculates SHA2 hashes, it doesn't actually output them as HASH\tFILE.
Humorously, I originally saw that sha256sum was failing on macOS, and didn't pay attention to whether it worked on Windows. It actually is installed on Windows, via Git Bash. So I switched it back to shasum -a 256 on Linux and Mac, and sha256sum on Windows.
I am very much not confident that
sha256sumis available on the Windows runner images, so unsure that this will work in its current form (hence the draft status).If
sha256sumis not available, I could easily do the work in Python, which I see is available on the runners.Another possibility: rather than uploading the artifacts one-by-one to the release (which allows partial failure), I could restructure the build to temporarily store the artifacts and then download them all before generating the release. That'd happen in a Linux environment where
sha256sumis available.Please let me know your preference!