Skip to content

Commit

Permalink
Verify sha256sums.txt and signatures in CI
Browse files Browse the repository at this point in the history
Avoids a situation like <#497 (comment)>,
where wheels are updated, but the sha256sums and associated signatures
are not.
  • Loading branch information
legoktm committed Apr 24, 2024
1 parent 6263f7d commit d7cb41e
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,20 @@ jobs:
run: |
. ./.venv/bin/activate
make test
checksums:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- name: Bootstrap Debian system package dependencies
run: |
apt-get update && apt-get install --yes --no-install-recommends make git git-lfs ca-certificates
- uses: actions/checkout@v4
with:
lfs: true
- name: Verify checksums and signatures
run: |
./scripts/verify-sha256sum-signature securedrop-client
./scripts/verify-sha256sum-signature securedrop-export
./scripts/verify-sha256sum-signature securedrop-log
./scripts/verify-sha256sum-signature securedrop-proxy

0 comments on commit d7cb41e

Please sign in to comment.