From ba914495908c661e5dc18bce349d4e65e222c24f Mon Sep 17 00:00:00 2001 From: Harry Date: Fri, 1 Nov 2024 14:52:06 -0700 Subject: [PATCH] Add .sha256 file to the release note as an asset --- .github/workflows/release-build.yml | 12 ++++++++++-- README.md | 5 +++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 5ddb016af7..0bac8b56d3 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -13,6 +13,7 @@ env: PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-java PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com + ARTIFACT_NAME: aws-opentelemetry-agent.jar permissions: id-token: write @@ -117,13 +118,20 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + + - name: Get SHA256 checksum of release artifact + id: get_sha256 + run: | + cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" ${{ env.ARTIFACT_NAME }} + shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256 + - name: Create release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar gh release create --target "$GITHUB_REF_NAME" \ --title "Release v${{ github.event.inputs.version }}" \ --draft \ "v${{ github.event.inputs.version }}" \ - aws-opentelemetry-agent.jar + ${{ env.ARTIFACT_NAME }} \ + ${{ env.ARTIFACT_NAME }}.sha256 diff --git a/README.md b/README.md index 0f515b791f..9c9719dcde 100644 --- a/README.md +++ b/README.md @@ -46,3 +46,8 @@ Please note that as per policy, we're providing support via GitHub on a best eff ## Security issue notifications If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + +## Checksum Verification +Artifacts released will include a `.sha256` file for checksum verification starting from v1.32.6 +To verify, run the command `shasum -a 256 -c .sha256` +It should return the output `: OK` if the validation is successful