feat: replace Crane usage for Image pull and Push with ORAS #1491
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Package Create Checksums | |
| on: | |
| pull_request: | |
| merge_group: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: package-create-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test-checksums: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Build Zarf | |
| run: make build | |
| - name: Build examples | |
| run: make build-examples ARCH=amd64 | |
| - name: Compare checksums | |
| run: | | |
| set -e | |
| # Any component tar files in a package will have the same permissions as the files included in them | |
| # Therefore before building a package when example checksums need updating you must run chmod -R g-w in zarf/examples | |
| for f in hack/examples-checksums/*.txt | |
| do | |
| NAME=$(basename $f .txt) | |
| CHECKSUM=$(tar Oxf build/$NAME.tar.zst checksums.txt | grep -v sboms.tar) | |
| EXPECTED_CHECKSUM=$(cat $f | grep -v sboms.tar) | |
| if [[ "$CHECKSUM" != "$EXPECTED_CHECKSUM" ]] | |
| then | |
| echo "Package $f does not have expected checksum." | |
| echo "$CHECKSUM" | |
| echo "-----" | |
| echo "$EXPECTED_CHECKSUM" | |
| exit 1 | |
| fi | |
| done |