From 9bf05827d1d187158f51c5051f052084712f6120 Mon Sep 17 00:00:00 2001 From: Harry Date: Tue, 17 Dec 2024 17:21:08 -0800 Subject: [PATCH] Test --- .github/workflows/release-build.yml | 34 ++++++++++------------------- README.md | 5 +++++ checksum.txt | 0 version.txt | 0 4 files changed, 16 insertions(+), 23 deletions(-) delete mode 100644 checksum.txt delete mode 100644 version.txt diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 9e6fa37e17..4796041502 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -13,6 +13,7 @@ env: PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-java PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com + ARTIFACT_NAME: aws-opentelemetry-agent.jar permissions: id-token: write @@ -117,34 +118,21 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + + - name: Get SHA256 checksum of release artifact + id: get_sha256 + run: | + cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" ${{ env.ARTIFACT_NAME }} + shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256 + - name: Create release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar + gh release create --target "$GITHUB_REF_NAME" \ --title "Release v${{ github.event.inputs.version }}" \ --draft \ "v${{ github.event.inputs.version }}" \ - aws-opentelemetry-agent.jar - - - name: Get SHA256 checksum of wheel file - id: get_sha256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - checksum=$(shasum -a 256 aws-opentelemetry-agent.jar | awk '{ print $1 }') - echo "CHECKSUM=$checksum" >> $GITHUB_OUTPUT - - - name: Append checksum and update version - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "${{ github.event.inputs.version }} ${{ steps.get_sha256.outputs.CHECKSUM }}" >> checksum.txt - echo "${{ github.event.inputs.version }}" > version.txt - - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "GitHub Action Release Workflow" - git add checksum.txt version.txt - git commit -m "Update latest version and append checksum" - git push + ${{ env.ARTIFACT_NAME }} \ + ${{ env.ARTIFACT_NAME }}.sha256 diff --git a/README.md b/README.md index 0f515b791f..9c9719dcde 100644 --- a/README.md +++ b/README.md @@ -46,3 +46,8 @@ Please note that as per policy, we're providing support via GitHub on a best eff ## Security issue notifications If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + +## Checksum Verification +Artifacts released will include a `.sha256` file for checksum verification starting from v1.32.6 +To verify, run the command `shasum -a 256 -c .sha256` +It should return the output `: OK` if the validation is successful diff --git a/checksum.txt b/checksum.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/version.txt b/version.txt deleted file mode 100644 index e69de29bb2..0000000000