Animeshz
commented
3 years ago Fix #8
Closed Animeshz closed 3 years ago
Animeshz
commented
3 years ago Fix #8
mintbomb27
commented
3 years ago Hey @Animeshz ! Thanks a lot for your contribution! We'll be reviewing your PR very soon!
ShubhamPalriwala
commented
3 years ago Hey @Animeshz, how can one verify the SHA256 that is generated as an artifact with the image?
Animeshz
commented
3 years ago @ShubhamPalriwala You can do something like this:
curl -LO https://link/to/file
sha256sum file
curl -L https://link/to/file.sha256 You can also use the automated check sha256sum provide by passing sum and file by pipe
curl -LO https://link/to/file
echo "$(curl -L https://link/to/file.sha256) file" | sha256sum --checkAny updates 👀
ShubhamPalriwala
commented
3 years ago Okay this is valid but an easier way to verify a file is using cosign. For this PR, let's just have a release and changelog generation! The signing of images is already a separate issue opened in #6 using cosign
Animeshz
commented
3 years ago Okay, I'll remove that in a bit 👍
Animeshz
commented
3 years ago @Mannan-Goyal Put in the notes in topmost comment:
Notes: made it failsafe so should release those builds where atleast one of platform is able to build, and build fails should be available at actions section to monitor any.
Edit: Do we want the opposite behavior??
mintbomb27
commented
3 years ago @Animeshz Yes! We do expect the opposite behaviour. If any of the build fails, the whole release shouldn't happen.
Summary:
feat: something, can also processfeat(subtopic): somethingas well, subtopic will appear bold if present in the changelogs.Sample tested action Release output
^ made using the following cmds
Notes: made it failsafe so should release those builds where atleast one of platform is able to build, and build fails should be available at actions section to monitor any.