QualityUnit / resqu-server

MIT License
0 stars 0 forks source link

Provide SHA256 hash sum on Resqu built stage #35

Open 11qeq11 opened 1 year ago

11qeq11 commented 1 year ago

Whenever a new Resqu version is built, hash sum of generated archive should be calculated right away and placed in either separate file, release notes, whatever would be convenient or the most easy to implement. This is needed because in current workflow admins download the archive and calculating hash on their own, which means that the archive possibly could've been altered between the GH <-> admin, and there is no way to prove it wasn't.

martincivan commented 1 year ago

We should deploy it using Docker image instead.

11qeq11 commented 1 year ago

That would be a good thing to do, but if it won't happen in the nearest future, one shouldn't block another. I believe it's much easier and faster to solve this issue rather than waiting weeks/months(?) for migration of Resqu into Docker containers.

jperdochqu commented 1 year ago

@11qeq11 do you just need shasum of built zip in release body/description?

11qeq11 commented 1 year ago

That's correct, it should be generated right away with the archive.