Verify file sizes #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Verify release | |
on: | |
# Run whenever a release is published. | |
release: | |
types: [published] | |
# And whenever this workflow is updated. | |
push: | |
paths: | |
- '.github/workflows/verify-release.yml' | |
# And whenever this workflow is updated. | |
pull_request: | |
paths: | |
- '.github/workflows/verify-release.yml' | |
# Allow manually triggering the workflow. | |
workflow_dispatch: | |
# Cancels all previous workflow runs for the same branch that have not yet completed. | |
concurrency: | |
# The concurrency group contains the workflow name and the branch name. | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
############################ | |
# Verify the release assets. | |
############################ | |
verify-release-assets: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
pharfile: | |
- 'phpcs' | |
- 'phpcbf' | |
name: "Release assets: ${{ matrix.pharfile }}" | |
steps: | |
- name: Retrieve latest release info | |
uses: octokit/[email protected] | |
id: get_latest_release | |
with: | |
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "DEBUG: Show API request failure status" | |
if: ${{ failure() }} | |
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}" | |
- name: Grab latest tag name from API response | |
id: version | |
run: | | |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT" | |
- name: "DEBUG: Show tag name found in API response" | |
run: "echo ${{ steps.version.outputs.TAG }}" | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 'latest' | |
ini-values: error_reporting=-1, display_errors=On | |
coverage: none | |
- run: wget -O phive.phar https://phar.io/releases/phive.phar | |
- run: wget -O phive.phar.asc https://phar.io/releases/phive.phar.asc | |
- run: gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x9D8A98B29B2D5D79 | |
- run: gpg --verify phive.phar.asc phive.phar | |
- name: Verify PHAR file is available and download | |
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar | |
# run: wget -O ${{ matrix.pharfile }}.phar https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar | |
- name: Verify signature file is available and download | |
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc | |
# run: wget -O ${{ matrix.pharfile }}.phar.asc https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc | |
- name: "DEBUG: List files" | |
run: ls -Rlh | |
# - name: Verify attestation of the PHAR file | |
# run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards | |
# env: | |
# GH_TOKEN: ${{ github.token }} | |
- name: Download public key | |
env: | |
FINGERPRINT: "0x689DAD778FF08760E046228BA978220305CD5C32" | |
# run: gpg --keyserver https://keys.openpgp.org/ --search-keys [email protected] | |
# run: gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x689DAD778FF08760E046228BA978220305CD5C32 | |
run: gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGERPRINT | |
# run: gpg --keyserver keys.openpgp.org --recv-keys 689DAD778FF08760E046228BA978220305CD5C32 | gpg --import | |
- name: "DEBUG: List public keys" | |
run: gpg -k | |
- name: Verify signature of the PHAR file | |
run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar | |
- name: Verify the PHAR is nominally functional | |
run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12 | |
- name: Grab the version | |
id: asset_version | |
env: | |
FILE_NAME: ${{ matrix.pharfile }}.phar | |
# yamllint disable-line rule:line-length | |
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+(\.[0-9]+)+')" >> "$GITHUB_OUTPUT" | |
- name: "DEBUG: Show grabbed version" | |
run: echo ${{ steps.asset_version.outputs.VERSION }} | |
- name: Fail the build if the PHAR is not the correct version | |
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }} | |
run: exit 1 | |
# ######################################### | |
# Verify install via PHIVE. | |
# ######################################### | |
verify-phive: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
pharfile: | |
- 'phpcs' | |
- 'phpcbf' | |
name: "PHIVE: ${{ matrix.pharfile }}" | |
steps: | |
- name: Retrieve latest release info | |
uses: octokit/[email protected] | |
id: get_latest_release | |
with: | |
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "DEBUG: Show API request failure status" | |
if: ${{ failure() }} | |
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}" | |
- name: Grab latest tag name from API response | |
id: version | |
run: | | |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT" | |
- name: "DEBUG: Show tag name found in API response" | |
run: "echo ${{ steps.version.outputs.TAG }}" | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: 'latest' | |
ini-values: error_reporting=-1, display_errors=On | |
coverage: none | |
tools: phive | |
- name: Install | |
run: phive install ${{ matrix.pharfile }} --copy --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32 | |
- name: "DEBUG: List files" | |
run: ls -R | |
- name: Verify attestation of the PHAR file | |
run: gh attestation verify ./tools/${{ matrix.pharfile }} -o PHPCSStandards | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Verify the PHAR is nominally functional | |
run: php ./tools/${{ matrix.pharfile }} . -e --standard=PSR12 | |
- name: Grab the version | |
id: asset_version | |
env: | |
FILE_NAME: ./tools/${{ matrix.pharfile }} | |
# yamllint disable-line rule:line-length | |
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+(\.[0-9]+)+')" >> "$GITHUB_OUTPUT" | |
- name: "DEBUG: Show grabbed version" | |
run: echo ${{ steps.asset_version.outputs.VERSION }} | |
- name: Fail the build if the PHAR is not the correct version | |
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }} | |
run: exit 1 |