Skip to content

Verify file sizes

Verify file sizes #38

Workflow file for this run

name: Verify release
on:
# Run whenever a release is published.
release:
types: [published]
# And whenever this workflow is updated.
push:
paths:
- '.github/workflows/verify-release.yml'
# And whenever this workflow is updated.
pull_request:
paths:
- '.github/workflows/verify-release.yml'
# Allow manually triggering the workflow.
workflow_dispatch:
# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
# The concurrency group contains the workflow name and the branch name.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
############################
# Verify the release assets.
############################
verify-release-assets:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "Release assets: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "DEBUG: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: "DEBUG: Show tag name found in API response"
run: "echo ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
- run: wget -O phive.phar https://phar.io/releases/phive.phar
- run: wget -O phive.phar.asc https://phar.io/releases/phive.phar.asc
- run: gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x9D8A98B29B2D5D79
- run: gpg --verify phive.phar.asc phive.phar
- name: Verify PHAR file is available and download
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar
# run: wget -O ${{ matrix.pharfile }}.phar https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar
- name: Verify signature file is available and download
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc
# run: wget -O ${{ matrix.pharfile }}.phar.asc https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc
- name: "DEBUG: List files"
run: ls -Rlh
# - name: Verify attestation of the PHAR file
# run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
# env:
# GH_TOKEN: ${{ github.token }}
- name: Download public key
env:
FINGERPRINT: "0x689DAD778FF08760E046228BA978220305CD5C32"
# run: gpg --keyserver https://keys.openpgp.org/ --search-keys [email protected]
# run: gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x689DAD778FF08760E046228BA978220305CD5C32
run: gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGERPRINT
# run: gpg --keyserver keys.openpgp.org --recv-keys 689DAD778FF08760E046228BA978220305CD5C32 | gpg --import
- name: "DEBUG: List public keys"
run: gpg -k
- name: Verify signature of the PHAR file
run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar
- name: Verify the PHAR is nominally functional
run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ${{ matrix.pharfile }}.phar
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+(\.[0-9]+)+')" >> "$GITHUB_OUTPUT"
- name: "DEBUG: Show grabbed version"
run: echo ${{ steps.asset_version.outputs.VERSION }}
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1
# #########################################
# Verify install via PHIVE.
# #########################################
verify-phive:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "PHIVE: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "DEBUG: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: "DEBUG: Show tag name found in API response"
run: "echo ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
tools: phive
- name: Install
run: phive install ${{ matrix.pharfile }} --copy --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32
- name: "DEBUG: List files"
run: ls -R
- name: Verify attestation of the PHAR file
run: gh attestation verify ./tools/${{ matrix.pharfile }} -o PHPCSStandards
env:
GH_TOKEN: ${{ github.token }}
- name: Verify the PHAR is nominally functional
run: php ./tools/${{ matrix.pharfile }} . -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ./tools/${{ matrix.pharfile }}
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+(\.[0-9]+)+')" >> "$GITHUB_OUTPUT"
- name: "DEBUG: Show grabbed version"
run: echo ${{ steps.asset_version.outputs.VERSION }}
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1