Skip to content
lock

GitHub Action

Release archive with hash

v1.1.0 Latest version

Release archive with hash

lock

Release archive with hash

Upload a source archive and hash at every tagged release

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Release archive with hash

uses: carterbox/[email protected]

Learn more about this action in carterbox/release-archive-with-hash

Choose a version

release-archive-with-hash

Upload a source archive and hash at every tagged release.

GitHub source archives are generated on demand and not guaranteed to have a consistent hash; e.g. a source archive at a specific commit may have a different hash 6 months from now! This is a problem when trying to verify that old releases have not changed.

This tool uploads a release archive (that will have the same hash in perpetuity regardless of GitHub's source downloads cache invalidation schedule) and a text file containing the hash of the archive.

This action requires an access token with the "read and write" repository "contents" permission because the action adds new files to a release. In the example below, this token is added to the repository secrets with the name "AUTO_ARCHIVE_TOKEN".

name: Upload a source archive and hash at every tagged release

on:
  workflow_dispatch:
  push:
    tags:
    # Use pattern matching to only run on version release tags
      - "v[0-9]+.[0-9]+.[0-9]+"

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: carterbox/release-archive-with-hash@v1
        with:
          token: ${{ secrets.AUTO_ARCHIVE_TOKEN }}