Last active
April 24, 2026 21:04
-
-
Save brandond/2e027fdf5303d9426332b2b8b4f0f14c to your computer and use it in GitHub Desktop.
Release artifact checksum validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -ex | |
| PRODUCT=${1} | |
| VERSION=${2} | |
| case "${PRODUCT}" in | |
| "k3s") | |
| REPO="k3s-io/k3s" | |
| ;; | |
| "rke2") | |
| REPO="rancher/rke2" | |
| ;; | |
| *) | |
| echo "invalid product '${PRODUCT}': must be one of k3s,rke2" | |
| exit 1 | |
| esac | |
| if [ -z "${VERSION}" ]; then | |
| echo "missing version" | |
| exit 1 | |
| fi | |
| mkdir -p "${VERSION}" && cd ${VERSION} | |
| ASSETS="$(curl -fsH@<(set +x; echo "Authorization: Bearer ${GITHUB_TOKEN}") "https://api.github.com/repos/${REPO}/releases/tags/${VERSION}" | jq -rc '.assets[].browser_download_url')" | |
| for ASSET in ${ASSETS}; do | |
| curl --progress-bar -LOC - "${ASSET}" | |
| done | |
| for CHECKSUM_FILE in sha256sum*; do | |
| sha256sum -c ${CHECKSUM_FILE} | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment