Merge pull request #37 from step-security/sha256

Use SHA 256 to verify tools

dist/pre/index.js

@@ -6309,7 +6309,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
         const confgStr = JSON.stringify(confg);
         external_child_process_.execSync("sudo mkdir -p /home/agent");
         external_child_process_.execSync("sudo chown -R $USER /home/agent");
-        const downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.4.0/agent_0.4.0_linux_amd64.tar.gz");
+        const downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.4.1/agent_0.4.1_linux_amd64.tar.gz");
         const extractPath = yield tool_cache.extractTar(downloadPath);
         console.log(`Step Security Job Correlation ID: ${correlation_id}`);
         printInfo(web_url);

package.json

@@ -1,6 +1,6 @@
 {
     "name": "step-security-harden-runner",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "description": "GitHub Actions Runtime Security",
     "main": "index.js",
     "scripts": {

src/setup.ts

@@ -49,7 +49,7 @@ import * as tc from "@actions/tool-cache";
     cp.execSync("sudo chown -R $USER /home/agent");
 
     const downloadPath: string = await tc.downloadTool(
-      "https://github.com/step-security/agent/releases/download/v0.4.0/agent_0.4.0_linux_amd64.tar.gz"
+      "https://github.com/step-security/agent/releases/download/v0.4.1/agent_0.4.1_linux_amd64.tar.gz"
     );
     const extractPath = await tc.extractTar(downloadPath);