mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-08 15:17:09 +00:00
27 lines
853 B
TypeScript
27 lines
853 B
TypeScript
import * as core from "@actions/core";
|
|
import * as crypto from "crypto";
|
|
import * as fs from "fs";
|
|
|
|
export function verifyChecksum(downloadPath: string, is_tls: boolean) {
|
|
const fileBuffer: Buffer = fs.readFileSync(downloadPath);
|
|
const checksum: string = crypto
|
|
.createHash("sha256")
|
|
.update(fileBuffer)
|
|
.digest("hex"); // checksum of downloaded file
|
|
|
|
let expectedChecksum: string =
|
|
"a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a"; // checksum for v0.13.7
|
|
|
|
if (is_tls) {
|
|
expectedChecksum =
|
|
"e45b85e29216eb1d217aad368bdb056bbd868a308925e7b2cf9133b06ab435d0"; // checksum for tls_agent
|
|
}
|
|
|
|
if (checksum !== expectedChecksum) {
|
|
core.setFailed(
|
|
`Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`
|
|
);
|
|
}
|
|
|
|
core.debug("Checksum verification passed.");
|
|
}
|