mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-05 22:47:05 +00:00
27 lines
853 B
TypeScript
27 lines
853 B
TypeScript
import * as core from "@actions/core";
|
|
import * as crypto from "crypto";
|
|
import * as fs from "fs";
|
|
|
|
export function verifyChecksum(downloadPath: string, is_tls: boolean) {
|
|
const fileBuffer: Buffer = fs.readFileSync(downloadPath);
|
|
const checksum: string = crypto
|
|
.createHash("sha256")
|
|
.update(fileBuffer)
|
|
.digest("hex"); // checksum of downloaded file
|
|
|
|
let expectedChecksum: string =
|
|
"ceb925c78e5c79af4f344f08f59bbdcf3376d20d15930a315f9b24b6c4d0328a"; // checksum for v0.13.5
|
|
|
|
if (is_tls) {
|
|
expectedChecksum =
|
|
"846ae66c6cfab958fe61736cec0b58bdb7651b36af04c279405c7114675d7033"; // checksum for tls_agent
|
|
}
|
|
|
|
if (checksum !== expectedChecksum) {
|
|
core.setFailed(
|
|
`Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`
|
|
);
|
|
}
|
|
|
|
core.debug("Checksum verification passed.");
|
|
}
|