1515
1616 # This workflow will run every 5 min
1717 schedule :
18- - cron : ' */5 * * * *'
18+ - cron : ' */10 * * * *'
1919
2020 # This workflow will run when the workflow file is updated
2121 pull_request :
@@ -38,53 +38,54 @@ jobs:
3838 uses : " WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0
3939
4040 canary-deb :
41- name : Test Finch APT installation
41+ name : Test Finch APT repo health
4242 runs-on : ubuntu-latest
4343 timeout-minutes : 3
4444 needs : get-latest-tag
4545 steps :
46- - name : Clean ubuntu runner workspace
47- run : rm -rf ${{ github.workspace }}/*
48-
49- - name : Install Finch dependencies
46+ - name : Setup environment variables
5047 run : |
51- sudo apt-get update
52- sudo apt install build-essential libseccomp-dev pkg-config zlib1g-dev -y
53-
48+ ARCH=$(dpkg --print-architecture)
49+ echo "ARCH=${ARCH}" >> $GITHUB_ENV
50+
51+ # Strip v from tag
52+ tag=${{ needs.get-latest-tag.outputs.tag }}
53+ version=${tag/v/}
54+ echo "version=${version}" >> $GITHUB_ENV
55+
56+ echo "filename=runfinch-finch_${version}_${ARCH}.deb" >> $GITHUB_ENV
5457name : Add Finch APT Repository
5558 run : |
56- ARCH=$(dpkg --print-architecture)
57- echo "Detected architecture: $ARCH"
59+ echo "Detected architecture: ${{ env.ARCH }}"
5860
59- curl -fsSL https://artifact.runfinch.com/deb/GPG_KEY.pub | sudo gpg --dearmor -o /usr/share/keyrings/runfinch-finch-archive-keyring.gpg
60- echo "deb [signed-by=/usr/share/keyrings/runfinch-finch-archive-keyring.gpg arch=$ARCH] https://artifact.runfinch.com/deb noble main" | sudo tee /etc/apt/sources.list.d/runfinch-finch.list
61+ curl -fsSL https://artifact.runfinch.com/deb/GPG_KEY.pub | gpg --dearmor -o /usr/share/keyrings/runfinch-finch-archive-keyring.gpg
62+ echo "deb [signed-by=/usr/share/keyrings/runfinch-finch-archive-keyring.gpg arch=${{ env. ARCH }} ] https://artifact.runfinch.com/deb noble main" | sudo tee /etc/apt/sources.list.d/runfinch-finch.list
6163 sudo apt update
62-
63- name : Prepare clean environment for Finch
64- run : |
65- sudo apt remove containerd containerd.io docker.io docker-ce docker-ce-cli runc -y || true
66- sudo apt autoremove -y
67-
68- name : Install Finch with APT
69- run : sudo apt install runfinch-finch -y
64+
65+ name : Download latest release from GitHub
66+ uses : " robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05" # v1.12.0
67+ with :
68+ tag : ${{ needs.get-latest-tag.outputs.tag }}
69+ fileName : ${{ env.filename }}
70+ out-file-path : github-release
71+
72+ - name : Download .deb from APT repo
73+ run : apt-get download runfinch-finch
7074
71- - name : Verify version matches latest release
75+ - name : Verify shasum matches GitHub release shasum
7276 run : |
73- LATEST_TAG="${{ needs.get-latest-tag.outputs.tag }}"
74- echo "Latest repository tag: $LATEST_TAG"
75-
76- INSTALLED_VERSION=$(finch -v)
77- echo "Installed Finch version: $INSTALLED_VERSION"
77+ apt_file=${GITHUB_WORKSPACE}/${{ env.filename }}
78+ apt_file_shasum=$(sha256sum ${apt_file} | awk '{print $1}')
79+
80+
81+ github_file=${GITHUB_WORKSPACE}/github-release/${{ env.filename }}
82+ github_file_shasum=$(sha256sum ${github_file} | awk '{print $1}')
7883
79- EXPECTED_VERSION="finch version $LATEST_TAG"
80- if [[ "$INSTALLED_VERSION" == "$EXPECTED_VERSION" ]]; then
81- echo "✅ Version matches: $INSTALLED_VERSION"
82- else
83- echo "❌ Version mismatch!"
84- echo " Expected: $EXPECTED_VERSION"
85- echo " Found: $INSTALLED_VERSION"
84+ if [[ $(diff <(echo ${apt_file_shasum}) <(echo ${github_file_shasum})) ]]; then
85+ echo "❌ sha256sum mismatch!"
86+ echo "apt repo shasum: ${apt_file_shasum}"
87+ echo "GitHub release shasum: ${github_file_shasum}"
8688 exit 1
89+ else
90+ echo "✅ shasum ${apt_file_shasum} identical"
8791 fi
88-
89- name : Clean up environment
90- run : sudo apt remove runfinch-finch -y
0 commit comments