Add GHA actions for download and verify checks

.github/workflows/debug.yml

@@ -0,0 +1,63 @@
+name: Manual SCC Product Version Verification
+
+on:
+  workflow_dispatch:
+    inputs:
+      product-name:
+        description: 'Product name to verify'
+        required: true
+        type: string
+      version:
+        description: 'Version to verify (e.g., v1.2.3 or 1.2.3-rc1)'
+        required: true
+        type: string
+      staging-code:
+        description: 'SCC staging registration code (optional - if not provided, staging verification is skipped)'
+        required: false
+        default: ''
+      production-code:
+        description: 'SCC production registration code (optional - if not provided, production verification is skipped)'
+        required: false
+        default: ''
+      fail-on-error:
+        description: 'Fail the workflow if verification fails'
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Mask sensitive registration codes
+        shell: bash
+        run: |
+          if [ -n "${{ inputs.staging-code }}" ]; then
+            echo "::add-mask::${{ inputs.staging-code }}"
+          fi
+          if [ -n "${{ inputs.production-code }}" ]; then
+            echo "::add-mask::${{ inputs.production-code }}"
+          fi
+
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0
+
+      - name: Download SCC Product Version Verifier
+        uses: ./actions/download
+
+      - name: Verify Product Version
+        uses: ./actions/verify
+        with:
+          product-name: ${{ inputs.product-name }}
+          version: ${{ inputs.version }}
+          staging-code: ${{ inputs.staging-code }}
+          production-code: ${{ inputs.production-code }}
+          fail-on-error: ${{ inputs.fail-on-error }}
+
+      - name: Verification Complete
+        shell: bash
+        run: |
+          echo "✅ Verification workflow completed"
+          echo "Check the step summary for detailed results"

.golangci.yml

@@ -9,7 +9,7 @@ linters:
         main:
           allow:
             - $gostd
-            - github.com/rancher-sandbox/scc-product-version-verifier
+            - github.com/rancherlabs/scc-product-version-verifier
             - github.com/sirupsen/logrus
             - github.com/spf13/cobra
             - github.com/spf13/viper

.goreleaser.yaml

@@ -26,9 +26,9 @@ builds:
       - -extldflags
       - -static
       - -s
-      - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.Version={{.Version}}
-      - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.GitCommit={{.Commit}}
-      - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.Date={{.Date}}
+      - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.Version={{.Version}}
+      - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.GitCommit={{.Commit}}
+      - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.Date={{.Date}}
 
 
 

README.md

@@ -59,6 +59,73 @@ scc-product-version-verifier curl-verify rancher 2.12.3
 > The SCC api is case-sensitive for product lookup meaning `SLES` != `sles`.
 > For SLES look up it must be upper case, for `rancher` lookup it must be lower case.
 
-## Contributing
+## GitHub Actions
 
-Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
+This repository provides reusable GitHub Actions to download and use the verifier in your CI/CD workflows.
+
+### Download Action
+
+Downloads and installs the latest version of `scc-product-version-verifier`.
+
+**Location:** `rancherlabs/scc-product-version-verifier/actions/download`
+
+**Requirements:**
+- Works on Linux runners
+- No sudo required (uses GitHub Actions provided gh cli)
+
+**Outputs:**
+- `version`: The installed version of the verifier
+- `bin-path`: Installation path of the verifier
+- `asset-name`: Name of the downloaded tool
+
+**Example:**
+
+```yaml
+- name: Setup SCC Product Version Verifier
+  uses: rancherlabs/scc-product-version-verifier/actions/download@main
+```
+
+### Verify Action
+
+Verifies a product version against SCC staging and/or production environments.
+
+**Location:** `rancherlabs/scc-product-version-verifier/actions/verify`
+
+**Requirements:**
+- `scc-product-version-verifier` must be installed (use the download action first)
+- Valid SCC registration code(s)
+
+**Inputs:**
+- `version` (required): Version to verify (will be sanitized to remove `v` prefix and prerelease suffixes)
+- `staging-code` (optional): SCC staging registration code
+- `production-code` (optional): SCC production registration code
+- `product-name` (required): Product name to verify (case-sensitive)
+- `fail-on-error` (optional, default: `false`): Fail the workflow if verification fails
+
+**Outputs:**
+- `staging-result`: Staging verification result (`passed`/`failed`/`skipped`)
+- `production-result`: Production verification result (`passed`/`failed`/`skipped`)
+
+**Example:**
+
+```yaml
+- name: Setup Verifier
+  uses: rancherlabs/scc-product-version-verifier/actions/download@main
+
+- run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+- name: Verify Product Version
+  uses: rancherlabs/scc-product-version-verifier/actions/verify@main
+  with:
+    version: v2.12.3
+    staging-code: ${{ secrets.SCC_STAGING_CODE }}
+    production-code: ${{ secrets.SCC_PRODUCTION_CODE }}
+    product-name: rancher
+    fail-on-error: false
+```
+
+**Notes:**
+- By default, verification failures do NOT fail the workflow (`fail-on-error: false`). Set to `true` to enforce strict verification.
+- Version strings are automatically sanitized (e.g., `v2.12.3-rc1` becomes `2.12.3`)
+- Product names are case-sensitive (e.g., `SLES` vs `sles`, `rancher` vs `Rancher`)
+- Results are written to the GitHub Actions step summary for easy viewing

actions/download/action.yaml

@@ -0,0 +1,108 @@
+name: 'Setup SCC Product Version Verifier'
+description: 'Downloads and prepares the SCC product version verifier CLI tool (Linux only)'
+branding:
+  icon: 'check-circle'
+  color: 'green'
+
+inputs:
+  version:
+    description: 'Release version to download (e.g., v1.2.3 or "latest")'
+    required: false
+    default: 'latest'
+  token:
+    description: 'GitHub token for API access'
+    required: false
+    default: ${{ github.token }}
+  output-dir:
+    description: 'Directory to extract downloaded files to'
+    required: false
+    default: './bin'
+
+outputs:
+  version:
+    description: 'The release tag that was downloaded'
+    value: ${{ steps.release.outputs.tag }}
+  bin-path:
+    description: 'Path where binaries were extracted'
+    value: ${{ steps.download.outputs.bin-path }}
+  asset-name:
+    description: 'Name of the downloaded asset'
+    value: ${{ steps.download.outputs.asset-name }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Verify Linux
+      shell: bash
+      run: |
+        if [ "${{ runner.os }}" != "Linux" ]; then
+          echo "::error::This action only supports Linux runners"
+          exit 1
+        fi
+
+    - name: Get release information
+      id: release
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.token }}
+        REPO: "rancherlabs/scc-product-version-verifier"
+      run: |
+        TAG="${{ inputs.version }}"
+        if [ "$TAG" == "latest" ] || [ -z "$TAG" ]; then
+          TAG=$(gh release view --repo "$REPO" --json tagName -q .tagName)
+        fi
+        echo "tag=$TAG" >> $GITHUB_OUTPUT
+
+    - name: Download and Extract
+      id: download
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.token }}
+        REPO: "rancherlabs/scc-product-version-verifier"
+        BINARY_NAME: "scc-product-version-verifier"
+      run: |
+        ARCH="${{ runner.arch }}"
+        case "$ARCH" in
+          X64)
+            ARCH="x86_64"
+            ;;
+          ARM64)
+            ARCH="arm64"
+            ;;
+          X86|ARM)
+            echo "::error::Unsupported runner architecture: $ARCH. This action currently supports only X64 and ARM64 Linux runners."
+            exit 1
+            ;;
+          *)
+            echo "::error::Unknown runner architecture: $ARCH"
+            exit 1
+            ;;
+        esac
+        TAG="${{ steps.release.outputs.tag }}"
+        OUT="${{ inputs.output-dir }}"
+
+        mkdir -p "$OUT"
+
+        # 1. Download the archive
+        gh release download "$TAG" \
+          --repo "$REPO" \
+          --pattern "*Linux*${ARCH}*.tar.gz" \
+          --dir "$OUT" \
+          --clobber
+
+        # 2. Extract and identify the archive name for cleanup
+        ARCHIVE=$(find "$OUT" -maxdepth 1 -type f -name "*.tar.gz" -print -quit)
+        tar -xzf "$ARCHIVE" -C "$OUT"
+        rm "$ARCHIVE"
+
+        # 3. Ensure permissions
+        chmod +x "$OUT/$BINARY_NAME"
+
+        # 4. Set Outputs
+        echo "asset-name=$BINARY_NAME" >> $GITHUB_OUTPUT
+        echo "bin-path=$OUT" >> $GITHUB_OUTPUT
+
+        # 5. Add to PATH for immediate use
+        echo "$(realpath "$OUT")" >> $GITHUB_PATH
+
+        echo "✓ $BINARY_NAME is ready at $OUT/$BINARY_NAME"