This repository was archived by the owner on Jul 2, 2026. It is now read-only.
Release Dry-Run #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Dry-Run | |
| # Weekly sanity-check that every hook's pinned upstream URL still resolves and | |
| # the recorded sha256 still matches the bytes upstream is serving. Catches URL | |
| # drift, retracted releases, and unannounced re-tags before consumers hit them. | |
| on: | |
| schedule: | |
| - cron: "0 7 * * 1" # Mondays 07:00 UTC | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| fetch-checksums: | |
| name: fetch-checksums | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python 3.14 | |
| run: uv python install 3.14 | |
| - name: Install task | |
| uses: arduino/setup-task@v2 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup | |
| run: uv sync --group dev | |
| - name: Re-fetch every hook's checksums | |
| run: task fetch-checksums | |
| - name: Diff against committed checksums.txt | |
| run: | | |
| if ! git diff --exit-code -- 'hooks/*/checksums.txt'; then | |
| echo "::error::checksums.txt drift detected — upstream may have re-tagged or moved an asset." | |
| exit 1 | |
| fi |