ci: add SHA256 checksums to release artifacts (#386)

* ci: add SHA256 checksums to release artifacts Generate a SHA256SUMS file after downloading all build artifacts and include it in the GitHub Release. Users can verify download integrity with `sha256sum -c SHA256SUMS`. Closes #358 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ci: whitelist lxc-ci self-hosted runner label for actionlint Add actionlint.yaml config to declare lxc-ci as a known custom label for self-hosted runners, fixing the actionlint CI check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 21:12:34 +01:00 · 2026-02-16 21:12:34 +01:00 · 0e8d02cd3c
commit 0e8d02cd3c
parent 15e1d50a5d
1 changed files with 10 additions and 1 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -85,6 +85,13 @@ jobs:
        with:
          path: artifacts

+      - name: Generate SHA256 checksums
+        run: |
+          cd artifacts
+          find . -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec sha256sum {} + | sed 's|  \./[^/]*/|  |' > SHA256SUMS
+          echo "Generated checksums:"
+          cat SHA256SUMS
+
      - name: Install cosign
        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2

@ -103,6 +110,8 @@ jobs:
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
        with:
          generate_release_notes: true
-          files: artifacts/**/*
+          files: |
+            artifacts/**/*
+            artifacts/SHA256SUMS
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}