sentry-dotnet
sentry-dotnet copied to clipboard
getsentry
Auto-update zstd
GitHub release assets have checksums since early June: https://github.blog/changelog/2025-06-03-releases-now-expose-digests-for-release-assets/
$ gh api repos/getsentry/sentry-dotnet/releases/tags/5.14.0 \
--jq '.assets[] | select(.name == "Sentry.5.14.0.nupkg") | {name: .name, digest: .digest}'
{
"digest": "sha256:362de4e2c771a40aabd82fa5683ab716fd9a7ad877ef25f969613a49e84e2bf9",
"name": "Sentry.5.14.0.nupkg"
}
The latest zstd v1.5.7 was released in February and only has separate manually uploaded .sha256 files for zstd-1.5.7.tar.{gz|zst} but not for the .zip files for Windows.
$ gh api repos/facebook/zstd/releases/tags/v1.5.7 \
--jq '.assets[] | select(.name == "zstd-v1.5.7-win64.zip") | {name: .name, digest: .digest}'
{
"digest": null,
"name": "zstd-v1.5.7-win64.zip"
}
Starting with the next zstd release, it should be possible to query the checksum.
Originally posted by @jpnurmi in https://github.com/getsentry/sentry-dotnet/pull/4396#discussion_r2266726432
![linear[bot] avatar](https://avatars.githubusercontent.com/in/20150?v=4 "Published by a pub.dev verified publisher"){kind=small}
The latest GitHub CLI v2.81.0 allows for verifying releases and assets. Hopefully, the next zstd release will be attested.
$ gh release download --repo facebook/zstd v1.5.7
[...]
$ gh release verify --repo facebook/zstd v1.5.7
no attestations for tag v1.5.7 (sha1:ac66b19e6bd6b83238bf008eecc1298105298532)