safety icon indicating copy to clipboard operation
safety copied to clipboard
verified publisher icon pyupio

GitHub Actions Workflow `main/create-gh-release` appear to be broken

Open Daverball opened this issue 2 years ago • 2 comments

  • safety version: >=2.3.0
  • Python version: Any
  • Operating System: Any

Description

The Releases on GitHub for all >=2.3.0 don't contain the binaries you are building on the CI. I can still see that the artifacts were created in the GitHub Actions run summary for those versions, but they are not being added to the release as a download.

But the workflow runs for older versions don't look much better, so I'm not sure if in the past you just manually downloaded the artifacts and attached them to the release, because it doesn't look like that part ever worked. At least I couldn't find a workflow run that seemed to do that part correctly.

Daverball avatar May 10 '23 11:05 Daverball

You are right; there is a WIP about this; I created #459.

CI/CD will be revamped soon.

yeisonvargasf avatar May 12 '23 00:05 yeisonvargasf

On that note: I think it would be nice to publish a sha256_sum for every binary in the release notes, so we can verify the integrity of the download. Currently I'm just manually downloading the release once and calculating the sum myself, so that all our servers can run the check on the download before replacing their binary with a newer version.

Daverball avatar May 12 '23 06:05 Daverball