docs(readme): document SHA256SUMS release-verification flow (#66)#187
Merged
Conversation
The release workflow already generates and attaches a single combined SHA256SUMS manifest (covering Linux, macOS, and Windows artifacts) via the "Generate checksums" step in .github/workflows/release.yml:253. That manifest was undocumented, so users had no obvious way to verify downloads before installing. Add a "Verifying release artifacts" section under the Homebrew block in README.md that: - explains what SHA256SUMS contains, - shows the exact two-step curl + sha256sum --check flow against this fork's release URLs (github.com/quangdang46/jcode/releases), - shows the expected "…: OK" output, - notes that SHA256SUMS is generated from the run's actual artifacts. Ports the README portion of upstream PR 1jehuang#70 (workflow portion is NOT ported — this fork already emits a single combined SHA256SUMS, which is more elegant than upstream's split SHA256SUMS / SHA256SUMS-windows pair). Closes #66
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The release workflow already generates and attaches a single combined
SHA256SUMSmanifest (covering Linux, macOS, and Windows artifacts) via the "Generate checksums" step in.github/workflows/release.yml:253. That manifest was undocumented, so users had no obvious way to verify downloads before installing.This addresses issue #66: #66
Changes
SHA256SUMScontains.curl+sha256sum --checkflow against this fork's release URLs (github.com/quangdang46/jcode/releases).…: OKoutput.Tests
Doc-only change, no behavior change.
Notes / scope deviation from upstream
Upstream PR 1jehuang#70 also rewrites the workflow to add two separate manifests (
SHA256SUMSandSHA256SUMS-windows). This fork's workflow already emits a single combinedSHA256SUMSfrom both archive families, which is more elegant — so the workflow rewrite is intentionally NOT ported. Only the README documentation portion is ported, with URLs pointing at this fork.