Skip to content

ci: verify zstd checksum #4396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jpnurmi merged 1 commit into from
Aug 11, 2025
Merged

ci: verify zstd checksum #4396

jpnurmi merged 1 commit into from
Aug 11, 2025
+10 −0

Conversation

@jpnurmi
Copy link
Collaborator

@jpnurmi jpnurmi commented Jul 26, 2025

@jpnurmi jpnurmi force-pushed the ci/zstd-checksum branch from e9d8b9a to 953088f Compare July 26, 2025 15:04
@jpnurmi jpnurmi mentioned this pull request Jul 26, 2025
Merged
@jpnurmi jpnurmi marked this pull request as ready for review July 26, 2025 15:08
@jpnurmi jpnurmi requested a review from bruno-garcia July 26, 2025 15:08
jamescrosswell
jamescrosswell approved these changes Jul 28, 2025
View reviewed changes
Copy link
Collaborator

@jamescrosswell jamescrosswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

bruno-garcia
bruno-garcia reviewed Jul 29, 2025
View reviewed changes
.github/actions/install-zstd/action.yml
checksum:
description: 'zstd checksum'
required: false
default: 'acb4e8111511749dc7a3ebedca9b04190e37a17afeb73f55d4425dbf0b90fad9'
Copy link
Member

@bruno-garcia bruno-garcia Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have an 'auto update' automation for this? We mainly manage them here: https://github.com/getsentry/github-workflows

Copy link
Collaborator Author

@jpnurmi jpnurmi Jul 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not at the moment, no. Ideally, we wouldn't have to maintain this at all if it was pre-installed on the win-11-arm runner :)

I suppose the second-best option would be to stay in sync with the Windows x64 runner. Surprisingly enough, instead of pinning a specific version, GitHub fetches the latest version of Zstd at the time of building the Windows runner image: https://github.com/actions/runner-images/blob/main/images/windows/scripts/build/Install-Zstd.ps1.

Copy link
Collaborator

@jamescrosswell jamescrosswell Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's definitely easier to "set things up" by just pulling the latest version.

I've tried to avoid floating versions for dependencies, since sometimes it results in our CI builds failing without our having made any changes.

There's a relatively low chance of that happening with zstd but still, ideally we'd pin the version and configure auto-update so that when we do bump the version of this, it's done in a separate/isolated commit.

Copy link
Collaborator Author

@jpnurmi jpnurmi Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub release assets have checksums since early June:
https://github.blog/changelog/2025-06-03-releases-now-expose-digests-for-release-assets/

$ gh api repos/getsentry/sentry-dotnet/releases/tags/5.14.0 \
  --jq '.assets[] | select(.name == "Sentry.5.14.0.nupkg") | {name: .name, digest: .digest}'
{
  "digest": "sha256:362de4e2c771a40aabd82fa5683ab716fd9a7ad877ef25f969613a49e84e2bf9",
  "name": "Sentry.5.14.0.nupkg"
}

The latest zstd v1.5.7 was released in February and only has separate manually uploaded .sha256 files for zstd-1.5.7.tar.{gz|zst} but not for the .zip files for Windows.

$ gh api repos/facebook/zstd/releases/tags/v1.5.7 \
  --jq '.assets[] | select(.name == "zstd-v1.5.7-win64.zip") | {name: .name, digest: .digest}'
{
  "digest": null,
  "name": "zstd-v1.5.7-win64.zip"
}

Starting with the next zstd release, it should be possible to query the checksum.

==> #4432

@jpnurmi jpnurmi mentioned this pull request Aug 11, 2025
Open
@jpnurmi jpnurmi merged commit 81acd22 into main Aug 11, 2025
49 of 50 checks passed
@jpnurmi jpnurmi deleted the ci/zstd-checksum branch August 11, 2025 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamescrosswell jamescrosswell jamescrosswell approved these changes

@bruno-garcia bruno-garcia bruno-garcia approved these changes

@Flash0ver Flash0ver Awaiting requested review from Flash0ver Flash0ver is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jpnurmi @jamescrosswell @bruno-garcia