10000 hash verification · coder/start-workspace-action@4a176e9 · GitHub
[go: up one dir, main page]
Skip to content

Commit 4a176e9

Browse files
hugodutkahugodutka
committed
hash verification
1 parent ef04c2b commit 4a176e9

File tree

8 files changed

+128
-4
lines changed

8 files changed

+128
-4
lines changed

.github/workflows/verify-build.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
name: Verify Build
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
branches: [ main ]
8+
9+
jobs:
10+
verify-build:
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@v3
14+
15+
- name: Setup Bun
16+
uses: oven-sh/setup-bun@v1
17+
18+
- name: Install dependencies
19+
run: bun install
20+
21+
- name: Verify build is up to date
22+
run: bash scripts/verify-build.sh

.husky/pre-commit

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#!/usr/bin/env sh
2+
. "$(dirname -- "$0")/_/husky.sh"
3+
4+
# Run the build command
5+
bun run build
6+
7+
# Verify the build hash
8+
bun run verify-build

README.md

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,44 @@
11
# start-workspace-action
22

3+
This GitHub Action starts a Coder workspace in response to GitHub issues and comments containing @coder.
4+
5+
## Development
6+
37
To install dependencies:
48

59
```bash
610
bun install
711
```
812

9-
To run:
13+
### Building
14+
15+
The GitHub Action runs from the compiled code in the `dist/` directory. You must build the project after making changes:
16+
17+
```bash
18+
bun run build
19+
```
20+
21+
This command will:
22+
1. Compile the TypeScript source code
23+
2. Bundle it into a single file (dist/index.js)
24+
3. Add a source hash to the file
25+
26+
### Build Verification
27+
28+
This project includes a build verification system that ensures the compiled code matches the source code. A hash of all files in the `src/` directory is stored in the compiled output file.
29+
30+
To verify the build is up to date:
1031

1132
```bash
12-
bun run index.ts
33+
bun run verify-build
1334
```
1435

36+
### Pre-commit Hook
37+
38+
A pre-commit hook is set up to automatically build and verify the code before each commit. This ensures that the `dist/index.js` file is always up to date with the source code in the `src/` directory.
39+
40+
## CI/CD
41+
42+
A GitHub workflow is set up to verify that the build is up to date on each push and pull request. This prevents commits with outdated builds from being merged into the main branch.
43+
1544
This project was created using `bun init` in bun v1.2.6. [Bun](https://bun.sh) is a fast all-in-one JavaScript runtime.

bun.lock

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
"name": "start-workspace-action",
66
"devDependencies": {
77
"@types/bun": "latest",
8+
"husky": "^8.0.0",
89
},
910
"peerDependencies": {
1011
"typescript": "^5",
@@ -20,6 +21,8 @@
2021

2122
"bun-types": ["bun-types@1.2.7", "", { "dependencies": { "@types/node": "*", "@types/ws": "*" } }, "sha512-P4hHhk7kjF99acXqKvltyuMQ2kf/rzIw3ylEDpCxDS9Xa0X0Yp/gJu/vDCucmWpiur5qJ0lwB2bWzOXa2GlHqA=="],
2223

24+
"husky": ["husky@8.0.3", "", { "bin": { "husky": "lib/bin.js" } }, "sha512-+dQSyqPh4x1hlO1swXBiNb2HzTDN1I2IGLQx1GrBuiqFJfoMrnZWwVmatvSiO+Iz8fBUnf+lekwNo4c2LlXItg=="],
25+
2326
"typescript": ["typescript@5.8.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ=="],
2427

2528
"undici-types": ["undici-types@6.20.0", "", {}, "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg=="],

dist/index.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
1+
// Source hash: 39e1ff1373d5a21bb3cbb5b9b4be13afbaafc73a33293f293d40656449b70de7
12
// src/index.ts
23
console.log("Hello via Bun!");

package.json

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,15 @@
44
"type": "module",
55
"private": true,
66
"devDependencies": {
7-
"@types/bun": "latest"
7+
"@types/bun": "latest",
8+
"husky": "^8.0.0"
89
},
910
"peerDependencies": {
1011
"typescript": "^5"
1112
},
1213
"scripts": {
13-
"build": "bun build ./src/index.ts --target node --bundle --outfile dist/index.js"
14+
"build": "bun build ./src/index.ts --target node --bundle --outfile dist/index.js && bash scripts/update-build-hash.sh",
15+
"verify-build": "bash scripts/verify-build.sh",
16+
"prepare": "husky install"
1417
}
1518
}

scripts/update-build-hash.sh

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
#!/usr/bin/env bash
2+
set -euo pipefail
3+
4+
# Check if dist/index.js exists
5+
if [ ! -f "dist/index.js" ]; then
6+
echo "Error: dist/index.js not found. Please run 'bun run build' first."
7+
exit 1
8+
fi
9+
10+
# Calculate hash of all files in src/ directory (sorted by filename)
11+
SOURCE_HASH=$(find src -type f | sort | xargs cat | shasum -a 256 | cut -d ' ' -f 1)
12+
13+
# Create a temporary file with hash prefix
14+
TMP_FILE=$(mktemp)
15+
echo "// Source hash: $SOURCE_HASH" > "$TMP_FILE"
16+
17+
# If the file already contains a hash line, replace it, otherwise add it to the top
18+
if grep -q "^// Source hash: [a-f0-9]\{64\}" "dist/index.js"; then
19+
sed "s|^// Source hash: [a-f0-9]\{64\}|// Source hash: $SOURCE_HASH|" "dist/index.js" > "$TMP_FILE.2"
20+
mv "$TMP_FILE.2" "$TMP_FILE"
21+
else
22+
cat "dist/index.js" >> "$TMP_FILE"
23+
fi
24+
25+
# Replace the original file
26+
mv "$TMP_FILE" "dist/index.js"
27+
28+
echo "✅ Updated dist/index.js with source hash: $SOURCE_HASH"

scripts/verify-build.sh

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#!/usr/bin/env bash
2+
set -euo pipefail
3+
4+
# Check if dist/index.js exists
5+
if [ ! -f "dist/index.js" ]; then
6+
echo "Error: dist/index.js not found. Please run 'bun run build' first."
7+
exit 1
8+
fi
9+
10+
# Calculate hash of all files in src/ directory (sorted by filename)
11+
CALCULATED_HASH=$(find src -type f | sort | xargs cat | shasum -a 256 | cut -d ' ' -f 1)
12+
13+
# Extract hash from dist/index.js (if it exists)
14+
if grep -q "^// Source hash: [a-f0-9]\{64\}" "dist/index.js"; then
15+
EXISTING_HASH=$(grep "^// Source hash: [a-f0-9]\{64\}" "dist/index.js" | sed 's/\/\/ Source hash: //')
16+
else
17+
EXISTING_HASH=""
18+
fi
19+
20+
# Compare hashes
21+
if [ "$EXISTING_HASH" = "$CALCULATED_HASH" ]; then
22+
echo "✅ Build is up to date. Source hash matches."
23+
exit 0
24+
else
25+
echo "❌ Build is out of date or hash doesn't match."
26+
echo "Expected hash: $CALCULATED_HASH"
27+
echo "Found hash: $EXISTING_HASH"
28+
echo "Please run 'bun run build' to update the build."
29+
exit 1
30+
fi

0 commit comments

Comments
 (0)
0