Skip to content

Changes regarding sha verification #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-atish-jadhav wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Changes regarding sha verification #207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f85ef78
Changes regarding sha verification
cx-atish-jadhav Jun 1, 2026
d1c5f04
Optimized the sha verification logic and test fixes
cx-atish-jadhav Jun 2, 2026
60c4b85
Added CLAUDE.md
cx-atish-jadhav Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 47 additions & 6 deletions .github/workflows/update-cli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,56 @@ jobs:
run: |
echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version

# Update the TypeScript file's cliDefaultVersion field
- name: Update cliDefaultVersion in CxInstaller.ts
# Download CLI binaries and generate checksums
- name: Download CLI and generate checksums
if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
env:
NEW_CLI_VERSION: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
run: |
FILE_PATH="src/main/osinstaller/CxInstaller.ts"
# Ensure that 'cliDefaultVersion' is updated correctly
sed -i "s/\(cliDefaultVersion = '\)[^']*\(';\)/\1${NEW_CLI_VERSION}\2/" $FILE_PATH
VERSION=$RELEASE_TAG

# Initialize checksums object
CHECKSUMS='{}'

# Platform configurations: platform_name,architecture,extension,os_platform
PLATFORMS=(
"windows,x64,zip,windows"
"darwin,x64,tar.gz,darwin"
"linux,x64,tar.gz,linux"
"linux,arm64,tar.gz,linux"
"linux,armv6,tar.gz,linux"
)

for PLATFORM_CONFIG in "${PLATFORMS[@]}"; do
IFS=',' read -r OS_TYPE ARCH EXT OS_PLATFORM <<< "$PLATFORM_CONFIG"

KEY="${OS_PLATFORM}_${ARCH}"
URL="https://download.checkmarx.com/CxOne/CLI/${VERSION}/ast-cli_${VERSION}_${OS_PLATFORM}_${ARCH}.${EXT}"

echo "Downloading checksum for ${KEY} from ${URL}..."

# Download binary
TEMP_FILE="/tmp/ast-cli_${KEY}.${EXT}"
if curl -sL -o "$TEMP_FILE" "$URL"; then
# Calculate SHA-256
CHECKSUM=$(sha256sum "$TEMP_FILE" | awk '{print $1}')
echo "✓ ${KEY}: ${CHECKSUM}"

# Update checksums JSON
CHECKSUMS=$(echo "$CHECKSUMS" | jq --arg key "$KEY" --arg value "$CHECKSUM" '.[$key] = $value')

# Cleanup
rm -f "$TEMP_FILE"
else
echo "✗ Failed to download ${KEY}"
exit 1
fi
done

# Write checksums to file
echo "$CHECKSUMS" | jq '.' > checkmarx-ast-cli.checksums
echo "Checksums updated:"
cat checkmarx-ast-cli.checksums

# Create a Pull Request with the version changes
- name: Create Pull Request
Expand Down
Loading
Loading