fix: reverse checksum/rebuild ordering per QA feedback

- Move rebuild step BEFORE checksum computation - Add validation step after rebuild - Remove redundant VERSION/PKG_NAME variable reassignments - Checksum now computed from rebuilt tarball, not original
2026-04-11 17:00:04 +00:00
parent 5680e942ad
commit bb043914ef
1 changed files with 13 additions and 12 deletions
@@ -205,24 +205,25 @@ jobs:
          tar -tzf "${{ env.TARBALL }}" | head -20
          tar -tzf "${{ env.TARBALL }}" | grep -q "main.js" || { echo "Error: main.js not found in tarball"; exit 1; }

+      - name: Rebuild tarball
+        run: |
+          rm -f "${{ env.TARBALL }}"
+          npx @kinvolk/headlamp-plugin package
+          for f in *.tar.gz; do
+            [ "$f" != "${{ env.TARBALL }}" ] && mv "$f" "${{ env.TARBALL }}"
+          done
+
+      - name: Validate rebuilt tarball
+        run: |
+          tar -tzf "${{ env.TARBALL }}" | grep -q "main.js" || \
+            { echo "Error: main.js not found after rebuild"; exit 1; }
+
      - name: Compute checksum
        run: |
          CHECKSUM=$(sha256sum "${{ env.TARBALL }}" | awk '{print $1}')
          echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV
          sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml

-      - name: Rebuild tarball with correct checksum
-        run: |
-          rm -f "${{ env.TARBALL }}"
-          npx @kinvolk/headlamp-plugin package
-          VERSION="${{ inputs.version }}"
-          PKG_NAME="${{ env.PKG_NAME }}"
-          TARBALL="${PKG_NAME}-${VERSION}.tar.gz"
-          for f in *.tar.gz; do
-            [ "$f" != "$TARBALL" ] && mv "$f" "$TARBALL"
-          done
-          echo "TARBALL=$TARBALL" >> $GITHUB_ENV
-
      - name: Commit and tag
        run: |
          VERSION="${{ inputs.version }}"