From c5dc3692b8ce0037c7004f9e7aec3af206056244 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Wed, 26 Aug 2020 12:24:22 +1000
Subject: .github/workflow/pending-{set,clear}: check hash

---
 .github/workflows/pending-set.yml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to '.github/workflows/pending-set.yml')

diff --git a/.github/workflows/pending-set.yml b/.github/workflows/pending-set.yml
index ee1d537295c..36104706b6f 100644
--- a/.github/workflows/pending-set.yml
+++ b/.github/workflows/pending-set.yml
@@ -12,10 +12,15 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         GSU_VERSION: "0.5.0"
+        GSU_HASH: "49df54dc0ed5eaa037400b66be8114bd62fa0af51ed36565f6203dc312711cc6"
         GSU_URL: "https://github.com/cloudposse/github-status-updater/releases/download"
       run: |
         curl -sSf -O -L -C - \
         "$GSU_URL/$GSU_VERSION/github-status-updater_linux_amd64" && \
+        if [ "$(shasum -a 256 github-status-updater_linux_amd64 | cut -c1-64)" != "$GSU_HASH" ]; then
+          echo "checksum mismatch"
+          exit 1
+        fi
         chmod +x github-status-updater_linux_amd64 && \
         ./github-status-updater_linux_amd64 \
           -action update_state \
-- 
cgit 1.4.1