mirror of
https://github.com/zebrajr/react.git
synced 2026-01-15 12:15:22 +00:00
7e4c258e16
Uses https://cli.github.com/manual/gh_attestation_verify to verify that the downloaded artifact matches the attestation generated during the build process in runtime_commit_artifacts. Example: On a workflow run of runtime_build_and_test.yml with no attestations: ``` $ scripts/release/download-experimental-build.js --commit=ea5f065745b777cb41cc9e54a3b29ed8c727a574 Command failed: gh attestation verify artifacts_combined.zip --repo=facebook/react Error: failed to fetch attestations from facebook/react: HTTP 404: Not Found (https://api.github.com/repos/facebook/react/attestations/sha256:7adba0992ba477a927aad5a07f95ee2deb7d18427c84279d33fc40a3bc28ebaa?per_page=30) `gh attestation verify artifacts_combined.zip --repo=facebook/react` (exited with error code 1) ``` On one which does: ``` $ scripts/release/download-experimental-build.js --commit=12e85d74c1c233cdc2f3228a97473a4435d50c3b ✓ Downloading artifacts from GitHub for commit 12e85d74c1c233cdc2f3228a97473a4435d50c3b) 10.5 secs An experimental build has been downloaded! You can download this build again by running: scripts/download-experimental-build.js --commit=12e85d74c1c233cdc2f3228a97473a4435d50c3b ``` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/facebook/react/pull/32728). * #32729 * __->__ #32728