Fix release workflow yq (#1274)

* Fix yq in the create release workflow * Add nice log
kyma-project · Feb 3, 2025 · 557b6b4 · 557b6b4
1 parent 3369a37
commit 557b6b4
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/.github/workflows/release-create-release.yaml b/.github/workflows/release-create-release.yaml
@@ -24,15 +24,27 @@ jobs:
 
       - name: Install yq
         shell: bash
+        env:
+          VERSION: "v4.45.1"
+          BINARY: "yq_linux_amd64"
+          EXPECTED_CHECKSUM: "654d2943ca1d3be2024089eb4f270f4070f491a0610481d128509b2834870049"
         run: |
-          sudo add-apt-repository ppa:rmescandon/yq
-          sudo apt update
-          sudo apt install yq -y
-
+          wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O ./yq && chmod +x ./yq
+          
+          echo "Generating downloaded yq binary sha256 checksum..."
+          generated_checksum=$(shasum -a256 ./yq | awk '{ print $1 }')
+          
+          if [ "$generated_checksum" == "$EXPECTED_CHECKSUM" ]; then
+            echo "Checksums match."
+          else
+            echo "Checksums do not match."
+            exit 1
+          fi
       - name: Check security-scanner config
         shell: bash
         run: |
-          if [[ $( yq eval ".protecode[0]" sec-scanners-config.yaml ) == "europe-docker.pkg.dev/kyma-project/prod/istio/releases/istio-manager:${{ github.event.inputs.version }}" ]]; then
+          if [[ $( ./yq eval ".protecode[0]" sec-scanners-config.yaml ) == "europe-docker.pkg.dev/kyma-project/prod/istio/releases/istio-manager:${{ github.event.inputs.version }}" ]]; then
+            echo "Image tag in sec-scanners-config matches release ${{ github.event.inputs.version }}"
             exit 0
           else
             echo "Error: istio-manager image tag in sec-scanners-config doesn't match release ${{ github.event.inputs.version }}"