Skip to content

feat: add release checksum generation and verification documentation (#1469)#1478

Merged
shm11C3 merged 4 commits into
developfrom
security/#1469-release-checksums-attestations
May 7, 2026
Merged

feat: add release checksum generation and verification documentation (#1469)#1478
shm11C3 merged 4 commits into
developfrom
security/#1469-release-checksums-attestations

Conversation

@shm11C3

@shm11C3 shm11C3 commented May 7, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

Related Issues

#1469

Type of Change

  • Bug fix (fix/ branch)
  • New feature (feat/ branch)
  • Refactoring (refactor/ branch)
  • Documentation (docs/ branch)
  • Dependencies update
  • Other (chore/ branch)

Screenshots / Videos

Test Plan

  • Manual testing
  • Unit tests

Checklist

  • Self-reviewed the code
  • Linting and formatting pass (npm run lint && npm run format / cargo tauri-lint && cargo tauri-fmt)
  • Tests pass (npm test / cargo tauri-test)
  • No new warnings or errors

Copilot AI review requested due to automatic review settings May 7, 2026 19:36
@github-actions github-actions Bot added github_actions Pull requests that update GitHub Actions code docs labels May 7, 2026
@coderabbitai

coderabbitai Bot commented May 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds comprehensive release verification infrastructure by introducing a checksum generation script, automating checksum and provenance attestation creation in the release workflow, and providing user-facing documentation in English and Japanese explaining how to verify download authenticity.

Changes

Release Verification Infrastructure

Layer / File(s) Summary
Checksum Generation Script
.github/scripts/generate-release-checksums.sh		 New Bash utility discovers assets in a dist directory, generates SHA256SUMS.txt using sha256sum (or shasum fallback), validates entry counts, verifies integrity, and manages cleanup via trap.
Release Workflow Job
.github/workflows/publish.yml		 New release-provenance job downloads release assets, validates inventory, generates SHA256SUMS.txt via script, verifies checksum coverage, uploads checksums, and creates build provenance attestations.
English Download Verification
docs/download-verification.md		 Documents official distribution sources, SHA-256 checksum verification steps for v1.8.1+ (platform-specific: Windows/macOS/Linux), GitHub provenance attestation verification, and Winget usage.
Japanese Download Verification
docs/download-verification.ja.md		 Localized guide covering official sources, SHA-256 checksum verification procedures, GitHub provenance attestation verification for v1.8.1+, and Winget installation channel.
Documentation Links
README.md, docs/README.ja.md		 Added cross-references directing users to download verification guides.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

  • shm11C3/HardwareVisualizer#1469: Implements the same release checksum and attestation functionality—adding SHA256SUMS generation script and GitHub artifact attestation workflow job.
  • shm11C3/HardwareVisualizer#1470: Directly addresses the download-verification documentation and checksum generation script requirements.

Poem

🐰 A script now counts the checksums true,
While workflows weave attestations through,
In guides both bright and Tokyo-wise,
Our users learn to verify!
Release integrity—hopping to the sky! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is essentially empty—only template boilerplate with no substantive content in the Summary section and no type of change selected. Complete the Summary section explaining what this PR does and why. Select the appropriate Type of Change (appears to be 'New feature' or 'Documentation'). Link issue #1469 explicitly and provide context on the checksum/attestation implementation.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'feat: add release checksum generation and verification documentation' accurately describes the main changes: a new bash script for generating checksums, CI workflow updates for verification, and comprehensive documentation across multiple files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch security/#1469-release-checksums-attestations

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

  • Generate code and open pull requests
  • Plan features and break down work
  • Investigate incidents and troubleshoot customer tickets together
  • Automate recurring tasks and respond to alerts with triggers
  • Summarize progress and report instantly

Built for teams:

  • Shared memory across your entire org—no repeating context
  • Per-thread sandboxes to safely plan and execute work
  • Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Comment @coderabbitai help to get the list of available commands and usage tips.

@shm11C3 shm11C3 enabled auto-merge (squash) May 7, 2026 19:36
@github-actions

github-actions Bot commented May 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 95.06% (🎯 60%) 1234 / 1298
🔵 Statements 94.62% (🎯 60%) 1303 / 1377
🔵 Functions 96.27% (🎯 60%) 310 / 322
🔵 Branches 88.03% (🎯 60%) 456 / 518
File CoverageNo changed files found.
Generated in workflow #2966 for commit 2efb4c9 by the Vitest Coverage Report Action

Copilot AI reviewed May 7, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds release download verification guidance and implements automated generation of a SHA256SUMS.txt asset plus GitHub build provenance attestations as part of the release publish workflow, improving end-user trust in downloaded installers.

Changes:

  • Link to a new download verification guide from the main README and the Japanese docs README.
  • Add English/Japanese “download verification” docs covering SHA-256 checksum verification and gh attestation verify.
  • Extend the release workflow to download draft release assets, generate/upload SHA256SUMS.txt, and emit build provenance attestations; introduce a helper script to generate and validate checksums.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
README.md Adds a pointer to the download verification documentation.
docs/README.ja.md Adds a pointer (Japanese) to the verification documentation.
docs/download-verification.md New English guide describing checksum + provenance verification steps.
docs/download-verification.ja.md New Japanese guide describing checksum + provenance verification steps.
.github/workflows/publish.yml Adds a post-build job to generate/upload SHA256SUMS.txt and create provenance attestations for release assets.
.github/scripts/generate-release-checksums.sh New script to generate and self-verify SHA-256 checksums for release assets.

Comment thread .github/scripts/generate-release-checksums.sh Outdated
@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor

Rust Tauri Coverage Report

Coverage Details 
Filename                                     Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover    Branches   Missed Branches     Cover
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
_tests/commands/background_image_test.rs          39                 0   100.00%           6                 0   100.00%          21                 0   100.00%           0                 0         -
_tests/commands/settings_test.rs                 220                 0   100.00%          18                 0   100.00%         165                 0   100.00%           0                 0         -
adapters/tray.rs                                 127               127     0.00%          14                14     0.00%          87                87     0.00%           0                 0         -
adapters/window.rs                               254                69    72.83%          21                 8    61.90%         195                47    75.90%           0                 0         -
app/startup.rs                                   188                87    53.72%          10                 3    70.00%         114                58    49.12%           0                 0         -
commands/background_image.rs                      22                 7    68.18%          11                 5    54.55%          19                 7    63.16%           0                 0         -
commands/hardware.rs                              62                62     0.00%          20                20     0.00%          68                68     0.00%           0                 0         -
commands/settings.rs                             616               616     0.00%         108               108     0.00%         528               528     0.00%           0                 0         -
commands/system.rs                                21                21     0.00%          10                10     0.00%          20                20     0.00%           0                 0         -
commands/ui.rs                                    17                17     0.00%           2                 2     0.00%          13                13     0.00%           0                 0         -
commands/updater.rs                               97                97     0.00%          15                15     0.00%          66                66     0.00%           0                 0         -
enums/error.rs                                   101                10    90.10%           8                 1    87.50%          86                10    88.37%           0                 0         -
enums/hardware.rs                                184                 7    96.20%          15                 1    93.33%         111                 6    94.59%           0                 0         -
enums/settings.rs                                386                16    95.85%          23                 2    91.30%         253                10    96.05%           0                 0         -
infrastructure/database/migration.rs              66                 1    98.48%          10                 0   100.00%          86                 0   100.00%           0                 0         -
lib.rs                                           225               225     0.00%           6                 6     0.00%         143               143     0.00%           0                 0         -
lifecycle.rs                                     254               205    19.29%          31                27    12.90%         186               163    12.37%           0                 0         -
main.rs                                            3                 3     0.00%           1                 1     0.00%           3                 3     0.00%           0                 0         -
models/hardware.rs                               375                83    77.87%          31                12    61.29%         275               100    63.64%           0                 0         -
models/hardware_archive.rs                         8                 0   100.00%           2                 0   100.00%          10                 0   100.00%           0                 0         -
models/settings.rs                               285                 0   100.00%          16                 0   100.00%         252                 0   100.00%           0                 0         -
services/background_image_service.rs             165                96    41.82%          16                10    37.50%          93                59    36.56%           0                 0         -
services/gpu_service.rs                           56                56     0.00%          11                11     0.00%          43                43     0.00%           0                 0         -
services/hardware_service.rs                      85                85     0.00%           4                 4     0.00%          51                51     0.00%           0                 0         -
services/language_service.rs                     101                 0   100.00%          18                 0   100.00%          57                 0   100.00%           0                 0         -
services/memory_service.rs                        12                12     0.00%           3                 3     0.00%           7                 7     0.00%           0                 0         -
services/motherboard_service.rs                   12                12     0.00%           3                 3     0.00%           7                 7     0.00%           0                 0         -
services/network_service.rs                       14                14     0.00%           1                 1     0.00%           8                 8     0.00%           0                 0         -
services/settings_service.rs                     340               156    54.12%          33                15    54.55%         284               142    50.00%           0                 0         -
services/system_service.rs                        22                22     0.00%           2                 2     0.00%          12                12     0.00%           0                 0         -
services/ui_service.rs                            45                45     0.00%           8                 8     0.00%          36                36     0.00%           0                 0         -
tray/surface/mod.rs                                8                 8     0.00%           2                 2     0.00%           5                 5     0.00%           0                 0         -
tray/surface/tauri_surface.rs                     80                80     0.00%           6                 6     0.00%          48                48     0.00%           0                 0         -
tray/widget.rs                                   601                 5    99.17%          51                 1    98.04%         533                 3    99.44%           0                 0         -
utils/color.rs                                    66                 1    98.48%           4                 0   100.00%          26                 0   100.00%           0                 0         -
utils/file.rs                                    224                 5    97.77%          14                 0   100.00%         144                 4    97.22%           0                 0         -
utils/formatter.rs                                55                 0   100.00%           5                 0   100.00%          39                 0   100.00%           0                 0         -
utils/logger.rs                                   71                71     0.00%           1                 1     0.00%          38                38     0.00%           0                 0         -
utils/tauri.rs                                   138                 0   100.00%          17                 0   100.00%          82                 0   100.00%           0                 0         -
workers/mod.rs                                    40                40     0.00%           2                 2     0.00%          24                24     0.00%           0                 0         -
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                                           5685              2361    58.47%         579               304    47.50%        4238              1816    57.15%           0                 0         -

@shm11C3 shm11C3 linked an issue May 7, 2026 that may be closed by this pull request
[P0] Add SHA-256 checksums and GitHub artifact attestations to release assets #1469
Closed
19 tasks
@shm11C3 shm11C3 disabled auto-merge May 7, 2026 19:48
@shm11C3 shm11C3 merged commit 6ea77cd into develop May 7, 2026
36 checks passed
@shm11C3 shm11C3 deleted the security/#1469-release-checksums-attestations branch May 7, 2026 19:48
@shm11C3 shm11C3 mentioned this pull request May 7, 2026
Closed
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

docs github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[P0] Add SHA-256 checksums and GitHub artifact attestations to release assets

2 participants

@shm11C3