actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-20 06:35:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Windows] Add checksum verification for Git (#8317)

Browse Source
This commit is contained in:
Erik Bershel
2023-09-25 11:58:47 +02:00
committed by GitHub
parent ac365421b0
commit fe051ba2ba
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
images/win/scripts/Installers/Install-Git.ps1
View File

@@ -1,16 +1,24 @@
################################################################################
## File: Install-Git.ps1
## Desc: Install Git for Windows
## Supply chain security: Git - checksum validation, Hub CLI - managed by package manager
################################################################################
Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
# Install the latest version of Git for Windows
$gitReleases = Invoke-RestMethod "https://api.github.com/repos/git-for-windows/git/releases/latest"
$repoURL = "https://api.github.com/repos/git-for-windows/git/releases/latest"
$gitReleases = Invoke-RestMethod $repoURL
[string]$downloadUrl = $gitReleases.assets.browser_download_url -match "Git-.+-64-bit.exe"
$installerFile = Split-Path $downloadUrl -Leaf
Install-Binary -Url $downloadUrl `
-Name $installerFile `
$packagePath = Start-DownloadWithRetry -Url $downloadUrl -Name $installerFile
#region Supply chain security - Git
$fileHash = (Get-FileHash -Path $packagePath -Algorithm SHA256).Hash
$externalHash = Get-HashFromGitHubReleaseBody -Url $RepoURL -FileName $installerFile
Use-ChecksumComparison $fileHash $externalHash
#endregion
Install-Binary -FilePath $packagePath `
-ArgumentList (
"/VERYSILENT", `
"/NORESTART", `