From 1fcf0ee08180494b3bfe1a705591d3190f73c942 Mon Sep 17 00:00:00 2001
From: Aaron Gable <aaron@letsencrypt.org>
Date: Fri, 30 Aug 2024 12:42:43 -0700
Subject: [PATCH] Write release checksums to per-release files (#7681)

Have the release action write the checksums to a file whose name matches
the name of the boulder deb and rpm files whose checksums it contains.
This prevents name-collision errors when we are running multiple Go
versions side-by-side in CI.

To demonstrate this, augment the try-release action to write the
checksums to the same file, print the list of files it would upload, and
print the contents of the checksums file. Also allow the try-release
workflow to be triggered manually.
---
 .github/workflows/release.yml     |  4 ++--
 .github/workflows/try-release.yml | 11 ++++++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d3d4a341eef..00fc46e81e5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,7 +35,7 @@ jobs:
         id: checksums
         # The files listed on this line must be identical to the files uploaded
         # in the last step.
-        run: sha256sum boulder*.deb boulder*.tar.gz >| checksums.txt
+        run: sha256sum boulder*.deb boulder*.tar.gz >| boulder-${{ matrix.GO_VERSION }}.$(date +%s)-$(git rev-parse --short=8 HEAD).checksums.txt
 
       - name: Create release
         env:
@@ -48,4 +48,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         # https://cli.github.com/manual/gh_release_upload
-        run: gh release upload "${GITHUB_REF_NAME}" boulder*.deb boulder*.tar.gz checksums.txt
+        run: gh release upload "${GITHUB_REF_NAME}" boulder*.deb boulder*.tar.gz boulder*.checksums.txt
diff --git a/.github/workflows/try-release.yml b/.github/workflows/try-release.yml
index 76879f0df7f..06216a96c04 100644
--- a/.github/workflows/try-release.yml
+++ b/.github/workflows/try-release.yml
@@ -8,6 +8,7 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   try-release:
@@ -33,4 +34,12 @@ jobs:
         id: checksums
         # The files listed on this line must be identical to the files uploaded
         # in the last step of the real release action.
-        run: sha256sum boulder*.deb boulder*.tar.gz
+        run: sha256sum boulder*.deb boulder*.tar.gz >| boulder-${{ matrix.GO_VERSION }}.$(date +%s)-$(git rev-parse --short=8 HEAD).checksums.txt
+
+      - name: List files
+        id: files
+        run: ls boulder*.deb boulder*.tar.gz boulder*.checksums.txt
+
+      - name: Show checksums
+        id: check
+        run: cat boulder*.checksums.txt