The 0.79.0 release added publication of checksums for the wrapper scripts. These checksums make it easy to verify the integrity of the wrapper scripts used in your project.
Verifying the integrity of the wrapper scripts in your project is important, as they could be maliciously modified and these modifications may not be immediately apparent.
To make verifying your project's wrapper scripts even easier, I'm pleased to announce the release of the new batect-wrapper-validation-action action, which validates the integrity of the wrapper scripts as part of a GitHub Actions workflow.
The readme has more details on how the action works and how to use it. For most projects, it's as simple as adding the following job to an existing workflow:
jobs:
validate-batect-wrapper:
name: Validate Batect wrapper scripts
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/[email protected]
- name: Validate Batect wrapper scripts
uses: batect/batect-wrapper-validation-[email protected]
You can also use the action in an existing workflow or existing job.
This action must run before any invocations of Batect.
If the action runs after an invocation of Batect and the wrapper script has been modified maliciously, the malicious version may be able to modify itself to appear genuine.