From 4d6e8f263ce39ecbf9a1dd49f9d5089bb8ff5a33 Mon Sep 17 00:00:00 2001
From: Spencer Gilbert <spencer.gilbert@datadoghq.com>
Date: Tue, 5 Sep 2023 10:49:50 -0400
Subject: [PATCH 1/4] feat: Add checksums for artifacts

---
 .github/workflows/publish.yml | 68 +++++++++++++++++++++++++++++++++++
 Makefile                      |  4 +++
 scripts/checksum.sh           | 19 ++++++++++
 3 files changed, 91 insertions(+)
 create mode 100755 scripts/checksum.sh

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index d927883a9de0e..145e9e44a7c40 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -762,3 +762,71 @@ jobs:
           release: "any-version"
           republish: "true"
           file: "target/artifacts/vector-${{ env.VECTOR_VERSION }}-1.armv7hl.rpm"
+
+  generate-sha256sum:
+    name: Generate SHA256 checksums
+    runs-on: ubuntu-20.04
+    needs:
+      - generate-publish-metadata
+      - build-x86_64-unknown-linux-gnu-packages
+      - build-x86_64-unknown-linux-musl-packages
+      - build-aarch64-unknown-linux-musl-packages
+      - build-aarch64-unknown-linux-gnu-packages
+      - build-x86_64-apple-darwin-packages
+      - build-x86_64-pc-windows-msvc-packages
+      - build-armv7-unknown-linux-gnueabihf-packages
+      - build-armv7-unknown-linux-musleabihf-packages
+    env:
+      VECTOR_VERSION: ${{ needs.generate-publish-metadata.outputs.vector_version }}
+    steps:
+      - name: Checkout Vector
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.git_ref }}
+      - name: Download staged package artifacts (aarch64-unknown-linux-gnu)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-aarch64-unknown-linux-gnu
+          path: target/artifacts
+      - name: Download staged package artifacts (aarch64-unknown-linux-musl)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-aarch64-unknown-linux-musl
+          path: target/artifacts
+      - name: Download staged package artifacts (x86_64-unknown-linux-gnu)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-x86_64-unknown-linux-gnu
+          path: target/artifacts
+      - name: Download staged package artifacts (x86_64-unknown-linux-musl)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-x86_64-unknown-linux-musl
+          path: target/artifacts
+      - name: Download staged package artifacts (x86_64-apple-darwin)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-x86_64-apple-darwin
+          path: target/artifacts
+      - name: Download staged package artifacts (x86_64-pc-windows-msvc)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-x86_64-pc-windows-msvc
+          path: target/artifacts
+      - name: Download staged package artifacts (armv7-unknown-linux-gnueabihf)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-armv7-unknown-linux-gnueabihf
+          path: target/artifacts
+      - name: Download staged package artifacts (armv7-unknown-linux-musleabihf)
+        uses: actions/download-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-armv7-unknown-linux-musleabihf
+          path: target/artifacts
+      - name: Generate SHA256 checksums for artifacts
+        run: make sha256sum
+      - name: Stage checksum for publish
+        uses: actions/upload-artifact@v3
+        with:
+          name: vector-${{ env.VECTOR_VERSION }}-SHA256SUMS
+          path: target/artifacts/vector-${{ env.VECTOR_VERSION }}-SHA256SUMS
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 4e71f9b21e49c..7b9c33a22c5dc 100644
--- a/Makefile
+++ b/Makefile
@@ -624,6 +624,10 @@ release-s3: ## Release artifacts to S3
 sync-install: ## Sync the install.sh script for access via sh.vector.dev
 	@aws s3 cp distribution/install.sh s3://sh.vector.dev --sse --acl public-read
 
+.PHONY: sha256sum
+sha256sum: ## Generate SHA256 checksums of CI artifacts
+	scripts/checksum.sh
+
 ##@ Vector Remap Language
 
 .PHONY: test-vrl
diff --git a/scripts/checksum.sh b/scripts/checksum.sh
new file mode 100755
index 0000000000000..07931822e134a
--- /dev/null
+++ b/scripts/checksum.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# checksum.sh
+#
+# SUMMARY
+#
+#   Creates a SHA256 checksum of all artifacts created during CI
+
+ROOT=$(git rev-parse --show-toplevel)
+VECTOR_VERSION=${VECTOR_VERSION:-nightly}
+
+pushd "${ROOT}/target/artifacts"
+
+ARTIFACTS=$(ls | grep -v SHA256SUMS)
+
+sha256sum $ARTIFACTS > vector-$VECTOR_VERSION-SHA256SUMS
+
+popd

From ee8fe1637e2f92494d6a10fc6071f6c4b26780c3 Mon Sep 17 00:00:00 2001
From: Spencer Gilbert <spencer.gilbert@datadoghq.com>
Date: Tue, 5 Sep 2023 14:10:23 -0400
Subject: [PATCH 2/4] add newline for code formatter

---
 .github/workflows/publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 145e9e44a7c40..d718d683b5617 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -829,4 +829,4 @@ jobs:
         uses: actions/upload-artifact@v3
         with:
           name: vector-${{ env.VECTOR_VERSION }}-SHA256SUMS
-          path: target/artifacts/vector-${{ env.VECTOR_VERSION }}-SHA256SUMS
\ No newline at end of file
+          path: target/artifacts/vector-${{ env.VECTOR_VERSION }}-SHA256SUMS

From 23a3823e2279ea110716264d08233c8de7ee41d6 Mon Sep 17 00:00:00 2001
From: Spencer Gilbert <spencer.gilbert@datadoghq.com>
Date: Tue, 5 Sep 2023 14:56:40 -0400
Subject: [PATCH 3/4] fix shellcheck ding

---
 scripts/checksum.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts/checksum.sh b/scripts/checksum.sh
index 07931822e134a..76d6e9d70301a 100755
--- a/scripts/checksum.sh
+++ b/scripts/checksum.sh
@@ -12,8 +12,11 @@ VECTOR_VERSION=${VECTOR_VERSION:-nightly}
 
 pushd "${ROOT}/target/artifacts"
 
-ARTIFACTS=$(ls | grep -v SHA256SUMS)
+shopt -s extglob
+ARTIFACTS=$(ls !(*SHA256SUMS))
+shopt -u extglob
 
-sha256sum $ARTIFACTS > vector-$VECTOR_VERSION-SHA256SUMS
+# shellcheck disable=SC2086 # Intended splitting of ARTIFACTS
+sha256sum $ARTIFACTS > vector-"$VECTOR_VERSION"-SHA256SUMS
 
 popd

From 46c867675453829e21c66c39a7af942f9f154725 Mon Sep 17 00:00:00 2001
From: Spencer Gilbert <spencer.gilbert@datadoghq.com>
Date: Tue, 5 Sep 2023 15:00:33 -0400
Subject: [PATCH 4/4] add extglob to expect.txt

---
 .github/actions/spelling/expect.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index 2ad5125b0fcae..fb711d1ed0637 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -49,11 +49,11 @@ authsvc
 autobenches
 AUTOBUILD
 AUTODESPAWN
-AUTOPULL
 autodiscovered
 autodiscovery
 autogen
 autoinstalling
+AUTOPULL
 autospawn
 autospawning
 autotools
@@ -348,6 +348,7 @@ exitcodes
 exprhere
 extendedstatus
 extendee
+extglob
 extr
 extralight
 extrepo