ci: build: verify downloaded toolchain tarball
authorPetr Štetiar <ynezz@true.cz>
Fri, 26 May 2023 09:41:18 +0000 (11:41 +0200)
committerChristian Marangi <ansuelsmth@gmail.com>
Tue, 24 Oct 2023 15:12:06 +0000 (17:12 +0200)
commit6cdd9a6de493cc9b8152a73d8449673b1190d1ff
tree5a400674218bf7966f7e3bd4fb104ec24aac6f76
parent37395ecb3214f6c086668b9f1a3c3405e06acfe8
ci: build: verify downloaded toolchain tarball

CDNs are known to ship outdated or corrupted files, if it unpacks
correctly, it necessarily doesn't mean, that we're using the desired
content. So lets fix it by checking the tarball as well.

I'm adding GPG checking explicitly, its not needed, but just double
checking, that everything is working as expected on build
infrastructure.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 95dde523297c652072ee96ac32d22912a43ef761)
.github/workflows/build.yml