.github/workflows/release.yml

name: Post-Release SHA-256 Hash Calculation
on:
  release:
    types: [published]
  workflow_dispatch: # Allows for manual triggering
jobs:
  calculate-hash:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v2
      - name: Fetch Release Assets
        id: fetch-assets
        uses: actions/github-script@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          script: |
            const fs = require('fs');
            const { getOctokit } = require('@actions/github');
            const octokit = github.getOctokit(process.env.GITHUB_TOKEN);

            const response = await octokit.rest.repos.listReleaseAssets({
              owner: context.repo.owner,
              repo: context.repo.repo,
              release_id: context.payload.release.id
            });

            const downloadUrls = response.data.map(asset => asset.url);
            fs.writeFileSync('assets.json', JSON.stringify(downloadUrls));

      - name: Download and Calculate SHA-256 Hashes
        run: |
          mkdir -p downloads
          for url in $(cat assets.json | jq -r '.[]'); do
            curl -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o "downloads/$(basename $url)" "$url"
          done

          for file in downloads/*; do
            echo "Calculating SHA-256 for $file"
            sha256sum "$file" >> SHA256SUMS.txt
          done

      - name: Update Release Description with SHA-256 Hashes
        uses: actions/github-script@v5
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const fs = require('fs');
            const sha256sums = fs.readFileSync('SHA256SUMS.txt', 'utf8');
            const { owner, repo } = context.repo;
            const release = context.payload.release;
            const newBody = release.body + '\n\n### SHA-256 Hashes\n' + sha256sums;
            github.repos.updateRelease({
              owner,
              repo,
              release_id: release.id,
              body: newBody
            });