j178
diff --git a/‎.gitattributes‎
Lines changed: 2 additions & 1 deletion b/‎.gitattributes‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎…ub/workflows/update-version-manifest.yml‎ ‎…thub/workflows/update-known-versions.yml‎.github/workflows/update-version-manifest.yml renamed to .github/workflows/update-known-versions.yml
Lines changed: 17 additions & 16 deletions b/‎…ub/workflows/update-version-manifest.yml‎ ‎…thub/workflows/update-known-versions.yml‎.github/workflows/update-version-manifest.yml renamed to .github/workflows/update-known-versions.yml
Lines changed: 17 additions & 16 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 3 deletions b/‎README.md‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎dist/index.js‎
Lines changed: 927 additions & 43 deletions b/‎dist/index.js‎
Lines changed: 927 additions & 43 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎scripts/update-version-manifest.mjs‎ ‎scripts/update-known-versions.mjs‎scripts/update-version-manifest.mjs renamed to scripts/update-known-versions.mjs
Lines changed: 56 additions & 18 deletions b/‎scripts/update-version-manifest.mjs‎ ‎scripts/update-known-versions.mjs‎scripts/update-version-manifest.mjs renamed to scripts/update-known-versions.mjs
Lines changed: 56 additions & 18 deletions
diff --git a/‎src/install.ts‎
Lines changed: 19 additions & 10 deletions b/‎src/install.ts‎
Lines changed: 19 additions & 10 deletions
@@ -1,4 +1,5 @@
 * text=auto eol=lf
 
 dist/** linguist-generated=true
-src/version-manifest.json linguist-generated=true
+src/known-checksums.ts linguist-generated=true
+version-manifest.json linguist-generated=true
@@ -1,4 +1,4 @@
-name: Update Version Manifest
+name: Update Known Versions
 
 on:
   schedule:
@@ -14,8 +14,8 @@ concurrency:
   cancel-in-progress: false
 
 jobs:
-  update-version-manifest:
-    name: Update version manifest
+  update-known-versions:
+    name: Update known versions
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'j178/prek-action' && github.ref_name == github.event.repository.default_branch }}
     steps:
@@ -31,44 +31,45 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Refresh bundled prek release manifest
+      - name: Refresh prek known versions
         id: refresh
         env:
           GITHUB_TOKEN: ${{ github.token }}
-        run: npm run update-version-manifest
+        run: npm run update-known-versions
 
-      - name: Check whether the manifest changed
+      - name: Check whether known version files changed
         id: changes
         run: |
-          if git diff --quiet -- src/version-manifest.json; then
-            echo "manifest_changed=false" >> "$GITHUB_OUTPUT"
+          if git diff --quiet -- version-manifest.json src/known-checksums.ts; then
+            echo "known_versions_changed=false" >> "$GITHUB_OUTPUT"
           else
-            echo "manifest_changed=true" >> "$GITHUB_OUTPUT"
+            echo "known_versions_changed=true" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Run unit tests
-        if: steps.changes.outputs.manifest_changed == 'true'
+        if: steps.changes.outputs.known_versions_changed == 'true'
         run: npm test
 
       - name: Rebuild dist
-        if: steps.changes.outputs.manifest_changed == 'true'
+        if: steps.changes.outputs.known_versions_changed == 'true'
         run: npm run bundle
 
       - name: Create pull request
-        if: steps.changes.outputs.manifest_changed == 'true'
+        if: steps.changes.outputs.known_versions_changed == 'true'
         uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
         with:
           add-paths: |
-            src/version-manifest.json
+            version-manifest.json
+            src/known-checksums.ts
             dist/index.js
             dist/post/index.js
-          branch: automation/update-prek-version-manifest
-          commit-message: Update prek version manifest
+          branch: automation/update-prek-known-versions
+          commit-message: Update prek known versions
           delete-branch: true
           token: ${{ github.token }}
           title: ${{ steps.refresh.outputs.pr_title }}
           body: |
-            Refreshes the bundled prek release manifest and rebuilt action bundles.
+            Refreshes the prek known version metadata and rebuilt action bundles.
 
             Added releases:
             ${{ steps.refresh.outputs.added_versions_markdown }}
@@ -39,8 +39,8 @@ For a stable reference, pin to a specific release tag such as `v1.2.3`, or pin t
 | `extra_args` | Deprecated alias for `extra-args` | No | |
 | `install-only` | Install `prek` but skip `prek run` | No | `false` |
 | `prek-version` | Version or semver range to install, for example `0.2.30`, `0.3.x`, `<=1.0.0`, or `latest` | No | `latest` |
-| `show-verbose-logs` | Print the `prek` verbose log after `prek run` completes | No | `true` |
 | `working-directory` | Directory where `prek run` is executed | No | `.` |
+| `show-verbose-logs` | Print the `prek` verbose log after `prek run` completes | No | `true` |
 | `token` | Unused; retained for backward compatibility | No | `${{ github.token }}` |
 
 ## Outputs
@@ -79,7 +79,7 @@ steps:
       prek-version: '0.2.30'
 ```
 
-Resolve a semver range from the bundled release manifest:
+Resolve a semver range:
 
 ```yaml
 steps:
@@ -109,7 +109,6 @@ steps:
     with:
       show-verbose-logs: false
 ```
-
 ## Requirements
 
 The target repository needs a `prek` or pre-commit configuration file:
 
@@ -9,7 +9,7 @@
     "bundle": "npm run build && ncc build src/main.ts -o dist && ncc build src/post.ts -o dist/post",
     "check-format": "prettier --check .",
     "test": "npm run build:test && node --test .test-build/test/**/*.test.js",
-    "update-version-manifest": "node scripts/update-version-manifest.mjs"
+    "update-known-versions": "node scripts/update-known-versions.mjs"
   },
   "engines": {
     "node": ">=24"
 
@@ -3,7 +3,8 @@ import path from 'node:path'
 import semver from 'semver'
 
 const releasesApiUrl = 'https://api.github.com/repos/j178/prek/releases'
-const manifestPath = path.resolve('src/version-manifest.json')
+const manifestPath = path.resolve('version-manifest.json')
+const checksumsPath = path.resolve('src/known-checksums.ts')
 const minimumSupportedVersion = '0.0.23'
 const installableArchivePattern = /^prek-(.+)\.(tar\.gz|zip)$/
 const excludedArchiveNames = new Set(['prek-npm-package.tar.gz'])
@@ -12,12 +13,14 @@ async function run() {
   const token = process.env.GITHUB_TOKEN || process.env.GH_TOKEN || ''
   const previousReleases = await readExistingManifest()
   const previousVersions = new Set(previousReleases.map(release => release.version))
-  const releases = await fetchAllReleases(token)
+  const {checksumsByAsset, releases} = await fetchAllReleases(token)
   const addedVersions = releases.map(release => release.version).filter(version => !previousVersions.has(version))
 
-  await mkdir(path.dirname(manifestPath), {recursive: true})
   await writeFile(manifestPath, `${JSON.stringify(releases, null, 2)}\n`)
+  await mkdir(path.dirname(checksumsPath), {recursive: true})
+  await writeFile(checksumsPath, renderKnownChecksumsFile(checksumsByAsset))
   console.log(`Wrote ${releases.length} prek releases to ${manifestPath}`)
+  console.log(`Wrote ${checksumsByAsset.size} known checksums to ${checksumsPath}`)
   if (addedVersions.length === 0) {
     console.log('No new prek releases found')
   } else {
@@ -28,11 +31,19 @@ async function run() {
 }
 
 async function readExistingManifest() {
-  return JSON.parse(await readFile(manifestPath, 'utf8'))
+  try {
+    return JSON.parse(await readFile(manifestPath, 'utf8'))
+  } catch (error) {
+    if (error && typeof error === 'object' && 'code' in error && error.code === 'ENOENT') {
+      return []
+    }
+    throw error
+  }
 }
 
 async function fetchAllReleases(token) {
   const releases = []
+  const checksumsByAsset = new Map()
 
   for (let page = 1; ; page += 1) {
     const url = `${releasesApiUrl}?per_page=100&page=${page}`
@@ -54,17 +65,24 @@ async function fetchAllReleases(token) {
         continue
       }
 
-      releases.push({
-        assets: Array.isArray(release.assets)
-          ? release.assets
-              .filter(asset => isInstallableArchive(asset.name))
-              .map(asset => ({
+      const assets = Array.isArray(release.assets)
+        ? release.assets
+            .filter(asset => isInstallableArchive(asset.name))
+            .map(asset => {
+              const checksum = normalizeDigest(asset.digest)
+              if (checksum) {
+                checksumsByAsset.set(buildChecksumKey(version, asset.name), checksum)
+              }
+
+              return {
                 downloadUrl: asset.browser_download_url,
-                name: asset.name,
-                sha256: normalizeDigest(asset.digest),
-                size: asset.size
-              }))
-          : [],
+                name: asset.name
+              }
+            })
+        : []
+
+      releases.push({
+        assets,
         prerelease: Boolean(release.prerelease),
         publishedAt: release.published_at || release.created_at || '',
         version
@@ -76,13 +94,16 @@ async function fetchAllReleases(token) {
     }
   }
 
-  return releases.sort(compareReleasesDesc)
+  return {
+    checksumsByAsset,
+    releases: releases.sort(compareReleasesDesc)
+  }
 }
 
 function buildHeaders(token) {
   const headers = {
     Accept: 'application/vnd.github+json',
-    'User-Agent': 'prek-action-manifest-updater'
+    'User-Agent': 'prek-action-known-versions-updater'
   }
   if (token) {
     headers.Authorization = `Bearer ${token}`
@@ -110,6 +131,23 @@ function compareReleasesDesc(left, right) {
   return semver.rcompare(left.version, right.version) || right.publishedAt.localeCompare(left.publishedAt)
 }
 
+function renderKnownChecksumsFile(checksumsByAsset) {
+  const entries = [...checksumsByAsset.entries()]
+    .sort(([left], [right]) => left.localeCompare(right))
+    .map(([assetKey, checksum]) => `  ['${assetKey}', '${checksum}']`)
+    .join(',\n')
+  return (
+    '// This file is autogenerated by scripts/update-known-versions.mjs. Do not edit manually.\n' +
+    'export const knownChecksumsByAsset = new Map<string, string>([\n' +
+    entries +
+    '\n])\n'
+  )
+}
+
+function buildChecksumKey(version, assetName) {
+  return `${version}:${assetName}`
+}
+
 async function writeOutputs(addedVersions) {
   const outputPath = process.env.GITHUB_OUTPUT
   if (!outputPath) {
@@ -118,8 +156,8 @@ async function writeOutputs(addedVersions) {
 
   const prTitle =
     addedVersions.length === 0
-      ? 'Update prek version manifest'
-      : `Update prek version manifest for ${formatVersionSummary(addedVersions)}`
+      ? 'Update prek known versions'
+      : `Update known versions for ${formatVersionSummary(addedVersions)}`
   const addedVersionsMarkdown =
     addedVersions.length === 0
       ? '- None'
 
@@ -6,6 +6,7 @@ import * as fs from 'node:fs/promises'
 import * as path from 'node:path'
 
 import {getAssetForVersion} from './manifest'
+import {knownChecksumsByAsset} from './known-checksums'
 import type {ManifestAsset, ReleaseAsset, Version} from './types'
 
 // Install a specific bare prek version, preferring the GitHub Actions tool cache when available.
@@ -25,7 +26,7 @@ export async function installPrek(version: Version): Promise<string> {
     core.info(
       `Selected release asset ${asset.archiveName} for runner ${process.platform}/${process.arch} (tool-cache arch ${toolArch})`
     )
-    const manifestAsset = getAssetForVersion(version, asset.archiveName)
+    const manifestAsset = await getAssetForVersion(version, asset.archiveName)
 
     core.info(`Downloading prek from ${manifestAsset.downloadUrl}`)
     const archivePath = await tc.downloadTool(manifestAsset.downloadUrl)
@@ -164,30 +165,38 @@ async function verifyDownloadChecksum(
   asset: ManifestAsset,
   version: Version
 ): Promise<void> {
-  const result = await validateDownloadedChecksum(archivePath, asset)
+  const result = await validateDownloadedChecksum(archivePath, asset, version)
   if (result === 'missing') {
-    core.warning(`No SHA-256 checksum recorded for ${asset.name} in the ${version} manifest entry`)
-  } else {
-    core.info(`Verified SHA-256 checksum for ${asset.name}`)
+    core.warning(`Checksum is not known for ${buildChecksumKey(version, asset.name)}; skipping verification for prek ${version}`)
+    return
   }
+
+  core.info(`Verified SHA-256 checksum for ${asset.name} from prek ${version}`)
 }
 
 export async function validateDownloadedChecksum(
   archivePath: string,
-  asset: ManifestAsset
-): Promise<'missing' | 'matched'> {
-  if (!asset.sha256) {
+  asset: ManifestAsset,
+  version: Version,
+  checksumMap: ReadonlyMap<string, string> = knownChecksumsByAsset
+): Promise<'matched' | 'missing'> {
+  const expectedDigest = checksumMap.get(buildChecksumKey(version, asset.name))
+  if (!expectedDigest) {
     return 'missing'
   }
 
   const digest = await hashFile(archivePath)
-  if (digest !== asset.sha256) {
-    throw new Error(`Checksum mismatch for ${asset.name}: expected ${asset.sha256}, received ${digest}`)
+  if (digest !== expectedDigest) {
+    throw new Error(`Checksum mismatch for ${asset.name}: expected ${expectedDigest}, received ${digest}`)
   }
 
   return 'matched'
 }
 
+function buildChecksumKey(version: Version, assetName: string): string {
+  return `${version}:${assetName}`
+}
+
 // Stream the archive through SHA-256 hashing to avoid loading the whole file into memory.
 export async function hashFile(filePath: string): Promise<string> {
   const hash = crypto.createHash('sha256')