feat: add binary checksum generation to build workflow

[pedro-pelicioni-cw]

User description

• Add checksum generation step for stratus binary
• Generate checksums.txt file with SHA256 hash
• Upload checksums file as a separate artifact with commit SHA
• Keep checksum file in project root for easy access

---

PR Type

Enhancement

---

Description

• Add checksum generation for stratus binary

• Upload checksums as separate artifact

• Improve build workflow configuration

• Update Rust setup and dependencies

---

Changes walkthrough 📝

	Relevant files
Enhancement	build-binary.yml Enhance build workflow with checksum generation and configuration updates .github/workflows/build-binary.yml Added checksum generation for stratus binary Implemented artifact upload for checksums Updated Rust setup and cache configuration Added installation of necessary dependencies +69/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Error Handling The checksum generation step doesn't include error handling or validation. Consider adding checks to ensure the binary exists and the checksum was generated successfully. - name: Generate checksums run: | cd target/release sha256sum stratus > ../../checksums.txt Logging The workflow lacks proper logging for important steps, such as the checksum generation. Consider adding echo statements or using GitHub Actions' logging commands to improve visibility and debugging. - name: Generate checksums run: | cd target/release sha256sum stratus > ../../checksums.txt

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Include filename in checksum output Include the file name in the checksum output to provide clear association between the checksum and the specific file it represents. .github/workflows/build-binary.yml [124-127] - name: Generate checksums run: | cd target/release sha256sum stratus > ../../checksums.txt + echo "stratus: $(cat ../../checksums.txt)" > ../../checksums.txt Suggestion importance[1-10]: 5 __ Why: This suggestion improves clarity by explicitly associating the checksum with the file name. It enhances readability and reduces potential confusion, especially if multiple files are involved in the future.	Low
Security	Use stronger hash algorithm Consider using a more secure hashing algorithm like SHA-512 instead of SHA-256 for generating checksums. This provides stronger protection against potential hash collisions. .github/workflows/build-binary.yml [124-127] - name: Generate checksums run: | cd target/release - sha256sum stratus > ../../checksums.txt + sha512sum stratus > ../../checksums.txt Suggestion importance[1-10]: 3 __ Why: While using SHA-512 does provide stronger protection, SHA-256 is still considered secure for most applications. The change would offer only a marginal security improvement in this context.	Low

[gabriel-aranha-cw]

Need to remove duplicate logic. The PR should only have added Generate and upload checksum steps.

[pedro-pelicioni-cw]