step-security
diff --git a/‎dist/index.js
Lines changed: 5 additions & 1 deletion b/‎dist/index.js
Lines changed: 5 additions & 1 deletion
diff --git a/‎dist/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/post/index.js
Lines changed: 5 additions & 1 deletion b/‎dist/post/index.js
Lines changed: 5 additions & 1 deletion
diff --git a/‎dist/post/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/post/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/pre/index.js
Lines changed: 117 additions & 71 deletions b/‎dist/pre/index.js
Lines changed: 117 additions & 71 deletions
diff --git a/‎dist/pre/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/pre/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/checksum.ts
Lines changed: 20 additions & 6 deletions b/‎src/checksum.ts
Lines changed: 20 additions & 6 deletions
diff --git a/‎src/cleanup.ts
Lines changed: 4 additions & 0 deletions b/‎src/cleanup.ts
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/common.ts
Lines changed: 4 additions & 1 deletion b/‎src/common.ts
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/index.ts
Lines changed: 4 additions & 0 deletions b/‎src/index.ts
Lines changed: 4 additions & 0 deletions
@@ -2,19 +2,33 @@ import * as core from "@actions/core";
 import * as crypto from "crypto";
 import * as fs from "fs";
 
-export function verifyChecksum(downloadPath: string, is_tls: boolean) {
+const CHECKSUMS = {
+  tls: {
+    amd64: "0bd500769646f0a90c0dfe9ac59699d5165bed549a9870c031b861146af337b2", // v1.3.2
+    arm64: "c2448ac205fd90f46abba31c13cf34c3b997824881502f736315fb08ac0a5a5c",
+  },
+  non_tls: {
+    amd64: "a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a", // v0.13.7
+  },
+};
+
+export function verifyChecksum(
+  downloadPath: string,
+  isTLS: boolean,
+  variant: string
+) {
   const fileBuffer: Buffer = fs.readFileSync(downloadPath);
   const checksum: string = crypto
     .createHash("sha256")
     .update(fileBuffer)
     .digest("hex"); // checksum of downloaded file
 
-  let expectedChecksum: string =
-    "a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a"; // checksum for v0.13.7
+  let expectedChecksum: string = "";
 
-  if (is_tls) {
-    expectedChecksum =
-      "fa9defcf9e125a62cb29747574d6a07aee4f04153e7bce4a3c7ce29681469e92"; // checksum for tls_agent
+  if (isTLS) {
+    expectedChecksum = CHECKSUMS["tls"][variant];
+  } else {
+    expectedChecksum = CHECKSUMS["non_tls"][variant];
   }
 
   if (checksum !== expectedChecksum) {
 
@@ -27,6 +27,10 @@ import { arcCleanUp, isArcRunner, removeStepPolicyFiles } from "./arc-runner";
     return;
   }
 
+  if (process.env.STATE_isTLS === "false" && process.arch === "arm64") {
+    return;
+  }
+
   if (
     String(process.env.STATE_monitorStatusCode) ===
     common.STATUS_HARDEN_RUNNER_UNAVAILABLE
 
@@ -180,4 +180,7 @@ export const HARDEN_RUNNER_UNAVAILABLE_MESSAGE =
   "Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";
 
 export const ARC_RUNNER_MESSAGE =
-  "Workflow is currently being executed in ARC based runner";
+  "Workflow is currently being executed in ARC based runner.";
+
+export const ARM64_RUNNER_MESSAGE =
+  "ARM runners are not supported in the Harden-Runner community tier.";
@@ -23,6 +23,10 @@ import { STEPSECURITY_WEB_URL } from "./configs";
     return;
   }
 
+  if (process.env.STATE_isTLS === "false" && process.arch === "arm64") {
+    return;
+  }
+
   if (
     core.getBooleanInput("disable-telemetry") &&
     core.getInput("egress-policy") === "block"