Installer Integrity

Why verify the installer

Installer verification confirms that the downloaded file matches the published release artifact. This is especially important before running unsigned Windows installers.

SHA256 verification

Use PowerShell `Get-FileHash` and compare the result with the published hash. The value must match exactly. If it does not, delete the file and download it again from the official release page.

Safe download practice

Download only from the official GitHub releases page linked from orbittest.dev. Avoid mirrored installers or files shared in chat unless you can verify the hash independently.

Practical checklist

• Keep the workflow readable enough that a QA engineer, developer, or product teammate can understand the intent without opening application source code.
• Prefer user-visible names, stable configuration, and clear evidence over hidden assumptions or brittle implementation details.
• Run the smallest useful check locally before adding it to CI, then verify that failures produce screenshots, logs, traces, or reports that explain what happened.
• Review this part of the suite regularly so outdated examples, stale setup, and obsolete workarounds do not reduce trust in the automation.

Common mistakes to avoid

• Do not add automation only to increase test count. Each page and test should protect a clear user journey, release risk, or debugging need.
• Do not hide important behavior inside helpers so deeply that the test no longer explains what the user is doing.
• Do not rely on fixed sleeps when the application can expose a meaningful ready state such as visible text, URL change, element availability, or completed evidence capture.
• Do not ignore failing artifacts. A report, screenshot, trace, or log entry should feed back into better product code, better waits, or clearer test data setup.