diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml new file mode 100644 index 0000000..ced847c --- /dev/null +++ b/.github/actions/setup/action.yml @@ -0,0 +1,15 @@ +name: Setup +description: 'Installs node, driver dependencies, and builds source' + +runs: + using: composite + steps: + - uses: actions/setup-node@v4 + with: + node-version: 'lts/*' + cache: 'npm' + registry-url: 'https://registry.npmjs.org' + - run: npm install -g npm@latest + shell: bash + - run: npm clean-install + shell: bash diff --git a/.github/actions/sign_and_upload_package/action.yml b/.github/actions/sign_and_upload_package/action.yml new file mode 100644 index 0000000..c3355bc --- /dev/null +++ b/.github/actions/sign_and_upload_package/action.yml @@ -0,0 +1,43 @@ +name: Sign and Upload Package +description: 'Signs and uploads the release artifacts' + +inputs: + garasign_username: + description: 'Garasign username input for drivers-github-tools/garasign/gpg-sign' + required: true + garasign_password: + description: 'Garasign password input for drivers-github-tools/garasign/gpg-sign' + required: true + artifactory_username: + description: 'Artifactory username input for drivers-github-tools/garasign/gpg-sign' + required: true + artifactory_password: + description: 'Artifactory password input for drivers-github-tools/garasign/gpg-sign' + required: true + +runs: + using: composite + steps: + - run: npm pack + shell: bash + - uses: actions/download-artifact@v4 + - name: Display structure of downloaded files + run: ls -R + - name: Get release version and release package file name + id: vars + shell: bash + run: | + package_version=$(jq --raw-output '.version' package.json) + echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" + echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT" + - name: Create detached signature + uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1 + with: + filenames: ${{ steps.vars.package_file }} + garasign_username: ${{ inputs.garasign_username }} + garasign_password: ${{ inputs.garasign_password }} + artifactory_username: ${{ inputs.artifactory_username }} + artifactory_password: ${{ inputs.artifactory_password }} + - name: "Upload release artifacts" + run: gh release upload v${{ steps.vars.package_version }} ${{ steps.vars.package_file }}.sig + shell: bash \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1270be7..c93fa07 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -79,3 +79,19 @@ jobs: if-no-files-found: 'error' retention-days: 1 compression-level: 0 + + sign_and_upload: + needs: [host_builds, container_builds] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: actions/sign_and_upload_package + uses: ./.github/actions/sign_and_upload_package + with: + garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} + garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} + artifactory_username: ${{ secrets.ARTIFACTORY_USER }} + artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} + # - run: npm publish --provenance + # env: + # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file