Skip to content

Commit

Permalink
chore(NODE-6160): sign and upload to releases (#9)
Browse files Browse the repository at this point in the history
Co-authored-by: Aditi Khare <[email protected]>
  • Loading branch information
durran and aditi-khare-mongoDB authored Jun 13, 2024
1 parent 4650f7c commit 51244df
Show file tree
Hide file tree
Showing 3 changed files with 115 additions and 14 deletions.
15 changes: 15 additions & 0 deletions .github/actions/setup/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Setup
description: 'Installs node, driver dependencies, and builds source'

runs:
using: composite
steps:
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
cache: 'npm'
registry-url: 'https://registry.npmjs.org'
- run: npm install -g npm@latest
shell: bash
- run: npm clean-install --ignore-scripts
shell: bash
71 changes: 71 additions & 0 deletions .github/actions/sign_and_upload_package/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: Sign and Upload Package
description: 'Signs native modules with garasign'

inputs:
aws_role_arn:
description: 'AWS role input for drivers-github-tools/gpg-sign@v2'
required: true
aws_region_name:
description: 'AWS region name input for drivers-github-tools/gpg-sign@v2'
required: true
aws_secret_id:
description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2'
required: true
npm_package_name:
description: 'The name for the npm package this repository represents'
required: true

runs:
using: composite
steps:
- uses: actions/download-artifact@v4

- name: Make signatures directory
shell: bash
run: mkdir artifacts

- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_region_name: ${{ inputs.aws_region_name }}
aws_role_arn: ${{ inputs.aws_role_arn }}
aws_secret_id: ${{ inputs.aws_secret_id }}

- name: Create detached signature
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: 'build-*/*.tar.gz'
env:
RELEASE_ASSETS: artifacts/

- name: Copy the tarballs to the artifacts directory
shell: bash
run: for filename in build-*/*.tar.gz; do cp ${filename} artifacts/; done

- run: npm pack
shell: bash

- name: Get release version and release package file name
id: get_vars
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT"
- name: Create detached signature for module
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: ${{ steps.get_vars.outputs.package_file }}
env:
RELEASE_ASSETS: artifacts/

- name: Display structure of downloaded files
shell: bash
run: ls -la artifacts/

- name: "Upload release artifacts"
run: gh release upload v${{ steps.get_vars.outputs.package_version }} artifacts/*.*
shell: bash
env:
GH_TOKEN: ${{ github.token }}
43 changes: 29 additions & 14 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:

name: Build and Test

permissions:
contents: write
pull-requests: write
id-token: write

jobs:
host_builds:
strategy:
Expand Down Expand Up @@ -65,21 +70,31 @@ jobs:
retention-days: 1
compression-level: 0

collect:
release_please:
needs: [host_builds, container_builds]
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- uses: actions/download-artifact@v4

- name: Display structure of downloaded files
run: ls -R
- id: release
uses: googleapis/release-please-action@v4

- id: upload
name: Upload all prebuilds
uses: actions/upload-artifact@v4
with:
name: all-build
path: '*.tar.gz'
if-no-files-found: 'error'
retention-days: 1
compression-level: 0
sign_and_upload:
needs: [release_please]
if: ${{ needs.release_please.outputs.release_created }}
runs-on: ubuntu-latest
environment: release
steps:
- uses: actions/checkout@v4
- name: actions/setup
uses: ./.github/actions/setup
- name: actions/sign_and_upload_package
uses: ./.github/actions/sign_and_upload_package
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: 'us-east-1'
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
npm_package_name: 'mongodb-client-encryption'
- run: npm publish --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

0 comments on commit 51244df

Please sign in to comment.