Skip to content

Commit

Permalink
chore(NODE-6160): sign and upload to releases
Browse files Browse the repository at this point in the history
  • Loading branch information
durran committed Jun 9, 2024
1 parent f7ae840 commit 67e8b7c
Show file tree
Hide file tree
Showing 4 changed files with 121 additions and 14 deletions.
15 changes: 15 additions & 0 deletions .github/actions/setup/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Setup
description: 'Installs node, driver dependencies, and builds source'

runs:
using: composite
steps:
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
cache: 'npm'
registry-url: 'https://registry.npmjs.org'
- run: npm install -g npm@latest
shell: bash
- run: npm clean-install --ignore-scripts
shell: bash
60 changes: 60 additions & 0 deletions .github/actions/sign_and_upload_package/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Sign and Upload Package
description: 'Signs native modules with garasign'

inputs:
aws_role_arn:
description: 'AWS role input for drivers-github-tools/gpg-sign@v2'
required: true
aws_region_name:
description: 'AWS region name input for drivers-github-tools/gpg-sign@v2'
required: true
aws_secret_id:
description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2'
required: true
npm_package_name:
description: 'The name for the npm package this repository represents'
required: true

runs:
using: composite
steps:
- uses: actions/download-artifact@v4

- name: Make signatures directory
shell: bash
run: mkdir artifacts

- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_region_name: ${{ inputs.aws_region_name }}
aws_role_arn: ${{ inputs.aws_role_arn }}
aws_secret_id: ${{ inputs.aws_secret_id }}

- name: Create detached signature
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: 'build-*/*.tar.gz'
env:
RELEASE_ASSETS: artifacts/

- name: Copy the tarballs to the artifacts directory
shell: bash
run: for filename in build-*/*.tar.gz; do cp ${filename} artifacts/; done

- name: Display structure of downloaded files
shell: bash
run: ls -la artifacts/

- name: Get release version and release package file name
id: get_vars
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
# - name: "Upload release artifacts"
# run: gh release upload v${{ steps.get_vars.outputs.package_version }} artifacts/*.*
# shell: bash
# env:
# GH_TOKEN: ${{ github.token }}
44 changes: 30 additions & 14 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ on:
branches: [main]
workflow_dispatch: {}

permissions:
contents: write
pull-requests: write
id-token: write

name: build

jobs:
Expand Down Expand Up @@ -61,21 +66,32 @@ jobs:
retention-days: 1
compression-level: 0

collect:
release_please:
needs: [host_builds, container_builds]
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- uses: actions/download-artifact@v4
- id: release
uses: googleapis/release-please-action@v4

- name: Display structure of downloaded files
run: ls -R

- id: upload
name: Upload all prebuilds
uses: actions/upload-artifact@v4
with:
name: all-build
path: '*.tar.gz'
if-no-files-found: 'error'
retention-days: 1
compression-level: 0
sign_and_upload:
needs: [host_builds, container_builds]
# needs: [release_please]
# if: ${{ needs.release_please.outputs.release_created }}
runs-on: ubuntu-latest
environment: release
steps:
- uses: actions/checkout@v4
- name: actions/sign_and_upload_package
uses: ./.github/actions/sign_and_upload_package
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: 'us-east-1'
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
npm_package_name: 'mongodb-client-encryption'
- name: actions/setup
uses: ./.github/actions/setup
# - run: npm publish --provenance
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
16 changes: 16 additions & 0 deletions release-please-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
"pull-request-title-pattern": "chore${scope}: release ${version} [skip-ci]",
"pull-request-header": "Please run the release_notes action before releasing to generate release highlights",
"packages": {
".": {
"include-component-in-tag": false,
"changelog-path": "HISTORY.md",
"release-type": "node",
"bump-minor-pre-major": false,
"bump-patch-for-minor-pre-major": false,
"draft": false,
"prerelease": false
}
}
}

0 comments on commit 67e8b7c

Please sign in to comment.