Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(NODE-6160): sign and upload to releases #9

Merged
merged 4 commits into from
Jun 13, 2024
Merged

Conversation

durran
Copy link
Member

@durran durran commented Jun 3, 2024

Description

What is changing?

  • Adds signing to the native bundle tarballs and uploads them to the Github release.
  • Uploads the detached signatures for the tarballs to the Github release.
  • Adds release please to the Github apps builds.
  • Publishes the release with provenance.
Is there new documentation needed for these changes?

None

What is the motivation for this change?

NODE-6160

Release Highlight

Fill in title or leave empty for no highlight

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@durran durran force-pushed the NODE-6160 branch 4 times, most recently from 23d8c91 to beba0f0 Compare June 3, 2024 18:45
@durran durran changed the title chore(NODE-4869): sign and upload to releases chore(NODE-6160): sign and upload to releases Jun 3, 2024
@durran durran force-pushed the NODE-6160 branch 2 times, most recently from 6d65d10 to a3fdd4b Compare June 3, 2024 19:18
@nbbeeken nbbeeken mentioned this pull request Jun 5, 2024
5 tasks
@durran durran force-pushed the NODE-6160 branch 3 times, most recently from a9b6623 to 433a3f1 Compare June 5, 2024 19:38
@durran durran force-pushed the NODE-6160 branch 3 times, most recently from 36ac37e to 823bc18 Compare June 10, 2024 13:49
@durran durran marked this pull request as ready for review June 11, 2024 14:33
@aditi-khare-mongoDB aditi-khare-mongoDB self-requested a review June 11, 2024 15:21
@aditi-khare-mongoDB aditi-khare-mongoDB self-assigned this Jun 11, 2024
@aditi-khare-mongoDB aditi-khare-mongoDB added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label Jun 11, 2024
Copy link
Collaborator

@nbbeeken nbbeeken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

id: get_vars
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code LGTM, is is possible to point me to an example test release, as an extra check?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I'm going off is seeing release-please creating the PR now: #15 and was verifying the signing actions working but not being able to upload before release-please was put in, example run here: https://github.com/mongodb-js/mongodb-client-encryption/actions/runs/9403489046/job/25900735594

If that's not sufficient let me know and I can create a new fake repo and project and copy everything over.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for a fork: Can we have a run where we run build.yml to see the structure of the downloaded files, but comment out gh release upload .. and npm publish? To confirm the signatures are there.

id: get_vars
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for a fork: Can we have a run where we run build.yml to see the structure of the downloaded files, but comment out gh release upload .. and npm publish? To confirm the signatures are there.

@durran
Copy link
Member Author

durran commented Jun 13, 2024

@aditi-khare-mongoDB
Copy link
Contributor

Thank! LGTM

@aditi-khare-mongoDB aditi-khare-mongoDB self-requested a review June 13, 2024 17:21
@aditi-khare-mongoDB aditi-khare-mongoDB merged commit 51244df into main Jun 13, 2024
13 checks passed
@aditi-khare-mongoDB aditi-khare-mongoDB deleted the NODE-6160 branch June 13, 2024 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Primary Review In Review with primary reviewer, not yet ready for team's eyes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants