File tree Expand file tree Collapse file tree 4 files changed +113
-18
lines changed
actions/compress_sign_and_upload Expand file tree Collapse file tree 4 files changed +113
-18
lines changed Original file line number Diff line number Diff line change 1+ name : Compress and Sign
2+ description : ' Compresses package and signs with garasign'
3+
4+ inputs :
5+ aws_role_arn :
6+ description : ' AWS role input for drivers-github-tools/gpg-sign@v2'
7+ required : true
8+ aws_region_name :
9+ description : ' AWS region name input for drivers-github-tools/gpg-sign@v2'
10+ required : true
11+ aws_secret_id :
12+ description : ' AWS secret id input for drivers-github-tools/gpg-sign@v2'
13+ required : true
14+ npm_package_name :
15+ description : ' The name for the npm package this repository represents'
16+ required : true
17+
18+ runs :
19+ using : composite
20+ steps :
21+ - run : npm pack
22+ shell : bash
23+
24+ - name : Get release version and release package file name
25+ id : get_vars
26+ shell : bash
27+ run : |
28+ package_version=$(jq --raw-output '.version' package.json)
29+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
30+ echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT"
31+
32+ name : Set up drivers-github-tools
33+ uses : mongodb-labs/drivers-github-tools/setup@v2
34+ with :
35+ aws_region_name : ${{ inputs.aws_region_name }}
36+ aws_role_arn : ${{ inputs.aws_role_arn }}
37+ aws_secret_id : ${{ inputs.aws_secret_id }}
38+
39+ - name : Create detached signature
40+ uses : mongodb-labs/drivers-github-tools/gpg-sign@v2
41+ with :
42+ filenames : ${{ steps.get_vars.outputs.package_file }}
43+ env :
44+ RELEASE_ASSETS : ${{ steps.get_vars.outputs.package_file }}.temp.sig
45+
46+ - name : Name release asset correctly
47+ run : mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig
48+ shell : bash
49+
50+ - name : " Upload release artifacts"
51+ run : gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig
52+ shell : bash
53+ env :
54+ GH_TOKEN : ${{ github.token }}
Original file line number Diff line number Diff line change @@ -11,21 +11,32 @@ permissions:
1111name : release-5x
1212
1313jobs :
14- release-please :
14+ release_please :
1515 runs-on : ubuntu-latest
16+ outputs :
17+ release_created : ${{ steps.release.outputs.release_created }}
1618 steps :
1719 - id : release
18- uses : google-github-actions /release-please-action@v4
20+ uses : googleapis /release-please-action@v4
1921 with :
2022 target-branch : 5.x
21-
22- # If release-please created a release, publish to npm
23- - if : ${{ steps.release.outputs.release_created }}
24- uses : actions/checkout@v4
25- - if : ${{ steps.release.outputs.release_created }}
26- name : actions/setup
23+
24+ compress_sign_and_upload :
25+ needs : [release_please]
26+ if : ${{ needs.release_please.outputs.release_created }}
27+ environment : release
28+ runs-on : ubuntu-latest
29+ steps :
30+ - uses : actions/checkout@v4
31+ - name : actions/setup
2732 uses : ./.github/actions/setup
28- - if : ${{ steps.release.outputs.release_created }}
29- run : npm publish --provenance --tag=5x
33+ - name : actions/compress_sign_and_upload
34+ uses : ./.github/actions/compress_sign_and_upload
35+ with :
36+ aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
37+ aws_region_name : ' us-east-1'
38+ aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
39+ npm_package_name : ' mongodb'
40+ - run : npm publish --provenance --tag=5x
3041 env :
3142 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
Original file line number Diff line number Diff line change @@ -11,19 +11,30 @@ permissions:
1111name : release
1212
1313jobs :
14- release-please :
14+ release_please :
1515 runs-on : ubuntu-latest
16+ outputs :
17+ release_created : ${{ steps.release.outputs.release_created }}
1618 steps :
1719 - id : release
1820 uses : googleapis/release-please-action@v4
1921
20- # If release-please created a release, publish to npm
21- - if : ${{ steps.release.outputs.release_created }}
22- uses : actions/checkout@v4
23- - if : ${{ steps.release.outputs.release_created }}
24- name : actions/setup
22+ compress_sign_and_upload :
23+ needs : [release_please]
24+ if : ${{ needs.release_please.outputs.release_created }}
25+ environment : release
26+ runs-on : ubuntu-latest
27+ steps :
28+ - uses : actions/checkout@v4
29+ - name : actions/setup
2530 uses : ./.github/actions/setup
26- - if : ${{ steps.release.outputs.release_created }}
27- run : npm publish --provenance
31+ - name : actions/compress_sign_and_upload
32+ uses : ./.github/actions/compress_sign_and_upload
33+ with :
34+ aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
35+ aws_region_name : ' us-east-1'
36+ aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
37+ npm_package_name : ' mongodb'
38+ - run : npm publish --provenance
2839 env :
2940 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
Original file line number Diff line number Diff line change @@ -20,6 +20,25 @@ The official [MongoDB](https://www.mongodb.com/) driver for Node.js.
2020| Contributing | [ CONTRIBUTING.md] ( https://github.com/mongodb/node-mongodb-native/blob/HEAD/CONTRIBUTING.md ) |
2121| Changelog | [ HISTORY.md] ( https://github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md ) |
2222
23+
24+
25+ ### Release Integrity
26+
27+ The GitHub release contains a detached signature file for the NPM package (named
28+ ` mongodb-X.Y.Z.tgz.sig ` ).
29+
30+ The following command returns the link npm package.
31+ ``` shell
32+ npm view mongodb@vX.Y.Z dist.tarball
33+ ```
34+
35+ Using the result of the above command, a ` curl ` command can return the official npm package for the release.
36+
37+ To verify the integrity of the downloaded package, run the following command:
38+ ``` shell
39+ gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
40+ ```
41+
2342### Bugs / Feature Requests
2443
2544Think you’ve found a bug? Want to see a new feature in ` node-mongodb-native ` ? Please open a
You can’t perform that action at this time.
0 commit comments