ready for review

aditi-khare-mongoDB · aditi-khare-mongoDB · commit 06576f900db1 · 2024-05-29T17:23:59.000-04:00
diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
@@ -2,18 +2,21 @@ name: Compress and Sign
 description: 'Compresses package and signs with garasign'
 
 inputs: 
-    garasign_username:
-      description: 'Garasign username input for drivers-github-tools/garasign/gpg-sign'
+    aws_role_arn:
+      description: 'AWS role input for drivers-github-tools/gpg-sign@v2'
       required: true
-    garasign_password:
-      description: 'Garasign password input for drivers-github-tools/garasign/gpg-sign'
+    aws_region_name:
+      description: 'AWS region name input for drivers-github-tools/gpg-sign@v2'
       required: true
-    artifactory_username:
-      description: 'Artifactory username input for drivers-github-tools/garasign/gpg-sign'
+    aws_secret_id:
+      description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2'
       required: true
-    artifactory_password:
-      description: 'Artifactory password input for drivers-github-tools/garasign/gpg-sign'
+    npm_package_name:
+      description: 'The name for the npm package this repository represents'
       required: true
+    sign_SBOMs:
+      description: 'If provided, this script will create SBOM signatures'
+      required: false
 
 runs:
   using: composite
@@ -22,31 +25,33 @@ runs:
       shell: bash
 
     - name: Get release version and release package file name
-      id: vars
+      id: get_vars
       shell: bash
       run: |
         package_version=$(jq --raw-output '.version' package.json)
         echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-        echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT"
+        echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT"
 
     - name: Set up drivers-github-tools
       uses: mongodb-labs/drivers-github-tools/setup@v2
       with: 
-        aws_role_arn: ${{ inputs.aws_role_arn }}
         aws_region_name: ${{ inputs.aws_region_name }}
+        aws_role_arn: ${{ inputs.aws_role_arn }}
         aws_secret_id: ${{ inputs.aws_secret_id }}
+
     - name: Create detached signature
       uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
-    - name: "Temporary: check that signature exists"
-      uses: actions/upload-artifact@v4
-      with:
-        name: ${{ steps.vars.outputs.package_version }}
-        path: |
-          ${{ steps.vars.outputs.package_file }}
-          ${{ steps.vars.outputs.package_filen }}.sig
-        retention-days: 3
-    # - name: "Upload release artifacts"
-    #   run: gh release upload v${{ steps.vars.outputs.package_version }} ${{ steps.vars.outputs.package_file }}.sig
-    #   shell: bash
-    #   env:
-    #     GH_TOKEN: ${{ github.token }}
+      with: 
+        filenames: ${{ steps.get_vars.outputs.package_file }}
+      env: 
+        RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig
+
+    - name: Name release asset correctly 
+      run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig
+      shell: bash
+
+    - name: "Upload release artifacts"
+      run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml
@@ -21,20 +21,22 @@ jobs:
         with:
           target-branch: 5.x
   
-  compress-sign-and-upload:
+  compress_sign_and_upload:
     needs: [release_please]
+    if: ${{ needs.release_please.outputs.release_created }}
+    environment: release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: actions/setup
         uses: ./.github/actions/setup
       - name: actions/compress_sign_and_upload
         uses: ./.github/actions/compress_sign_and_upload
-        with:
-          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
-          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
-          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
-          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
-      # - run: npm publish --provenance --tag=5x
-      #   env:
-      #     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        with: 
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: 'us-east-1'
+          aws_secret_id: ${{ secrets.APP_SECRET_KEY}}
+          npm_package_name: 'bson'
+      - run: npm publish --provenance --tag=5x
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,9 +18,11 @@ jobs:
     steps:
       - id: release
         uses: google-github-actions/release-please-action@v4
-
+  
   compress_sign_and_upload:
     needs: [release_please]
+    if: ${{ needs.release_please.outputs.release_created }}
+    environment: release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -29,9 +31,10 @@ jobs:
       - name: actions/compress_sign_and_upload
         uses: ./.github/actions/compress_sign_and_upload
         with: 
-          aws_role_arn: ${{ env.secrets.AWS_ROLE_ARN }}
-          aws_region_name: ${{ env.AWS_REGION_NAME }}
-          aws_secret_id: ${{ env.secrets.APP_SECRET_KEY}}
-      # - run: npm publish --provenance
-      #   env:
-      #     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: 'us-east-1'
+          aws_secret_id: ${{ secrets.APP_SECRET_KEY}}
+          npm_package_name: 'bson'
+      - run: npm publish --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
