From c8f53508f1a0c671be984f9653e8835707b72fc9 Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Wed, 29 May 2024 14:37:11 -0400 Subject: [PATCH 1/6] refactor: release signing upgraded to drivers-github-tools-v2 --- .../compress_sign_and_upload/action.yml | 29 ++++++++++++------- .github/workflows/release-5.x.yml | 6 ++-- .github/workflows/release.yml | 13 ++++----- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml index fdc7dede..962c1ab9 100644 --- a/.github/actions/compress_sign_and_upload/action.yml +++ b/.github/actions/compress_sign_and_upload/action.yml @@ -29,15 +29,24 @@ runs: echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT" + - name: Set up drivers-github-tools + uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ inputs.aws_role_arn }} + aws_region_name: ${{ inputs.aws_region_name }} + aws_secret_id: ${{ inputs.aws_secret_id }} - name: Create detached signature - uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1 + uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 + - name: "Temporary: check that signature exists" + uses: actions/upload-artifact@v4 with: - filenames: ${{ steps.vars.package_file }} - garasign_username: ${{ inputs.garasign_username }} - garasign_password: ${{ inputs.garasign_password }} - artifactory_username: ${{ inputs.artifactory_username }} - artifactory_password: ${{ inputs.artifactory_password }} - - - name: "Upload release artifacts" - run: gh release upload v${{ steps.vars.package_version }} ${{ steps.vars.package_file }}.sig - shell: bash \ No newline at end of file + name: ${{ steps.vars.outputs.package_version }} + path: | + ${{ steps.vars.outputs.package_file }} + ${{ steps.vars.outputs.package_filen }}.sig + retention-days: 3 + # - name: "Upload release artifacts" + # run: gh release upload v${{ steps.vars.outputs.package_version }} ${{ steps.vars.outputs.package_file }}.sig + # shell: bash + # env: + # GH_TOKEN: ${{ github.token }} \ No newline at end of file diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 88f94317..732560bd 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -35,6 +35,6 @@ jobs: garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} artifactory_username: ${{ secrets.ARTIFACTORY_USER }} artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} - - run: npm publish --provenance --tag=5x - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + # - run: npm publish --provenance --tag=5x + # env: + # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16068041..fb918e5b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,10 +29,9 @@ jobs: - name: actions/compress_sign_and_upload uses: ./.github/actions/compress_sign_and_upload with: - garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} - garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} - artifactory_username: ${{ secrets.ARTIFACTORY_USER }} - artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} - - run: npm publish --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + aws_role_arn: ${{ env.secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ env.AWS_REGION_NAME }} + aws_secret_id: ${{ env.secrets.APP_SECRET_KEY}} + # - run: npm publish --provenance + # env: + # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 06576f900db1953841493def52c502e0040cb6ff Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Wed, 29 May 2024 17:23:59 -0400 Subject: [PATCH 2/6] ready for review --- .../compress_sign_and_upload/action.yml | 53 ++++++++++--------- .github/workflows/release-5.x.yml | 20 +++---- .github/workflows/release.yml | 17 +++--- 3 files changed, 50 insertions(+), 40 deletions(-) diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml index 962c1ab9..c39c7c8a 100644 --- a/.github/actions/compress_sign_and_upload/action.yml +++ b/.github/actions/compress_sign_and_upload/action.yml @@ -2,18 +2,21 @@ name: Compress and Sign description: 'Compresses package and signs with garasign' inputs: - garasign_username: - description: 'Garasign username input for drivers-github-tools/garasign/gpg-sign' + aws_role_arn: + description: 'AWS role input for drivers-github-tools/gpg-sign@v2' required: true - garasign_password: - description: 'Garasign password input for drivers-github-tools/garasign/gpg-sign' + aws_region_name: + description: 'AWS region name input for drivers-github-tools/gpg-sign@v2' required: true - artifactory_username: - description: 'Artifactory username input for drivers-github-tools/garasign/gpg-sign' + aws_secret_id: + description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2' required: true - artifactory_password: - description: 'Artifactory password input for drivers-github-tools/garasign/gpg-sign' + npm_package_name: + description: 'The name for the npm package this repository represents' required: true + sign_SBOMs: + description: 'If provided, this script will create SBOM signatures' + required: false runs: using: composite @@ -22,31 +25,33 @@ runs: shell: bash - name: Get release version and release package file name - id: vars + id: get_vars shell: bash run: | package_version=$(jq --raw-output '.version' package.json) echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT" + echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT" - name: Set up drivers-github-tools uses: mongodb-labs/drivers-github-tools/setup@v2 with: - aws_role_arn: ${{ inputs.aws_role_arn }} aws_region_name: ${{ inputs.aws_region_name }} + aws_role_arn: ${{ inputs.aws_role_arn }} aws_secret_id: ${{ inputs.aws_secret_id }} + - name: Create detached signature uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 - - name: "Temporary: check that signature exists" - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.vars.outputs.package_version }} - path: | - ${{ steps.vars.outputs.package_file }} - ${{ steps.vars.outputs.package_filen }}.sig - retention-days: 3 - # - name: "Upload release artifacts" - # run: gh release upload v${{ steps.vars.outputs.package_version }} ${{ steps.vars.outputs.package_file }}.sig - # shell: bash - # env: - # GH_TOKEN: ${{ github.token }} \ No newline at end of file + with: + filenames: ${{ steps.get_vars.outputs.package_file }} + env: + RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig + + - name: Name release asset correctly + run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig + shell: bash + + - name: "Upload release artifacts" + run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig + shell: bash + env: + GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 732560bd..ff22a5b8 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -21,8 +21,10 @@ jobs: with: target-branch: 5.x - compress-sign-and-upload: + compress_sign_and_upload: needs: [release_please] + if: ${{ needs.release_please.outputs.release_created }} + environment: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -30,11 +32,11 @@ jobs: uses: ./.github/actions/setup - name: actions/compress_sign_and_upload uses: ./.github/actions/compress_sign_and_upload - with: - garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} - garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} - artifactory_username: ${{ secrets.ARTIFACTORY_USER }} - artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} - # - run: npm publish --provenance --tag=5x - # env: - # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: 'us-east-1' + aws_secret_id: ${{ secrets.APP_SECRET_KEY}} + npm_package_name: 'bson' + - run: npm publish --provenance --tag=5x + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fb918e5b..7c1167c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,9 +18,11 @@ jobs: steps: - id: release uses: google-github-actions/release-please-action@v4 - + compress_sign_and_upload: needs: [release_please] + if: ${{ needs.release_please.outputs.release_created }} + environment: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -29,9 +31,10 @@ jobs: - name: actions/compress_sign_and_upload uses: ./.github/actions/compress_sign_and_upload with: - aws_role_arn: ${{ env.secrets.AWS_ROLE_ARN }} - aws_region_name: ${{ env.AWS_REGION_NAME }} - aws_secret_id: ${{ env.secrets.APP_SECRET_KEY}} - # - run: npm publish --provenance - # env: - # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: 'us-east-1' + aws_secret_id: ${{ secrets.APP_SECRET_KEY}} + npm_package_name: 'bson' + - run: npm publish --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 5ffae5733720f6d288ef2eba563b6d5364854378 Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Fri, 31 May 2024 17:07:36 -0400 Subject: [PATCH 3/6] temp sig --- .github/workflows/release.yml | 1 - package.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c1167c9..960d22ba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,6 @@ jobs: compress_sign_and_upload: needs: [release_please] - if: ${{ needs.release_please.outputs.release_created }} environment: release runs-on: ubuntu-latest steps: diff --git a/package.json b/package.json index 8657cdb7..f7373168 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "vendor" ], "types": "bson.d.ts", - "version": "6.7.0", + "version": "3.7.0", "author": { "name": "The MongoDB NodeJS Team", "email": "dbx-node@mongodb.com" From a185e6a4be2060b0655a9f9ed55754dd081d628c Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Fri, 31 May 2024 17:12:05 -0400 Subject: [PATCH 4/6] var name switch --- .github/workflows/release-5.x.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 6c8f309a..2bc99aa1 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -35,7 +35,7 @@ jobs: with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: 'us-east-1' - aws_secret_id: ${{ secrets.APP_SECRET_KEY}} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} npm_package_name: 'bson' - run: npm publish --provenance --tag=5x env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 23b1771d..f66a8ed9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: 'us-east-1' - aws_secret_id: ${{ secrets.APP_SECRET_KEY}} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} npm_package_name: 'bson' - run: npm publish --provenance env: From 0f001316e4a33b8ec9c075578406b6e27c9284f2 Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Mon, 3 Jun 2024 17:20:27 -0400 Subject: [PATCH 5/6] remove testing fix --- .github/actions/compress_sign_and_upload/action.yml | 2 +- .github/workflows/release.yml | 1 + package.json | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml index c39c7c8a..04e602d3 100644 --- a/.github/actions/compress_sign_and_upload/action.yml +++ b/.github/actions/compress_sign_and_upload/action.yml @@ -54,4 +54,4 @@ runs: run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig shell: bash env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ github.token }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f66a8ed9..0f6ea1dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,7 @@ jobs: compress_sign_and_upload: needs: [release_please] + if: ${{ needs.release_please.outputs.release_created }} environment: release runs-on: ubuntu-latest steps: diff --git a/package.json b/package.json index f7373168..8657cdb7 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "vendor" ], "types": "bson.d.ts", - "version": "3.7.0", + "version": "6.7.0", "author": { "name": "The MongoDB NodeJS Team", "email": "dbx-node@mongodb.com" From 54d05c48079c46b6ce217451a05b4ac538d1ef4f Mon Sep 17 00:00:00 2001 From: Aditi Khare Date: Wed, 5 Jun 2024 17:19:47 -0400 Subject: [PATCH 6/6] update api --- .github/workflows/release-5.x.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 2bc99aa1..aa845568 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -17,7 +17,7 @@ jobs: release_created: ${{ steps.release.outputs.release_created }} steps: - id: release - uses: google-github-actions/release-please-action@v4 + uses: googleapis/release-please-action@v4 with: target-branch: 5.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0f6ea1dd..72f4ebae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: release_created: ${{ steps.release.outputs.release_created }} steps: - id: release - uses: google-github-actions/release-please-action@v4 + uses: googleapis/release-please-action@v4 compress_sign_and_upload: needs: [release_please]