refactor: release signing upgraded to drivers-github-tools-v2

mongodb · May 29, 2024 · c8f5350 · c8f5350
1 parent f0fbe91
commit c8f5350
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 20 deletions.
diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
@@ -29,15 +29,24 @@ runs:
         echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
         echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT"
 
+    - name: Set up drivers-github-tools
+      uses: mongodb-labs/drivers-github-tools/setup@v2
+      with: 
+        aws_role_arn: ${{ inputs.aws_role_arn }}
+        aws_region_name: ${{ inputs.aws_region_name }}
+        aws_secret_id: ${{ inputs.aws_secret_id }}
     - name: Create detached signature
-      uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1
+      uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
+    - name: "Temporary: check that signature exists"
+      uses: actions/upload-artifact@v4
       with:
-        filenames: ${{ steps.vars.package_file }}
-        garasign_username: ${{ inputs.garasign_username }}
-        garasign_password: ${{ inputs.garasign_password }}
-        artifactory_username: ${{ inputs.artifactory_username }}
-        artifactory_password: ${{ inputs.artifactory_password }}
-
-    - name: "Upload release artifacts"
-      run: gh release upload v${{ steps.vars.package_version }} ${{ steps.vars.package_file }}.sig
-      shell: bash
+        name: ${{ steps.vars.outputs.package_version }}
+        path: |
+          ${{ steps.vars.outputs.package_file }}
+          ${{ steps.vars.outputs.package_filen }}.sig
+        retention-days: 3
+    # - name: "Upload release artifacts"
+    #   run: gh release upload v${{ steps.vars.outputs.package_version }} ${{ steps.vars.outputs.package_file }}.sig
+    #   shell: bash
+    #   env:
+    #     GH_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml
@@ -35,6 +35,6 @@ jobs:
           garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
           artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
           artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
-      - run: npm publish --provenance --tag=5x
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      # - run: npm publish --provenance --tag=5x
+      #   env:
+      #     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,10 +29,9 @@ jobs:
       - name: actions/compress_sign_and_upload
         uses: ./.github/actions/compress_sign_and_upload
         with: 
-          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
-          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
-          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
-          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
-      - run: npm publish --provenance
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          aws_role_arn: ${{ env.secrets.AWS_ROLE_ARN }}
+          aws_region_name: ${{ env.AWS_REGION_NAME }}
+          aws_secret_id: ${{ env.secrets.APP_SECRET_KEY}}
+      # - run: npm publish --provenance
+      #   env:
+      #     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}