temp for testing

.github/workflows/release-4.x.yml

@@ -27,12 +27,39 @@ jobs:
           default-branch: 4.x
 
       # If release-please created a release, publish to npm
-      - if: ${{ steps.release.outputs.release_created }}
+       - if: ${{ true }}
         uses: actions/checkout@v3
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: ${{ true }}
         name: actions/setup
         uses: ./.github/actions/setup
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: true
+        run: npm pack
+        shell: bash
+      - if: true
+        name: Get release version and release package file name
+        run: |
+          PACKAGE_VERSION=$(jq '.version' package.json | tr -d '"')
+          echo "PACKAGE_VERSION=${PACKAGE_VERSION}" >> "$GITHUB_ENV"
+          echo "PACKAGE_FILE=mongodb-${PACKAGE_VERSION}.tgz" >> "$GITHUB_ENV"
+      - if: true
+        name: Create detached signature
+        uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@main
+        with:
+          filenames: ${{ env.PACKAGE_FILE }}
+          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
+          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
+          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
+          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      - if: true
+        name: "Upload artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PACKAGE_FILE }}
+          path: |
+            ${{ env.PACKAGE_FILE }}
+            ${{ env.PACKAGE_FILE }}.sig
+          retention-days: 3
+      - if: false
         run: npm publish --provenance --tag=4x
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/release-5.x.yml

@@ -27,12 +27,39 @@ jobs:
           default-branch: 5.x
 
       # If release-please created a release, publish to npm
-      - if: ${{ steps.release.outputs.release_created }}
+       - if: ${{ true }}
         uses: actions/checkout@v3
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: ${{ true }}
         name: actions/setup
         uses: ./.github/actions/setup
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: true
+        run: npm pack
+        shell: bash
+      - if: true
+        name: Get release version and release package file name
+        run: |
+          PACKAGE_VERSION=$(jq '.version' package.json | tr -d '"')
+          echo "PACKAGE_VERSION=${PACKAGE_VERSION}" >> "$GITHUB_ENV"
+          echo "PACKAGE_FILE=mongodb-${PACKAGE_VERSION}.tgz" >> "$GITHUB_ENV"
+      - if: true
+        name: Create detached signature
+        uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@main
+        with:
+          filenames: ${{ env.PACKAGE_FILE }}
+          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
+          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
+          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
+          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      - if: true
+        name: "Upload artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PACKAGE_FILE }}
+          path: |
+            ${{ env.PACKAGE_FILE }}
+            ${{ env.PACKAGE_FILE }}.sig
+          retention-days: 3
+      - if: false
         run: npm publish --provenance --tag=5x
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/release.yml

@@ -27,12 +27,42 @@ jobs:
           default-branch: main
 
       # If release-please created a release, publish to npm
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: ${{ true }}
         uses: actions/checkout@v3
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: ${{ true }}
         name: actions/setup
         uses: ./.github/actions/setup
-      - if: ${{ steps.release.outputs.release_created }}
+      - if: true
+        run: npm pack
+        shell: bash
+      - if: true
+        name: Get release version and release package file name
+        run: |
+          PACKAGE_VERSION=$(jq '.version' package.json | tr -d '"')
+          echo "PACKAGE_VERSION=${PACKAGE_VERSION}" >> "$GITHUB_ENV"
+          echo "PACKAGE_FILE=mongodb-${PACKAGE_VERSION}.tgz" >> "$GITHUB_ENV"
+      - if: true
+        name: Create detached signature
+        uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@main
+        with:
+          filenames: ${{ env.PACKAGE_FILE }}
+          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
+          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
+          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
+          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      - if: true
+        name: "Upload artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.PACKAGE_FILE }}
+          path: |
+            ${{ env.PACKAGE_FILE }}
+            ${{ env.PACKAGE_FILE }}.sig
+          retention-days: 3
+      - if: false
         run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+
+

README.md

@@ -20,6 +20,19 @@ The official [MongoDB](https://www.mongodb.com/) driver for Node.js.
 | Contributing             | [CONTRIBUTING.md](https://github.com/mongodb/node-mongodb-native/blob/HEAD/CONTRIBUTING.md)                                           |
 | Changelog                | [HISTORY.md](https://github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md)                                                     |
 
+
+### Release Integrity
+
+The GitHub release contains a detached signature file for the NPM package (named
+`mongodb-X.Y.Z.tgz.sig`).
+
+To verify the integrity of the downloaded package, run the following command:
+
+```shell
+gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
+```
+
+
 ### Bugs / Feature Requests
 
 Think you’ve found a bug? Want to see a new feature in `node-mongodb-native`? Please open a