Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(NODE-6157): add signature to github releases #4119

Merged
merged 9 commits into from
Jun 3, 2024
Merged

feat(NODE-6157): add signature to github releases #4119

merged 9 commits into from
Jun 3, 2024

Conversation

aditi-khare-mongoDB
Copy link
Contributor

@aditi-khare-mongoDB aditi-khare-mongoDB commented May 23, 2024
edited
Loading

Description

Sign releases in both 5.x and 6.x

What is changing?

Automate release signing with a detached signature and verification instructions in the README.
Link to an example of release signatures working with v2 (if you check the artifact link at the end of the compress_sign step, you can see the signature)

Is there new documentation needed for these changes?

No

What is the motivation for this change?

SSDLC Compliance

Release Highlight

Add Signature to Github Releases

The Github release for the mongodb package now contains a detached signature file for the NPM package (named
mongodb-X.Y.Z.tgz.sig), on every major and patch release to 6.x and 5.x. To verify the signature, follow the instructions in the 'Release Integrity' section of the README.md file.

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@aditi-khare-mongoDB aditi-khare-mongoDB marked this pull request as ready for review May 23, 2024 21:48
@aditi-khare-mongoDB aditi-khare-mongoDB changed the title feat(NODE-5167): Sign Releases feat(NODE-6157): Sign Releases May 24, 2024
@W-A-James W-A-James self-assigned this May 24, 2024
@W-A-James W-A-James added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label May 24, 2024
@aditi-khare-mongoDB aditi-khare-mongoDB changed the title feat(NODE-6157): Sign Releases feat(NODE-6157): Add Signature to Github Releases May 28, 2024
@aditi-khare-mongoDB aditi-khare-mongoDB changed the title feat(NODE-6157): Add Signature to Github Releases feat(NODE-6157): add signature to github releases May 28, 2024
W-A-James
W-A-James previously approved these changes May 29, 2024
View reviewed changes
@W-A-James W-A-James added Team Review Needs review from team Primary Review In Review with primary reviewer, not yet ready for team's eyes and removed Primary Review In Review with primary reviewer, not yet ready for team's eyes Team Review Needs review from team labels May 29, 2024
@W-A-James W-A-James dismissed their stale review May 29, 2024 19:27

outdated, pending other fixes

W-A-James
W-A-James previously approved these changes May 31, 2024
View reviewed changes
@W-A-James W-A-James added Team Review Needs review from team and removed Primary Review In Review with primary reviewer, not yet ready for team's eyes labels May 31, 2024
@baileympearson
Copy link
Contributor

Do we have an example of a successful signing using the gpg-sign v2 action? Either here or from js-bson would be fine since I assume the scripts are almost identical.

@aditi-khare-mongoDB
Copy link
Contributor Author

@baileympearson Just added a link to an example in the PR description!

@W-A-James W-A-James merged commit f38c5fe into main Jun 3, 2024
29 of 33 checks passed
@W-A-James W-A-James deleted the NODE-5167/sign-releases branch June 3, 2024 15:56
@github-actions github-actions bot mentioned this pull request Jun 3, 2024
Merged
@snyk-io snyk-io bot mentioned this pull request Jul 18, 2024
Open
@akanchhaS akanchhaS mentioned this pull request Jul 19, 2024
Open
@prernaadev01 prernaadev01 mentioned this pull request Jul 19, 2024
Open
@issam-seghir issam-seghir mentioned this pull request Jul 19, 2024
Open
@NotZarifGithub NotZarifGithub mentioned this pull request Jul 19, 2024
Open
@lryanle lryanle mentioned this pull request Jul 19, 2024
Open
@kazimanzurrashid kazimanzurrashid mentioned this pull request Jul 19, 2024
Open
@MohammadGhajari MohammadGhajari mentioned this pull request Jul 19, 2024
Open
@Habibullohnuriddin Habibullohnuriddin mentioned this pull request Jul 19, 2024
Open
@lydmoon lydmoon mentioned this pull request Jul 19, 2024
Open
@mkusztal mkusztal mentioned this pull request Jul 19, 2024
Open
@brutussegun brutussegun mentioned this pull request Jul 19, 2024
Open
@akashkumar8115 akashkumar8115 mentioned this pull request Jul 20, 2024
Open
@tarun2001jawla tarun2001jawla mentioned this pull request Jul 20, 2024
Open
@aliakseikrauchanka aliakseikrauchanka mentioned this pull request Jul 20, 2024
Merged
@fettahogluhande fettahogluhande mentioned this pull request Jul 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baileympearson baileympearson baileympearson approved these changes

@W-A-James W-A-James W-A-James approved these changes

@alcaeus alcaeus Awaiting requested review from alcaeus

Assignees

@W-A-James W-A-James

Labels
Team Review Needs review from team
Projects
None yet
Milestone
No milestone
4 participants
@aditi-khare-mongoDB @baileympearson @alcaeus @W-A-James