-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathaction.yml
88 lines (77 loc) · 2.86 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: Compress, Sign and Upload to GH Release
description: "Compresses package and signs with garasign and uploads to GH release"
inputs:
aws_role_arn:
description: "AWS role input for drivers-github-tools/gpg-sign@v2"
required: true
aws_region_name:
description: "AWS region name input for drivers-github-tools/gpg-sign@v2"
required: true
aws_secret_id:
description: "AWS secret id input for drivers-github-tools/gpg-sign@v2"
required: true
npm_package_name:
description: "The name for the npm package this repository represents"
required: true
dry_run:
description: "Should we upload files to the release?"
required: false
default: "false"
artifact_directory:
description: The directory in which to output signatures.
default: artifacts
sign_native:
description: Download and sign native packages
default: "false"
runs:
using: composite
steps:
- uses: actions/download-artifact@v4
if: ${{ inputs.sign_native == 'true' }}
- run: npm pack
shell: bash
- name: Make signatures directory
shell: bash
run: |
mkdir ${{ inputs.artifact_directory }}
- name: Load version and package info
uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
with:
npm_package_name: ${{ inputs.npm_package_name }}
- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_region_name: ${{ inputs.aws_region_name }}
aws_role_arn: ${{ inputs.aws_role_arn }}
aws_secret_id: ${{ inputs.aws_secret_id }}
- name: Determine what files to sign (native packages, works with glob patterns of build artifacts)
if: ${{ inputs.sign_native == 'true' }}
shell: bash
run: |
# all prebuilds
FILENAMES=$(find build-* -type f -name '*.tar.gz' | tr '\n' ' ')
FILENAMES="$FILENAMES ${{ env.package_file }}"
echo "FILES_TO_SIGN=${FILENAMES}" >> "$GITHUB_ENV"
- name: Determine what files to sign (non-native packages, with only the release tarball)
if: ${{ inputs.sign_native != 'true' }}
shell: bash
run: |
FILENAMES="${{ env.package_file }}"
echo "FILES_TO_SIGN=${FILENAMES}" >> "$GITHUB_ENV"
- name: Create detached signature
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: ${{ env.FILES_TO_SIGN }}
env:
RELEASE_ASSETS: ${{ inputs.artifact_directory }}
- name: Copy the tarballs to the artifacts directory
shell: bash
run: |
for filename in ${{ env.FILES_TO_SIGN }}; do cp ${filename} artifacts/; done
ls -la artifacts/
- name: "Upload release artifacts"
if: ${{ inputs.dry_run == 'false' }}
run: gh release upload v${{ env.package_version }} artifacts/*.*
shell: bash
env:
GH_TOKEN: ${{ github.token }}