Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(NODE-6158): add signature to github releases #37

Merged
merged 6 commits into from
Jun 5, 2024
Merged

feat(NODE-6158): add signature to github releases #37

merged 6 commits into from
Jun 5, 2024

Conversation

aditi-khare-mongoDB
Copy link
Contributor

@aditi-khare-mongoDB aditi-khare-mongoDB commented May 28, 2024
edited
Loading

Description

Sign releases in legacy driver.

What is changing?

Automate release signing with a detached signature and verification instructions in the README.
Link to an example of release signatures working with v2 (if you check the artifact link at the end of the compress_sign step, you can see the signature)

Is there new documentation needed for these changes?

No

What is the motivation for this change?

SSDLC Compliance

Release Highlight

Add Signature to Github Releases

The Github release for mongodb-legacy now contains a detached signature file for the NPM package (named
mongodb-legacy-X.Y.Z.tgz.sig), on every major and patch release. To verify the signature, follow the instructions in the 'Release Integrity' section of the README.md file.

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@aditi-khare-mongoDB aditi-khare-mongoDB changed the title feat(NODE-6158): Sign Releases feat(NODE-6158): add signature to github releases May 28, 2024
@W-A-James W-A-James self-assigned this Jun 3, 2024
@W-A-James W-A-James self-requested a review June 4, 2024 17:40
W-A-James
W-A-James reviewed Jun 4, 2024
View reviewed changes
Copy link
Contributor

@W-A-James W-A-James left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one question

.github/workflows/release.yml Outdated Show resolved Hide resolved
@W-A-James
Copy link
Contributor

Also just need to update the PR description since we did end up migrating to the v2 action

@W-A-James W-A-James merged commit 0e007f5 into main Jun 5, 2024
8 checks passed
@W-A-James W-A-James deleted the NODE-6158/sign-releases branch June 5, 2024 21:23
@github-actions github-actions bot mentioned this pull request Jun 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@W-A-James W-A-James W-A-James approved these changes

Assignees

@W-A-James W-A-James

Labels
Team Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aditi-khare-mongoDB @W-A-James