From 384c03a8bd3f618be4a16e328a552e256515832f Mon Sep 17 00:00:00 2001
From: Jamis Buck <jamis.buck@mongodb.com>
Date: Thu, 24 Aug 2023 15:43:44 -0600
Subject: [PATCH] Prep for v7.5.4 (#5683)

* version bump

* no need to use Docker to check if a gem is signed
---
 Rakefile               | 25 +++++++++++++++++++++++++
 lib/mongoid/version.rb |  2 +-
 release.sh             | 22 ++--------------------
 release/mri/build.sh   |  5 +----
 4 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/Rakefile b/Rakefile
index dac321af7..c8ce790d2 100644
--- a/Rakefile
+++ b/Rakefile
@@ -11,6 +11,15 @@ $: << File.join(ROOT, 'spec/shared/lib')
 require "rake"
 require "rspec/core/rake_task"
 require 'mrss/spec_organizer'
+require 'rubygems/package'
+require 'rubygems/security/policies'
+
+def signed_gem?(path_to_gem)
+  Gem::Package.new(path_to_gem, Gem::Security::HighSecurity).verify
+  true
+rescue Gem::Security::Exception => e
+  false
+end
 
 $LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
 require "mongoid/version"
@@ -103,3 +112,19 @@ namespace :release do
     end
   end
 end
+
+desc 'Verifies that all built gems in pkg/ are valid'
+task :verify do
+  gems = Dir['pkg/*.gem']
+  if gems.empty?
+    puts 'There are no gems in pkg/ to verify'
+  else
+    gems.each do |gem|
+      if signed_gem?(gem)
+        puts "#{gem} is signed"
+      else
+        abort "#{gem} is not signed"
+      end
+    end
+  end
+end
diff --git a/lib/mongoid/version.rb b/lib/mongoid/version.rb
index 4dc4c3b04..16c0f3634 100644
--- a/lib/mongoid/version.rb
+++ b/lib/mongoid/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mongoid
-  VERSION = "7.5.3"
+  VERSION = "7.5.4"
 end
diff --git a/release.sh b/release.sh
index 3cc07b8ff..39554e854 100755
--- a/release.sh
+++ b/release.sh
@@ -17,32 +17,14 @@ VERSION=`ruby -Ilib -r$VERSION_REQUIRE -e "puts $VERSION_CONSTANT_NAME"`
 echo "Releasing $NAME $VERSION"
 echo
 
-for variant in mri; do
-  docker build -f release/$variant/Dockerfile -t $RELEASE_NAME-$variant .
-
-  docker kill $RELEASE_NAME-$variant || true
-  docker container rm $RELEASE_NAME-$variant || true
-
-  docker run -d --name $RELEASE_NAME-$variant -it $RELEASE_NAME-$variant
-
-  docker exec $RELEASE_NAME-$variant /app/release/$variant/build.sh
-
-  if test $variant = jruby; then
-    docker cp $RELEASE_NAME-$variant:/app/pkg/$NAME-$VERSION-java.gem .
-  else
-    docker cp $RELEASE_NAME-$variant:/app/pkg/$NAME-$VERSION.gem .
-  fi
-
-  docker kill $RELEASE_NAME-$variant
-done
+./release/mri/build.sh
+cp pkg/$NAME-$VERSION.gem .
 
 echo
 echo Built: $NAME-$VERSION.gem
-#echo Built: $NAME-$VERSION-java.gem
 echo
 
 git tag -a v$VERSION -m "Tagging release: $VERSION"
 git push origin v$VERSION
 
 gem push $NAME-$VERSION.gem
-#gem push $NAME-$VERSION-java.gem
diff --git a/release/mri/build.sh b/release/mri/build.sh
index 5f00c14dc..c751dc787 100755
--- a/release/mri/build.sh
+++ b/release/mri/build.sh
@@ -4,7 +4,4 @@ set -e
 
 rm -f *.lock
 rm -f *.gem pkg/*.gem
-bundle install --without=test
-# Uses bundler gem tasks, outputs the built gem file to pkg subdir.
-rake build
-/app/release/verify-signature.sh pkg/*.gem
+rake build verify