Skip to content
build

feat(NODE-6161): Sign Releases #2

Sign in to view logs

feat(NODE-6161): Sign Releases

feat(NODE-6161): Sign Releases #2

Workflow file for this run

.github/workflows/build.yml at 651755e
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch: {}
permissions:
contents: write
pull-requests: write
id-token: write
name: build
jobs:
host_builds:
strategy:
matrix:
os: [macos-11, macos-latest, windows-2019]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Build ${{ matrix.os }} Prebuild
run: node .evergreen/scripts/github/run-prebuild.sh ${{ runner.os == 'Windows' && '--build' || '' }}
shell: bash
- id: upload
name: Upload prebuild
uses: actions/upload-artifact@v4
with:
name: build-${{ matrix.os }}
path: prebuilds/
if-no-files-found: 'error'
retention-days: 1
compression-level: 0
container_builds:
outputs:
artifact_id: ${{ steps.upload.outputs.artifact-id }}
runs-on: ubuntu-latest
strategy:
matrix:
linux_arch: [s390x, arm64, amd64]
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Run Buildx
run: |
docker buildx create --name builder --bootstrap --use
docker buildx build --platform linux/${{ matrix.linux_arch }} --output type=local,dest=./prebuilds,platform-split=false -f ./.github/docker/Dockerfile.glibc .
- id: upload
name: Upload prebuild
uses: actions/upload-artifact@v4
with:
name: build-linux-${{ matrix.linux_arch }}
path: prebuilds/
if-no-files-found: 'error'
retention-days: 1
compression-level: 0
sign_and_upload_build_files:
needs: [host_builds, container_builds]
runs-on: ubuntu-latest
environment: release
steps:
- name: Make signatures directory
run: mkdir artifacts
- name: Make signatures directory
run: mkdir artifacts
- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: 'us-east-1'
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
- name: Create detached signature
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: 'build-*/*.tar.gz'
env:
RELEASE_ASSETS: artifacts/
- name: Display structure of downloaded files
run: ls -la artifacts/
- name: Get release version and release package file name
id: get_vars
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
- name: "Upload release artifacts"
run: gh release upload v${{ steps.get_vars.outputs.package_version }} artifacts/*.sig --clobber
env:
GH_TOKEN: ${{ github.token }}