Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUST-1921 Sign crate on release #1095

Merged
merged 4 commits into from
May 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 0 additions & 18 deletions .evergreen/release-build-papertrail-vars.sh

This file was deleted.

29 changes: 29 additions & 0 deletions .evergreen/release-build-vars.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/bin/bash

set -o errexit
set -o pipefail

source ./.evergreen/env.sh

set +x

CRATE_VERSION=$(cargo metadata --format-version=1 --no-deps | jq --raw-output '.packages[0].version')

. ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/rust
rm secrets-export.sh

PAPERTRAIL_PRODUCT="rust-driver"
if [[ "${DRY_RUN}" == "yes" ]]; then
PAPERTRAIL_PRODUCT="rust-driver-testing"
fi

cat <<EOT >release-expansion.yml
CRATE_VERSION: "${CRATE_VERSION}"
PAPERTRAIL_KEY_ID: "${PAPERTRAIL_KEY_ID}"
PAPERTRAIL_SECRET_KEY: "${PAPERTRAIL_SECRET_KEY}"
PAPERTRAIL_PRODUCT: "${PAPERTRAIL_PRODUCT}"
ARTIFACTORY_USERNAME: "${ARTIFACTORY_USERNAME}"
ARTIFACTORY_PASSWORD: "${ARTIFACTORY_PASSWORD}"
GARASIGN_USERNAME: "${GARASIGN_USERNAME}"
GARASIGN_PASSWORD: "${GARASIGN_PASSWORD}"
EOT
17 changes: 17 additions & 0 deletions .evergreen/release-sign.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash

set -o errexit
set +x

echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username ${ARTIFACTORY_USERNAME} artifactory.corp.mongodb.com

echo "GRS_CONFIG_USER1_USERNAME=${GARASIGN_USERNAME}" >> "signing-envfile"
echo "GRS_CONFIG_USER1_PASSWORD=${GARASIGN_PASSWORD}" >> "signing-envfile"

docker run \
--env-file=signing-envfile \
--rm \
-v $(pwd):$(pwd) \
-w $(pwd) \
artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-gpg \
/bin/bash -c "gpgloader && gpg --yes -v --armor -o mongodb-${CRATE_VERSION}.sig --detach-sign target/package/mongodb-${CRATE_VERSION}.crate"
42 changes: 31 additions & 11 deletions .evergreen/releases.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,26 +90,27 @@ functions:
args:
- .evergreen/fetch-drivers-tools.sh

"build papertrail vars":
"build vars":
- command: ec2.assume_role
params:
role_arn: ${aws_test_secrets_role}

- command: subprocess.exec
params:
working_dir: src
include_expansions_in_env:
- DRIVERS_TOOLS
- DRY_RUN
- GIT_TAG
add_expansions_to_env: true
binary: bash
args:
- .evergreen/release-build-papertrail-vars.sh
- .evergreen/release-build-vars.sh

- command: expansions.update
params:
file: src/papertrail-expansion.yml
file: src/release-expansion.yml

- command: shell.exec
params:
working_dir: "src"
script: rm papertrail-expansion.yml
script: rm release-expansion.yml

"fetch tag":
command: subprocess.exec
Expand Down Expand Up @@ -137,19 +138,38 @@ functions:
key_id: ${PAPERTRAIL_KEY_ID}
secret_key: ${PAPERTRAIL_SECRET_KEY}
product: ${PAPERTRAIL_PRODUCT}
version: ${GIT_TAG}
version: ${CRATE_VERSION}
filenames:
- src/target/package/mongodb-*.crate
- src/target/package/mongodb-${CRATE_VERSION}.crate

"sign release":
- command: subprocess.exec
params:
working_dir: "src"
include_expansions_in_env:
- ARTIFACTORY_USERNAME
- ARTIFACTORY_PASSWORD
- GARASIGN_USERNAME
- GARASIGN_PASSWORD
- CRATE_VERSION
binary: bash
args:
- .evergreen/release-sign.sh

"save signature":
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a hack; once DEVPROD-7047 is done this can just be an s3.put of the signature file specifically and then we can include it in github releases / link to the URL / whatever.

command: s3.push

tasks:
- name: "publish-release"
commands:
- func: "fetch source"
- func: "install dependencies"
- func: "fetch tag"
- func: "build papertrail vars"
- func: "build vars"
- func: "publish release"
- func: "publish papertrail"
- func: "sign release"
- func: "save signature"

axes:
- id: "os"
Expand Down