Fix version handling and make some secrets optional (#19)

Author: blink1073

.github/workflows/update-action-tag.yml

@@ -35,12 +35,12 @@ jobs:
  run: |
  export VERSION=$(cat .github/workflows/version.txt)
  echo "VERSION=$VERSION" >> $GITHUB_ENV
- git push origin ":${VERSION}"
+ git push origin ":v${VERSION}"
 
  - name: Create a new signed tag
  uses: mongodb-labs/drivers-github-tools/git-sign@v2
  with:
- command: git tag -m "Update tag" -s --local-user=${{ env.GPG_KEY_ID }} ${{ env.VERSION }}"
+ command: git tag -m "Update tag" -s --local-user=${{ env.GPG_KEY_ID }} v${{ env.VERSION }}"
 
  - name: Push the tag
  run:

README.md

@@ -26,6 +26,11 @@ The action requires `id-token: write` permissions.
 > You *must* use the `actions/checkout` action prior to calling the `setup` action,
 > Since the `setup` action sets up git config that would be overridden by the
 > `actions/checkout action`
+>
+> The following keys MUST be defined in the ``AWS_SECRET_ID`` vault:
+> `artifactory-username`, `artifactory-password`, `garasign-username`
+> `garasign-password`, `gpg-key-id`. If uploading to an S3 bucket, also define
+> `release-assets-bucket`.
 
 ## Signing tools
 

setup/setup.sh

@@ -30,9 +30,9 @@ mkdir $S3_ASSETS
 
 echo "Set up global variables"
 cat <<EOF >> $GITHUB_ENV
-AWS_BUCKET=$RELEASE_ASSETS_BUCKET
+AWS_BUCKET=${RELEASE_ASSETS_BUCKET:-}"
 GPG_KEY_ID=$GPG_KEY_ID
-GPG_PUBLIC_URL=$GPG_PUBLIC_URL
+GPG_PUBLIC_URL=${GPG_PUBLIC_URL:-}"
 GARASIGN_ENVFILE=$GARASIGN_ENVFILE
 ARTIFACTORY_REGISTRY=$ARTIFACTORY_REGISTRY
 RELEASE_ASSETS=$RELEASE_ASSETS