Important
This Repository is NOT a supported MongoDB product
This repository contains GitHub Actions that are common to drivers.
The actions in the garasign folder are used to sign artifacts using the team's GPG key.
Use this action to create signed git artifacts:
- name: "Create signed commit" uses: mongodb/drivers-github-tools/garasign/git-sign@main with: command: "git commit -m 'Commit' -s --gpg-sign=${{ vars.GPG_KEY_ID }}" garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} artifactory_username: ${{ secrets.ARTIFACTORY_USER }} artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} - name: "Create signed tag" uses: mongodb/drivers-github-tools/garasign/git-sign@main with: command: "git tag -m 'Tag' -s --local-user=${{ vars.GPG_KEY_ID }} <tag>" garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} artifactory_username: ${{ secrets.ARTIFACTORY_USER }} artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} skip_setup: trueIf the action is used multiple times within the same job, the skip_setup option can be set to a truthy value to avoid unnecessary logins to artifactory.
This action is used to create detached signatures for files:
- name: "Create detached signature" uses: mongodb/drivers-github-tools/garasign/gpg-sign@main with: filenames: somefile.ext garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} artifactory_username: ${{ secrets.ARTIFACTORY_USER }} artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}The action will create a signature file somefile.ext.sig in the working directory. If the action is used multiple times within the same job, the skip_setup option can be set to a truthy value to avoid unnecessary logins to artifactory.
You can also supply multiple space-separated filenames to sign a list of files:
- name: "Create detached signature" uses: mongodb/drivers-github-tools/garasign/gpg-sign@main with: filenames: somefile.ext someotherfile.txt garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} artifactory_username: ${{ secrets.ARTIFACTORY_USER }} artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}The following tools are meant to aid in generating Software Security Development Lifecycle reports associated with a product release.
This action will create a record of authorized publication on distribution channels. By default it will create a "papertrail.txt" file in the current directory.
- name: "Create papertrail report" uses: mongodb/drivers-github-tools/papertrail@main with: product_name: Mongo Python Driver release_version: ${{ github.ref_name }} filenames: $DIST_FILES token: ${{ github.token }}