PHPC-2391: Update drivers tools to v2 #1573
Conversation
| @@ -8,10 +8,24 @@ on: | |||
| | |||
| jobs: | |||
| build-pecl: | |||
| environment: release | |||
There was a problem hiding this comment.
The environment safeguards credentials as they won't be available to other CI jobs. In addition to that, we can add extra checks to releases, e.g. requirements for reviews, time delays, etc.
There was a problem hiding this comment.
| name: "Create PECL package" | ||
| runs-on: "ubuntu-latest" | ||
| permissions: | ||
| id-token: write |
There was a problem hiding this comment.
This permission is necessary so the new token can be generated.
| garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }} | ||
| garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} | ||
| artifactory_username: ${{ secrets.ARTIFACTORY_USER }} | ||
| artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} |
There was a problem hiding this comment.
These are now automatically configured through the setup action.
| id-token: write | ||
| contents: write |
There was a problem hiding this comment.
id-token is necessary for the temporary token, contents in order to push the commit and tag.
| - name: "Set git author information" | ||
| run: | | ||
| git config user.name "${GIT_AUTHOR_NAME}" | ||
| git config user.email "${GIT_AUTHOR_EMAIL}" | ||
| |
There was a problem hiding this comment.
This is automatically done by the setup action.
| garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }} | ||
| artifactory_username: ${{ secrets.ARTIFACTORY_USER }} | ||
| artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
| command: "$(pwd)/.github/workflows/commit-and-tag.sh ${{ env.PACKAGE_VERSION }} ${{ env.GPG_KEY_ID }} tag-message" |
There was a problem hiding this comment.
Note: the GPG key ID is no longer set in the environment but instead retrieved from the AWS secrets manager, and the setup action exposes it through an env var.
Is this even a concern? IIRC, we never used the release automation to make a 1.18.x release. Would it make sense to remove those workflow configs from the v1.18 branch if they can't be used? |
Not really - I just wanted to leave the info somewhere.
We could - OTOH it would entail a manual merge-up to work around the automation. |
| @@ -8,10 +8,24 @@ on: | |||
| | |||
| jobs: | |||
| build-pecl: | |||
| environment: release | |||
There was a problem hiding this comment.
PHPC-2391
This PR updates drivers-github-tools to v2 and makes the necessary adjustments. Alongside with those changes, this now removes the old fixed token in favour of generating a temporary token for the mongodb-dbx-release-bot app. The release commit and tags will be attributed to this bot in future, as it will be for other drivers.
I've tested these changes in my fork and applied the same configuration here. Note that once this PR is merged and we remove the old configuration, releases for 1.18 will no longer work!