From 38be4ab50966960ce90c627445fb82fcbaef5c6d Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Tue, 28 May 2024 14:21:11 -0400
Subject: [PATCH 1/6] ready for review

---
 .../compress_sign_and_upload/action.yml       | 42 +++++++++++++++++++
 .github/workflows/release.yml                 | 25 +++++++----
 readme.md                                     | 18 ++++++++
 3 files changed, 77 insertions(+), 8 deletions(-)
 create mode 100644 .github/actions/compress_sign_and_upload/action.yml

diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
new file mode 100644
index 0000000..dc44085
--- /dev/null
+++ b/.github/actions/compress_sign_and_upload/action.yml
@@ -0,0 +1,42 @@
+name: Compress and Sign
+description: 'Compresses package and signs with garasign'
+
+inputs: 
+    garasign_username:
+      description: 'Garasign username input for drivers-github-tools/garasign/gpg-sign'
+      required: true
+    garasign_password:
+      description: 'Garasign password input for drivers-github-tools/garasign/gpg-sign'
+      required: true
+    artifactory_username:
+      description: 'Artifactory username input for drivers-github-tools/garasign/gpg-sign'
+      required: true
+    artifactory_password:
+      description: 'Artifactory password input for drivers-github-tools/garasign/gpg-sign'
+      required: true
+
+runs:
+  using: composite
+  steps:
+    - run: npm pack
+      shell: bash
+
+    - name: Get release version and release package file name
+      id: vars
+      shell: bash
+      run: |
+        package_version=$(jq --raw-output '.version' package.json)
+        echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+        echo "package_file=mongodb-legacy-${package_version}.tgz" >> "$GITHUB_OUTPUT"
+    - name: Create detached signature
+      uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1
+      with:
+        filenames: ${{ steps.vars.package_file }}
+        garasign_username: ${{ inputs.garasign_username }}
+        garasign_password: ${{ inputs.garasign_password }}
+        artifactory_username: ${{ inputs.artifactory_username }}
+        artifactory_password: ${{ inputs.artifactory_password }}
+
+    - name: "Upload release artifacts"
+      run: gh release upload v${{ steps.vars.package_version }} ${{ steps.vars.package_file }}.sig
+      shell: bash
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b58b4a4..1606804 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,19 +11,28 @@ permissions:
 name: release
 
 jobs:
-  release-please:
+  release_please:
     runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
     steps:
       - id: release
         uses: google-github-actions/release-please-action@v4
 
-      # If release-please created a release, publish to npm
-      - if: ${{ steps.release.outputs.release_created }}
-        uses: actions/checkout@v4
-      - if: ${{ steps.release.outputs.release_created }}
-        name: actions/setup
+  compress_sign_and_upload:
+    needs: [release_please]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: actions/setup
         uses: ./.github/actions/setup
-      - if: ${{ steps.release.outputs.release_created }}
-        run: npm publish --provenance
+      - name: actions/compress_sign_and_upload
+        uses: ./.github/actions/compress_sign_and_upload
+        with: 
+          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
+          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
+          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
+          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+      - run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/readme.md b/readme.md
index bf33ce4..7470c9e 100644
--- a/readme.md
+++ b/readme.md
@@ -62,6 +62,24 @@ In your existing project add `mongodb-legacy` to your `package.json` with the fo
 npm install mongodb-legacy
 ```
 
+	
+### Release Integrity
+
+The GitHub release contains a detached signature file for the NPM package (named
+`bson-X.Y.Z.tgz.sig`).
+
+The following command returns the link npm package. 
+```shell
+npm view mongodb@vX.Y.Z dist.tarball 
+```
+
+Using the result of the above command, a `curl` command can return the official npm package for the release.
+
+To verify the integrity of the downloaded package, run the following command:
+```shell
+gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
+```
+
 ### Versioning
 
 We recommend replacing your `mongodb` dependency with this one.

From 356c12e24cea0ea20ea5e00a441e038b161d7d60 Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Tue, 28 May 2024 14:22:06 -0400
Subject: [PATCH 2/6] read me lint fix

---
 readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.md b/readme.md
index 7470c9e..fc7c1e4 100644
--- a/readme.md
+++ b/readme.md
@@ -66,18 +66,18 @@ npm install mongodb-legacy
 ### Release Integrity
 
 The GitHub release contains a detached signature file for the NPM package (named
-`bson-X.Y.Z.tgz.sig`).
+`mongodb-legacy-X.Y.Z.tgz.sig`).
 
 The following command returns the link npm package. 
 ```shell
-npm view mongodb@vX.Y.Z dist.tarball 
+npm view mongodb-legacy@vX.Y.Z dist.tarball 
 ```
 
 Using the result of the above command, a `curl` command can return the official npm package for the release.
 
 To verify the integrity of the downloaded package, run the following command:
 ```shell
-gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
+gpg --verify mongodb-legacy-X.Y.Z.tgz.sig mongodb-legacy-X.Y.Z.tgz
 ```
 
 ### Versioning

From cfaefdcd369a87e83abe24ecbdc3f9da864f95a9 Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Tue, 28 May 2024 17:00:18 -0400
Subject: [PATCH 3/6] variable access fixed

---
 .github/actions/compress_sign_and_upload/action.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
index dc44085..cc4900e 100644
--- a/.github/actions/compress_sign_and_upload/action.yml
+++ b/.github/actions/compress_sign_and_upload/action.yml
@@ -22,7 +22,7 @@ runs:
       shell: bash
 
     - name: Get release version and release package file name
-      id: vars
+      id: get_vars
       shell: bash
       run: |
         package_version=$(jq --raw-output '.version' package.json)
@@ -31,12 +31,14 @@ runs:
     - name: Create detached signature
       uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1
       with:
-        filenames: ${{ steps.vars.package_file }}
+        filenames: ${{ steps.get_vars.outputs.package_file }}
         garasign_username: ${{ inputs.garasign_username }}
         garasign_password: ${{ inputs.garasign_password }}
         artifactory_username: ${{ inputs.artifactory_username }}
         artifactory_password: ${{ inputs.artifactory_password }}
 
     - name: "Upload release artifacts"
-      run: gh release upload v${{ steps.vars.package_version }} ${{ steps.vars.package_file }}.sig
-      shell: bash
\ No newline at end of file
+      run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}

From 0b636a3a6cfcb30f4b680d7d4f8136f23f3a019f Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Wed, 29 May 2024 17:29:06 -0400
Subject: [PATCH 4/6] fix conditional job

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1606804..357c2ea 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,6 +21,7 @@ jobs:
 
   compress_sign_and_upload:
     needs: [release_please]
+    if: ${{ needs.release_please.outputs.release_created }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

From 6e3633618dba510f13832abb5e16b29a316371c7 Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Mon, 3 Jun 2024 17:45:03 -0400
Subject: [PATCH 5/6] migrate to v2

---
 .../compress_sign_and_upload/action.yml       | 40 ++++++++++++-------
 .github/workflows/release.yml                 |  9 +++--
 2 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
index cc4900e..32b21f7 100644
--- a/.github/actions/compress_sign_and_upload/action.yml
+++ b/.github/actions/compress_sign_and_upload/action.yml
@@ -2,17 +2,17 @@ name: Compress and Sign
 description: 'Compresses package and signs with garasign'
 
 inputs: 
-    garasign_username:
-      description: 'Garasign username input for drivers-github-tools/garasign/gpg-sign'
+    aws_role_arn:
+      description: 'AWS role input for drivers-github-tools/gpg-sign@v2'
       required: true
-    garasign_password:
-      description: 'Garasign password input for drivers-github-tools/garasign/gpg-sign'
+    aws_region_name:
+      description: 'AWS region name input for drivers-github-tools/gpg-sign@v2'
       required: true
-    artifactory_username:
-      description: 'Artifactory username input for drivers-github-tools/garasign/gpg-sign'
+    aws_secret_id:
+      description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2'
       required: true
-    artifactory_password:
-      description: 'Artifactory password input for drivers-github-tools/garasign/gpg-sign'
+    npm_package_name:
+      description: 'The name for the npm package this repository represents'
       required: true
 
 runs:
@@ -27,15 +27,25 @@ runs:
       run: |
         package_version=$(jq --raw-output '.version' package.json)
         echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-        echo "package_file=mongodb-legacy-${package_version}.tgz" >> "$GITHUB_OUTPUT"
+        echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT"
+
+    - name: Set up drivers-github-tools
+      uses: mongodb-labs/drivers-github-tools/setup@v2
+      with: 
+        aws_region_name: ${{ inputs.aws_region_name }}
+        aws_role_arn: ${{ inputs.aws_role_arn }}
+        aws_secret_id: ${{ inputs.aws_secret_id }}
+
     - name: Create detached signature
-      uses: mongodb-labs/drivers-github-tools/garasign/gpg-sign@v1
-      with:
+      uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
+      with: 
         filenames: ${{ steps.get_vars.outputs.package_file }}
-        garasign_username: ${{ inputs.garasign_username }}
-        garasign_password: ${{ inputs.garasign_password }}
-        artifactory_username: ${{ inputs.artifactory_username }}
-        artifactory_password: ${{ inputs.artifactory_password }}
+      env: 
+        RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig
+
+    - name: Name release asset correctly 
+      run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig
+      shell: bash
 
     - name: "Upload release artifacts"
       run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 357c2ea..45eb7c3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,6 +22,7 @@ jobs:
   compress_sign_and_upload:
     needs: [release_please]
     if: ${{ needs.release_please.outputs.release_created }}
+    environment: release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -30,10 +31,10 @@ jobs:
       - name: actions/compress_sign_and_upload
         uses: ./.github/actions/compress_sign_and_upload
         with: 
-          garasign_username: ${{ secrets.GRS_CONFIG_USER1_USERNAME }}
-          garasign_password: ${{ secrets.GRS_CONFIG_USER1_PASSWORD }}
-          artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
-          artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: 'us-east-1'
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          npm_package_name: 'mongodb-legacy'
       - run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

From 2d4f31dac51fb44815862252552d9f5ebedf1551 Mon Sep 17 00:00:00 2001
From: Aditi Khare <aditi.khare@mongodb.com>
Date: Wed, 5 Jun 2024 13:46:34 -0400
Subject: [PATCH 6/6] requested changes

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 45eb7c3..4dc3009 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
       release_created: ${{ steps.release.outputs.release_created }}
     steps:
       - id: release
-        uses: google-github-actions/release-please-action@v4
+        uses: googleapis/release-please-action@v4
 
   compress_sign_and_upload:
     needs: [release_please]