From 92d753073a1338cad10947a6be5d8939048e318e Mon Sep 17 00:00:00 2001 From: Abraham Egnor Date: Thu, 2 May 2024 10:11:34 -0400 Subject: [PATCH 1/4] testability --- .evergreen/releases.yml | 2 +- Cargo.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.evergreen/releases.yml b/.evergreen/releases.yml index 3fba2263f..2ba95b625 100644 --- a/.evergreen/releases.yml +++ b/.evergreen/releases.yml @@ -146,7 +146,7 @@ tasks: commands: - func: "fetch source" - func: "install dependencies" - - func: "fetch tag" + #- func: "fetch tag" - func: "build papertrail vars" - func: "publish release" - func: "publish papertrail" diff --git a/Cargo.toml b/Cargo.toml index fc3628270..525a25d68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -63,11 +63,11 @@ in-use-encryption-unstable = ["dep:mongocrypt", "dep:rayon", "dep:num_cpus"] tracing-unstable = ["dep:tracing", "dep:log"] [dependencies] -action_macro = { path = "action_macro" } +action_macro = { path = "action_macro", version = "0.1" } async-trait = "0.1.42" base64 = "0.13.0" bitflags = "1.1.0" -bson = { git = "https://github.com/mongodb/bson-rust", branch = "main" } +bson = { git = "https://github.com/mongodb/bson-rust", branch = "main", version = "2.10" } chrono = { version = "0.4.7", default-features = false, features = ["clock", "std"] } derivative = "2.1.1" derive_more = "0.99.17" @@ -81,7 +81,7 @@ hmac = "0.12.1" once_cell = "1.19.0" log = { version = "0.4.17", optional = true } md-5 = "0.10.1" -mongocrypt = { git = "https://github.com/mongodb/libmongocrypt-rust.git", branch = "main", optional = true } +mongocrypt = { git = "https://github.com/mongodb/libmongocrypt-rust.git", branch = "main", optional = true, version = "0.1" } num_cpus = { version = "1.13.1", optional = true } openssl = { version = "0.10.38", optional = true } openssl-probe = { version = "0.1.5", optional = true } From c502b3c6d19962687e4ea888d7d646e7c3ff7b54 Mon Sep 17 00:00:00 2001 From: Abraham Egnor Date: Fri, 3 May 2024 14:19:35 -0400 Subject: [PATCH 2/4] RUST-1921 Sign crate on release --- .evergreen/release-build-papertrail-vars.sh | 18 --------- .evergreen/release-build-vars.sh | 29 ++++++++++++++ .evergreen/release-sign.sh | 17 +++++++++ .evergreen/releases.yml | 42 +++++++++++++++------ 4 files changed, 77 insertions(+), 29 deletions(-) delete mode 100644 .evergreen/release-build-papertrail-vars.sh create mode 100644 .evergreen/release-build-vars.sh create mode 100644 .evergreen/release-sign.sh diff --git a/.evergreen/release-build-papertrail-vars.sh b/.evergreen/release-build-papertrail-vars.sh deleted file mode 100644 index 7e64f2bf8..000000000 --- a/.evergreen/release-build-papertrail-vars.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -o errexit -set +x - -. ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/rust -rm secrets-export.sh - -PAPERTRAIL_PRODUCT="rust-driver" -if [[ "${DRY_RUN}" == "yes" ]]; then - PAPERTRAIL_PRODUCT="rust-driver-testing" -fi - -cat <papertrail-expansion.yml -PAPERTRAIL_KEY_ID: "${PAPERTRAIL_KEY_ID}" -PAPERTRAIL_SECRET_KEY: "${PAPERTRAIL_SECRET_KEY}" -PAPERTRAIL_PRODUCT: "${PAPERTRAIL_PRODUCT}" -EOT diff --git a/.evergreen/release-build-vars.sh b/.evergreen/release-build-vars.sh new file mode 100644 index 000000000..81ffac392 --- /dev/null +++ b/.evergreen/release-build-vars.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +set -o errexit +set -o pipefail + +source ./.evergreen/env.sh + +set +x + +CRATE_VERSION=$(cargo metadata --format-version=1 --no-deps | jq --raw-output '.packages[0].version') + +. ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/rust +rm secrets-export.sh + +PAPERTRAIL_PRODUCT="rust-driver" +if [[ "${DRY_RUN}" == "yes" ]]; then + PAPERTRAIL_PRODUCT="rust-driver-testing" +fi + +cat <release-expansion.yml +CRATE_VERSION: "${CRATE_VERSION}" +PAPERTRAIL_KEY_ID: "${PAPERTRAIL_KEY_ID}" +PAPERTRAIL_SECRET_KEY: "${PAPERTRAIL_SECRET_KEY}" +PAPERTRAIL_PRODUCT: "${PAPERTRAIL_PRODUCT}" +ARTIFACTORY_USERNAME: "${ARTIFACTORY_USERNAME}" +ARTIFACTORY_PASSWORD: "${ARTIFACTORY_PASSWORD}" +GARASIGN_USERNAME: "${GARASIGN_USERNAME}" +GARASIGN_PASSWORD: "${GARASIGN_PASSWORD}" +EOT diff --git a/.evergreen/release-sign.sh b/.evergreen/release-sign.sh new file mode 100644 index 000000000..716023d27 --- /dev/null +++ b/.evergreen/release-sign.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -o errexit +set +x + +echo "${ARTIFACTORY_PASSWORD}" | docker login --password-stdin --username ${ARTIFACTORY_USERNAME} artifactory.corp.mongodb.com + +echo "GRS_CONFIG_USER1_USERNAME=${GARASIGN_USERNAME}" >> "signing-envfile" +echo "GRS_CONFIG_USER1_PASSWORD=${GARASIGN_PASSWORD}" >> "signing-envfile" + +docker run \ + --env-file=signing-envfile \ + --rm \ + -v $(pwd):$(pwd) \ + -w $(pwd) \ + artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-gpg \ + /bin/bash -c "gpgloader && gpg --yes -v --armor -o mongodb-${CRATE_VERSION}.sig --detach-sign target/package/mongodb-${CRATE_VERSION}.crate" \ No newline at end of file diff --git a/.evergreen/releases.yml b/.evergreen/releases.yml index 2ba95b625..102188804 100644 --- a/.evergreen/releases.yml +++ b/.evergreen/releases.yml @@ -90,26 +90,27 @@ functions: args: - .evergreen/fetch-drivers-tools.sh - "build papertrail vars": + "build vars": + - command: ec2.assume_role + params: + role_arn: ${aws_test_secrets_role} + - command: subprocess.exec params: working_dir: src - include_expansions_in_env: - - DRIVERS_TOOLS - - DRY_RUN - - GIT_TAG + add_expansions_to_env: true binary: bash args: - - .evergreen/release-build-papertrail-vars.sh + - .evergreen/release-build-vars.sh - command: expansions.update params: - file: src/papertrail-expansion.yml + file: src/release-expansion.yml - command: shell.exec params: working_dir: "src" - script: rm papertrail-expansion.yml + script: rm release-expansion.yml "fetch tag": command: subprocess.exec @@ -137,9 +138,26 @@ functions: key_id: ${PAPERTRAIL_KEY_ID} secret_key: ${PAPERTRAIL_SECRET_KEY} product: ${PAPERTRAIL_PRODUCT} - version: ${GIT_TAG} + version: ${CRATE_VERSION} filenames: - - src/target/package/mongodb-*.crate + - src/target/package/mongodb-${CRATE_VERSION}.crate + + "sign release": + - command: subprocess.exec + params: + working_dir: "src" + include_expansions_in_env: + - ARTIFACTORY_USERNAME + - ARTIFACTORY_PASSWORD + - GARASIGN_USERNAME + - GARASIGN_PASSWORD + - CRATE_VERSION + binary: bash + args: + - .evergreen/release-sign.sh + + "save signature": + command: s3.push tasks: - name: "publish-release" @@ -147,9 +165,11 @@ tasks: - func: "fetch source" - func: "install dependencies" #- func: "fetch tag" - - func: "build papertrail vars" + - func: "build vars" - func: "publish release" - func: "publish papertrail" + - func: "sign release" + - func: "save signature" axes: - id: "os" From 20dbfa9fbacc8a052b8b02e64991341af6f9bdff Mon Sep 17 00:00:00 2001 From: Abraham Egnor Date: Fri, 3 May 2024 14:20:45 -0400 Subject: [PATCH 3/4] remove testing hacks --- .evergreen/releases.yml | 2 +- Cargo.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.evergreen/releases.yml b/.evergreen/releases.yml index 102188804..0da4a3519 100644 --- a/.evergreen/releases.yml +++ b/.evergreen/releases.yml @@ -164,7 +164,7 @@ tasks: commands: - func: "fetch source" - func: "install dependencies" - #- func: "fetch tag" + - func: "fetch tag" - func: "build vars" - func: "publish release" - func: "publish papertrail" diff --git a/Cargo.toml b/Cargo.toml index 525a25d68..fc3628270 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -63,11 +63,11 @@ in-use-encryption-unstable = ["dep:mongocrypt", "dep:rayon", "dep:num_cpus"] tracing-unstable = ["dep:tracing", "dep:log"] [dependencies] -action_macro = { path = "action_macro", version = "0.1" } +action_macro = { path = "action_macro" } async-trait = "0.1.42" base64 = "0.13.0" bitflags = "1.1.0" -bson = { git = "https://github.com/mongodb/bson-rust", branch = "main", version = "2.10" } +bson = { git = "https://github.com/mongodb/bson-rust", branch = "main" } chrono = { version = "0.4.7", default-features = false, features = ["clock", "std"] } derivative = "2.1.1" derive_more = "0.99.17" @@ -81,7 +81,7 @@ hmac = "0.12.1" once_cell = "1.19.0" log = { version = "0.4.17", optional = true } md-5 = "0.10.1" -mongocrypt = { git = "https://github.com/mongodb/libmongocrypt-rust.git", branch = "main", optional = true, version = "0.1" } +mongocrypt = { git = "https://github.com/mongodb/libmongocrypt-rust.git", branch = "main", optional = true } num_cpus = { version = "1.13.1", optional = true } openssl = { version = "0.10.38", optional = true } openssl-probe = { version = "0.1.5", optional = true } From bb293b9e51f8b65b70516642081f59d5c6d4b25c Mon Sep 17 00:00:00 2001 From: Abraham Egnor Date: Fri, 3 May 2024 14:21:42 -0400 Subject: [PATCH 4/4] newline --- .evergreen/release-sign.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/release-sign.sh b/.evergreen/release-sign.sh index 716023d27..dba3c169e 100644 --- a/.evergreen/release-sign.sh +++ b/.evergreen/release-sign.sh @@ -14,4 +14,4 @@ docker run \ -v $(pwd):$(pwd) \ -w $(pwd) \ artifactory.corp.mongodb.com/release-tools-container-registry-local/garasign-gpg \ - /bin/bash -c "gpgloader && gpg --yes -v --armor -o mongodb-${CRATE_VERSION}.sig --detach-sign target/package/mongodb-${CRATE_VERSION}.crate" \ No newline at end of file + /bin/bash -c "gpgloader && gpg --yes -v --armor -o mongodb-${CRATE_VERSION}.sig --detach-sign target/package/mongodb-${CRATE_VERSION}.crate"