diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 24589df2..ba64e427 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -14,6 +14,7 @@ env: RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-node RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com PACKAGE_NAME: aws-distro-opentelemetry-node-autoinstrumentation + ARTIFACT_NAME: aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz permissions: id-token: write @@ -86,6 +87,11 @@ jobs: tags: | ${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} + - name: Get SHA256 checksum of release artifact + id: get_sha256 + run: | + shasum -a 256 aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} | sed "s|aws-distro-opentelemetry-node-autoinstrumentation/||" > ${{ env.ARTIFACT_NAME }}.sha256 + # Publish to GitHub releases - name: Create GH release id: create_release @@ -96,7 +102,8 @@ jobs: --title "Release v${{ github.event.inputs.version }}" \ --draft \ "v${{ github.event.inputs.version }}" \ - aws-distro-opentelemetry-node-autoinstrumentation/aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz + aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} \ + ${{ env.ARTIFACT_NAME }}.sha256 # Publish to npm - name: Publish to npm diff --git a/README.md b/README.md index bd50333f..98c5d5c6 100644 --- a/README.md +++ b/README.md @@ -44,3 +44,9 @@ This project ensures compatibility with the following supported NodeJS versions: ### Note on Amazon CloudWatch Application Signals [Amazon CloudWatch Application Signals](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html) components are designed to seamlessly work with all library instrumentations offered by [OpenTelemetry NodeJS auto-instrumentation](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/metapackages/auto-instrumentations-node/README.md). While upstream OpenTelemetry NodeJS instrumentations are in beta, Application Signals components are stable, production ready and have also been tested for popular libraries/frameworks such as `ExpressJS, AWS SDK for JavaScript V3, and others`. We will prioritize backward compatibility for Application Signals components, striving to ensure that they remain functional even in the face of potential breaking changes introduced by OpenTelemetry upstream libraries. Please [raise an issue](https://github.com/aws-observability/aws-otel-js-instrumentation/blob/main/CONTRIBUTING.md#reporting-bugsfeature-requests) if you notice Application Signals doesn't work for a particular OpenTelemetry supported library. + +## Checksum Verification + +Artifacts released will include a `.sha256` file for checksum verification starting from v0.4.0 +To verify, run the command `shasum -a 256 -c .sha256` +It should return the output `: OK` if the validation is successful