Skip to content

feat: Sign release packages #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 19, 2025
Merged

feat: Sign release packages #23

merged 2 commits into from
Feb 19, 2025

Conversation

lantoli
Copy link
Collaborator

@lantoli lantoli commented Feb 19, 2025
edited
Loading

Description

Sign release packages, so CLI can check the signature when the plugin is installed, e.g.:

> plugin atlas plugin install mongodb-labs/atlas-cli-plugin-terraform

PGP signature verification successful!
Plugin mongodb-labs/atlas-cli-plugin-terraform successfully installed

It also signs Windows binaries.

The release has been tested in a fork repo for Linux, Mac and Windows.

Link to any related issue(s): CLOUDP-294109

Type of change:

  • Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
  • New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR. A migration guide must be created or updated if the new feature will go in a major version.
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR. A migration guide must be created or updated.
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the contributing guides
  • I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code
  • If changes include deprecations or removals I have added appropriate changelog entries.
  • If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

@github-actions github-actions bot added the enhancement New feature or request label Feb 19, 2025
@lantoli lantoli marked this pull request as ready for review February 19, 2025 16:43
@lantoli lantoli requested a review from a team as a code owner February 19, 2025 16:43
marcosuma
marcosuma approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@marcosuma marcosuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not an expert on signing packages, so good to have another pair of eyes

cveticm
cveticm approved these changes Feb 19, 2025
View reviewed changes
Copy link

@cveticm cveticm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! but would make sure team has no concerns with no signing for MacOS binary before merge

EspenAlbert
EspenAlbert approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@EspenAlbert EspenAlbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bit tricky to follow outside of context. Not sure if it is worth it to include some link/description in the CONTRIBUTING.md?

@lantoli
Copy link
Collaborator Author

lantoli commented Feb 19, 2025

@EspenAlbert I've not seen similar info in CLI or Kubernetes plugin, for the user it's only important that they'll see the message:

PGP signature verification successful!
Plugin mongodb-labs/atlas-cli-plugin-terraform successfully installed

@lantoli lantoli merged commit 25a2d7b into main Feb 19, 2025
10 checks passed
@lantoli lantoli deleted the CLOUDP-294109_sign branch February 19, 2025 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EspenAlbert EspenAlbert EspenAlbert approved these changes

@marcosuma marcosuma marcosuma approved these changes

@cveticm cveticm cveticm approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lantoli @EspenAlbert @marcosuma @cveticm