sign files

Author: baileympearson

.github/actions/sign_and_upload_package/action.yml

@@ -18,9 +18,6 @@ inputs:
       description: 'Should we upload files to the release?'
       required: false
       default: 'true'
-    filenames:
-      description: The files to sign.
-      required: true
     artifact_directory:
       description: The directory in which to output signatures.
       required: true
@@ -29,6 +26,7 @@ runs:
   using: composite
   steps:
     - uses: actions/download-artifact@v4
+      if: ${{ always() }}
 
     - run: npm pack
       shell: bash
@@ -49,16 +47,30 @@ runs:
         aws_role_arn: ${{ inputs.aws_role_arn }}
         aws_secret_id: ${{ inputs.aws_secret_id }}
 
+    - name: Determine what files to sign
+      if: ${{ always() }}
+      shell: bash
+      run: |
+        export FILENAMES=build-*/*.tar.gz
+        if [[ $FILENAMES =~ '*' ]]; then
+          FILENAMES=$(ls $FILENAMES | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')
+        fi
+        FILENAMES="$FILENAMES ${{ env.package_file }}"
+        echo "FILES FILES"
+        echo $FILENAMES
+        echo "FILES_TO_SIGN=${FILENAMES}" >> "$GITHUB_ENV"
+
+
     - name: Create detached signature
       uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
       with: 
-        filenames: ${{ inputs.filenames }}
+        filenames: ${{ env.FILES_TO_SIGN }}
       env: 
         RELEASE_ASSETS: ${{ inputs.artifact_directory }}
 
     - name: Copy the tarballs to the artifacts directory
       shell: bash
-      run: for filename in ${{ inputs.filenames }}; do cp ${filename} artifacts/; done
+      run: for filename in ${{ env.FILES_TO_SIGN }}; do cp ${filename} artifacts/; done
 
     - name: Display structure of downloaded files
       shell: bash

.github/workflows/release.yml

@@ -46,19 +46,6 @@ jobs:
         with:
           npm_package_name: mongodb-client-encryption
 
-      - uses: actions/download-artifact@v4
-      - run: |
-          # export FILENAMES=build-*/*.tar.gz
-          # if [[ $FILENAMES =~ '*' ]]; then
-          #   FILENAMES=$(ls $FILENAMES | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')
-          # fi
-          FILENAMES=find build-*/*.tar.gz -name '*'
-          FILENAMES="$FILENAMES ${{ env.package_file }}"
-          echo "FILES FILES"
-          echo $FILENAMES
-          echo "FILES_TO_SIGN=${FILENAMES}" >> "$GITHUB_ENV"
-        shell: bash
-
       - name: actions/sign_and_upload_package
         uses: ./.github/actions/sign_and_upload_package
         with:
@@ -67,7 +54,6 @@ jobs:
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           npm_package_name: 'mongodb-client-encryption'
           dry_run: ${{ needs.release_please.outputs.release_created == '' }}
-          filenames: ${{ env.FILES_TO_SIGN }}
           artifact_directory: artifacts
 
       - name: Copy sbom file to release assets