Add papertrail action

README.md

@@ -13,7 +13,8 @@ GPG key.
 ### git-sign
 
 Use this action to create signed git artifacts:
-```markdown
+
+```yaml
 - name: "Create signed commit"
   uses: mongodb/drivers-github-tools/garasign/git-sign@main
   with:
@@ -41,7 +42,7 @@ option can be set to a truthy value to avoid unnecessary logins to artifactory.
 
 This action is used to create detached signatures for files:
 
-```markdown
+```yaml
 - name: "Create detached signature"
   uses: mongodb/drivers-github-tools/garasign/gpg-sign@main
   with:
@@ -59,7 +60,7 @@ option can be set to a truthy value to avoid unnecessary logins to artifactory.
 
 You can also supply multiple space-separated filenames to sign a list of files:
 
-```markdown
+```yaml
 - name: "Create detached signature"
   uses: mongodb/drivers-github-tools/garasign/gpg-sign@main
   with:
@@ -69,3 +70,23 @@ You can also supply multiple space-separated filenames to sign a list of files:
     artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
     artifactory_password: ${{ secrets.ARTIFACTORY_PASSWORD }}
 ```
+
+## Reporting tools
+
+The following tools are meant to aid in generating Software Security Development Lifecycle
+reports associated with a product release.
+
+### Papertrail
+
+This action will create a record of authorized publication on distribution channels.
+By default it will create a "papertrail.txt" file in the current directory.
+
+```yaml
+- name: "Create papertrail report"
+  uses: mongodb/drivers-github-tools/papertrail@main
+  with:
+    product_name: Mongo Python Driver
+    release_version: ${{ github.ref_name }}
+    filenames: $DIST_FILES
+    token: ${{ github.token }}
+```

papertrail/action.yml

@@ -0,0 +1,42 @@
+name: "Papertrail Report"
+description: "Generate report for authorized publication on distribution channels"
+inputs:
+  product_name:
+    description: "Name of product"
+    required: true
+  release_version:
+    description: "The release version. If not provided, the github.ref_name variable will be used"
+    required: false
+  filenames:
+    description: "Artifact filenames to include in the report, space-separated"
+    required: true
+  token:
+    description: "The GitHub token for the action"
+    required: true
+  output:
+    description: "The output filename"
+    default: "papertail.txt"
+
+runs:
+  using: composite
+  steps:
+    - name: "Prepare report"
+      shell: bash
+      run: |
+          export GH_TOKEN=${{ inputs.token }}
+          NAME=$(gh api users/${{ github.actor }} --jq '.name')
+          export PAPERTRAIL="${{ inputs.output }}"
+          export VERSION="${{ github.ref_name }}"
+          if [ -n "${{ inputs.release_version }}" ]; then
+              export VERSION="${{ inputs.release_version }}"
+          fi
+          echo "Product: ${{ inputs.product_name }}" > $PAPERTRAIL
+          echo "Version: $VERSION" >> $PAPERTRAIL
+          echo "Releaser: $NAME"  >> $PAPERTRAIL
+          echo "Build Source: GitHub Actions"
+          echo "Build Number: ${{ github.run_id }}"
+          for filename in"${{ inputs.filenames }}"; do
+              SHA=$(shasum -a 256 $filename | awk '{print $1;}')
+              echo "Filename: $filename"  >> $PAPERTRAIL
+              echo "Shasum: $SHA"  >> $PAPERTRAIL
+          done