[MONGOCRYPT-838] Fix project name detection and role usage in Python release steps#1119
[MONGOCRYPT-838] Fix project name detection and role usage in Python release steps#1119vector-of-bool wants to merge 3 commits intomongodb:masterfrom
Conversation
vector-of-bool
requested review from
kevinAlbs and
mdb-ad
and removed request for
mdb-ad
kevinAlbs
left a comment
kevinAlbs
left a comment
There was a problem hiding this comment.
LGTM with using an expansion for the permissions. I'm not sure how to address "publish packages", but that can be done in a later PR.
| remote_file: '${project}/${build_variant}/${branch_name}/${libmongocrypt_s3_suffix}/libmongocrypt.tar.gz' | ||
| bucket: ${upload_bucket} | ||
| permissions: public-read | ||
| permissions: private |
There was a problem hiding this comment.
I think use an expansion to determine the permissions:
permissions: ${upload_permissions}pymongocrypt refers to this URL in public docs:
https://s3.amazonaws.com/mciuploads/libmongocrypt/all/master/latest/libmongocrypt-all.tar.gz
I expect that link would break if the upload was made private. I would like to remove that public documentation first (and ideally provide an alternative to the latest release download).
| - command: shell.exec | ||
| params: | ||
| shell: "bash" | ||
| include_expansions_in_env: &aws-params-env |
There was a problem hiding this comment.
Sigh ... I think a follow-up change will be needed for the "publish packages" function, which uses curator to download from the S3 URL https://mciuploads.s3.amazonaws.com/.... I'm not sure how to address that yet. But I think it will need to be addressed before a release.
2 participants
s3 cpscript in the Python release steps to use the credentials for the role that can access data from the bucket.permissionon uploaded files toprivate, required for posting to the CDN bucket.