CSHARP-5128 Update template_ssdlc_compliance_report.md with signing information (#1344)

BorisDog · web-flow · commit 281960b95b6b · 2024-06-12T11:46:13.000-07:00
diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml
@@ -282,6 +282,7 @@ functions:
       params:
         working_dir: "mongo-csharp-driver"
         env:
+          NUGET_SIGN_CERTIFICATE_FINGERPRINT: ${NUGET_SIGN_CERTIFICATE_FINGERPRINT}
           PRODUCT_NAME: "mongo-csharp-driver"
           github_commit: ${github_commit}
         script: |
diff --git a/evergreen/generate-ssdlc-report.sh b/evergreen/generate-ssdlc-report.sh
@@ -2,6 +2,7 @@
 set -o errexit # Exit the script with error if any of the commands fail
 
 # Environment variables used as input:
+# NUGET_SIGN_CERTIFICATE_FINGERPRINT
 # PRODUCT_NAME
 # PACKAGE_VERSION
 # github_commit
@@ -31,5 +32,6 @@ sed "${SED_EDIT_IN_PLACE_OPTION[@]}" \
     -e "s/\${PACKAGE_VERSION}/$PACKAGE_VERSION/g" \
     -e "s/\${github_commit}/$github_commit/g" \
     -e "s/\${REPORT_DATE_UTC}/$(date -u +%Y-%m-%d)/g" \
+    -e "s/\${NUGET_SIGN_CERTIFICATE_FINGERPRINT}/${NUGET_SIGN_CERTIFICATE_FINGERPRINT}/g" \
     "${SSDLC_REPORT_PATH}"
 ls "${SSDLC_REPORT_PATH}"
diff --git a/evergreen/template_ssdlc_compliance_report.md b/evergreen/template_ssdlc_compliance_report.md
@@ -41,8 +41,7 @@ This information is available in multiple ways:
 
 Blocked on <https://jira.mongodb.org/browse/CSHARP-5047>.
 
-The MongoDB SSDLC policy is available at
-<https://docs.google.com/document/d/1u0m4Kj2Ny30zU74KoEFCN4L6D_FbEYCaJ3CQdCYXTMc>.
+The MongoDB SSDLC policy is available <a href="https://docs.google.com/document/d/1u0m4Kj2Ny30zU74KoEFCN4L6D_FbEYCaJ3CQdCYXTMc">here</a>.
 
 ## Third-darty dependency information
 
@@ -54,4 +53,10 @@ Coverity static analysis report is available <a href="https://us-west-2.console.
 
 ## Signature information
 
-Blocked on <https://jira.mongodb.org/browse/CSHARP-3050>.
+Packages are signed with certificate with fingerprint: ${NUGET_SIGN_CERTIFICATE_FINGERPRINT}.
+Signature can be validated by running ```dotnet nuget verify``` command.
+
+For example signature of ```Mongodb.Driver.${PACKAGE_VERSION}.nupkg``` package can be verified by running:
+```
+dotnet nuget verify MongoDB.Driver.${PACKAGE_VERSION}.nupkg --certificate-fingerprint ${NUGET_SIGN_CERTIFICATE_FINGERPRINT}
+```
