mongodb-js · nirinchev · Jan 7, 2025 · Jan 7, 2025 · Jan 7, 2025 · gribnoysup
@@ -13,13 +13,13 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main", '*-releases' ]
-    tags: [ 'v*' ]
+    branches: ["main", "*-releases"]
+    tags: ["v*"]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches: ["main"]
   schedule:
-    - cron: '30 14 * * 4'
+    - cron: "30 14 * * 4"
   workflow_dispatch:
     inputs: {}
 
@@ -36,53 +36,53 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go', 'javascript', 'python' ]
+        language: ["go", "javascript", "python"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
         # Use only 'java' to analyze code written in Java, Kotlin or both
         # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        queries: security-extended
-        config: |
-          paths-ignore:
-            - '**/*.test.js'
-            - '**/*.spec.js'
-            - '**/*.test.ts'
-            - '**/*.spec.ts'
-            - '**/*.test.tsx'
-            - '**/*.spec.tsx'
-            - 'scripts/**'
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: security-extended
+          config: |
+            paths-ignore:
+              - '**/*.test.js'
+              - '**/*.spec.js'
+              - '**/*.test.ts'
+              - '**/*.spec.ts'
+              - '**/*.test.tsx'
+              - '**/*.spec.tsx'
+              - 'scripts/**'
 
-    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      # - run: |
+      #     echo "Run, Build Application using script"
+      #     ./location_of_script_within_repo/buildscript.sh
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
@@ -5,9 +5,9 @@ on:
   workflow_dispatch:
     inputs:
       dryRun:
-        description: 'Run publish in dry-run mode (WARN: think twice when changing this value, this will override currently published manifest in download center!)'
+        description: "Run publish in dry-run mode (WARN: think twice when changing this value, this will override currently published manifest in download center!)"
         required: true
-        default: 'true'
+        default: "true"
   release:
     types: [published]
 
@@ -17,13 +17,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node.js Environment
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 20.16.0
-          cache: 'npm'
+          cache: "npm"
 
       - name: Install [email protected]
         run: |
@@ -36,7 +36,7 @@ jobs:
 
       - name: Upload updated download center manifest
         env:
-          DEBUG: 'hadron*,mongo*,compass*'
+          DEBUG: "hadron*,mongo*,compass*"
           DOWNLOAD_CENTER_AWS_ACCESS_KEY_ID: ${{ secrets.DOWNLOAD_CENTER_AWS_ACCESS_KEY_ID }}
           DOWNLOAD_CENTER_AWS_SECRET_ACCESS_KEY: ${{ secrets.DOWNLOAD_CENTER_AWS_SECRET_ACCESS_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

@@ -18,45 +18,45 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-      with:
-        # don't checkout a detatched HEAD
-        ref: ${{ github.head_ref }}
-
-        # this is important so git log has the whole history
-        fetch-depth: '0'
-
-    - name: Setup git
-      run: |
-        git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-        git config --local user.name "github-actions[bot]"
-
-    - name: "Use Node.js 14"
-      uses: actions/setup-node@v3
-      with:
-        node-version: 20.16.0
-
-    - name: Install [email protected]
-      run: npm install -g [email protected]
-
-    - name: Install Dependencies
-      run: |
-        npm run bootstrap-ci
-      shell: bash
-
-    - name: "Publish what is not already in NPM"
-      env:
-        NPM_TOKEN: ${{ secrets.DEVTOOLSBOT_NPM_TOKEN }}
-      run: |
-        echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
-        npm config list
-        echo "Publishing packages as $(npm whoami)"
-        git update-index --assume-unchanged .npmrc
-        npm run publish-packages
-
-    - name: "Publish tags"
-      run: |
-        npx lerna list -a --json | \
-          jq -r '.[] | .name + "@" + .version' | \
-          xargs -i sh -c "git tag -a {} -m {} || true"
-        git push --follow-tags
+      - uses: actions/checkout@v4
+        with:
+          # don't checkout a detatched HEAD
+          ref: ${{ github.head_ref }}
+
+          # this is important so git log has the whole history
+          fetch-depth: "0"
+
+      - name: Setup git
+        run: |
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+
+      - name: "Use Node.js 20"
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.16.0
+
+      - name: Install [email protected]
+        run: npm install -g [email protected]
+
+      - name: Install Dependencies
+        run: |
+          npm run bootstrap-ci
+        shell: bash
+
+      - name: "Publish what is not already in NPM"
+        env:
+          NPM_TOKEN: ${{ secrets.DEVTOOLSBOT_NPM_TOKEN }}
+        run: |
+          echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
+          npm config list
+          echo "Publishing packages as $(npm whoami)"
+          git update-index --assume-unchanged .npmrc
+          npm run publish-packages
+
+      - name: "Publish tags"
+        run: |
+          npx lerna list -a --json | \
+            jq -r '.[] | .name + "@" + .version' | \
+            xargs -i sh -c "git tag -a {} -m {} || true"
+          git push --follow-tags
@@ -5,32 +5,32 @@ on:
     inputs:
       mergeBranch:
         description: 'mergeBranch (optional, default="main"): the branch to merge from, useful to perform quick fixes outside of main.'
-        default: 'main'
+        default: "main"
         required: false
       overrideNextGa:
-        description: 'overrideNextGa (optional): set this param if you want to override the nextGa version that is fetched from jira versions, and use a different one.'
+        description: "overrideNextGa (optional): set this param if you want to override the nextGa version that is fetched from jira versions, and use a different one."
         required: false
   schedule:
     # Each Monday at 5 AM UTC
-    - cron: '0 5 * * 1'
+    - cron: "0 5 * * 1"
 
 jobs:
   startRelease:
     name: Start new Beta release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup git
         run: |
           git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --local user.name "github-actions[bot]"
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20.16.0
-          cache: 'npm'
+          cache: "npm"
 
       - name: Install [email protected]
         run: |

@@ -7,30 +7,30 @@ on:
   workflow_dispatch:
     inputs:
       releaseTicket:
-        description: 'releaseTicket (required): it must have a fixVersion which will be used as release version.'
+        description: "releaseTicket (required): it must have a fixVersion which will be used as release version."
         required: true
       mergeBranch:
         description: 'mergeBranch (optional, default="beta-releases"): the branch to merge from, useful to perform quick fixes or to skip beta.'
-        default: 'beta-releases'
+        default: "beta-releases"
         required: false
 
 jobs:
   startRelease:
     name: Start new GA release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup git
         run: |
           git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --local user.name "github-actions[bot]"
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20.16.0
-          cache: 'npm'
+          cache: "npm"
 
       - name: Install [email protected]
         run: |
@@ -43,7 +43,6 @@ jobs:
 
       - name: Start Release
         env:
-          JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
           GH_TOKEN: ${{ github.token }}
         run: |
           node scripts/release.js ga \

@@ -22,6 +22,7 @@ jobs:
         with:
           # don't checkout a detatched HEAD
           ref: ${{ github.head_ref }}
+          token: ${{ steps.app-token.outputs.token }}
 
       - uses: actions/setup-node@v4
         with:
@@ -48,3 +49,4 @@ jobs:
           labels: no-title-validation
           body: |
             - Update electron
+          author: "${{ steps.app-token.outputs.app-slug }}[bot]"