@@ -8,7 +8,7 @@ permissions:
88 pull-requests : write
99 id-token : write
1010
11- name : release
11+ name : release-latest
1212
1313jobs :
1414 release_please :
@@ -18,96 +18,86 @@ jobs:
1818 steps :
1919 - id : release
2020 uses : googleapis/release-please-action@v4
21+ with :
22+ target-branch : main
2123
22- compress_sign_and_upload :
24+ build :
2325 needs : [release_please]
24- if : ${{ needs.release_please.outputs.release_created }}
26+ name : " Perform any build or bundling steps, as necessary."
27+ uses : ./.github/workflows/build.yml
28+
29+ ssdlc :
30+ needs : [release_please, build]
31+ permissions :
32+ # required for all workflows
33+ security-events : write
34+ id-token : write
35+ contents : write
2536 environment : release
2637 runs-on : ubuntu-latest
2738 steps :
2839 - uses : actions/checkout@v4
29- - name : actions/setup
30- uses : ./.github/actions/setup
40+
41+ - name : Install Node and dependencies
42+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
43+ with :
44+ ignore_install_scripts : false
45+
46+ - name : Load version and package info
47+ uses : mongodb-labs/drivers-github-tools/node/get_version_info@v2
48+ with :
49+ npm_package_name : mongodb-legacy
50+
3151 - name : actions/compress_sign_and_upload
32- uses : ./. github/actions/compress_sign_and_upload
52+ uses : mongodb-labs/drivers- github-tools/node/sign_node_package@v2
3353 with :
3454 aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
35- aws_region_name : ' us-east-1'
55+ aws_region_name : us-east-1
3656 aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
37- npm_package_name : ' mongodb-legacy'
38- - run : npm publish --provenance
39- env :
40- NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
57+ npm_package_name : mongodb-legacy
58+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
4159
42- generate_sarif_report :
43- environment : release
44- runs-on : ubuntu-latest
45- needs : [release_please]
46- permissions :
47- # required for all workflows
48- security-events : write
49- id-token : write
50- contents : write
60+ - name : Copy sbom file to release assets
61+ shell : bash
62+ if : ${{ '' == '' }}
63+ run : cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
5164
52- steps :
53- - uses : actions/checkout@v4
54- - name : Set up drivers-github-tools
55- uses : mongodb-labs/drivers-github-tools/setup @v2
65+ # only used for mongodb-client-encryption
66+ - name : Augment SBOM and copy to release assets
67+ if : ${{ '' != '' }}
68+ uses : mongodb-labs/drivers-github-tools/sbom @v2
5669 with :
57- aws_region_name : us-east-1
58- aws_role_arn : ${{ secrets.aws_role_arn }}
59- aws_secret_id : ${{ secrets.aws_secret_id }}
70+ silk_asset_group : ' '
71+ sbom_file_name : sbom.json
6072
61- - name : " Generate Sarif Report "
62- uses : mongodb-labs/drivers-github-tools/code-scanning-export @v2
73+ - name : Generate authorized pub report
74+ uses : mongodb-labs/drivers-github-tools/full-report @v2
6375 with :
64- ref : main
65- output-file : sarif-report.json
76+ release_version : ${{ env.package_version }}
77+ product_name : mongodb-legacy
78+ sarif_report_target_ref : main
79+ third_party_dependency_tool : n/a
80+ dist_filenames : artifacts/*
81+ token : ${{ github.token }}
82+ sbom_file_name : sbom.json
6683
67- - name : Get release version and release package file name
68- id : get_version
69- shell : bash
70- run : |
71- package_version=$(jq --raw-output '.version' package.json)
72- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
73- name : actions/publish_asset_to_s3
74- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
84+ - uses : mongodb-labs/drivers-github-tools/upload-s3-assets@v2
7585 with :
76- version : ${{ steps.get_version.outputs .package_version }}
86+ version : ${{ env .package_version }}
7787 product_name : mongodb-legacy
78- file : sarif-report.json
79- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
88+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
8089
81- upload_sbom_lite :
90+ publish :
91+ needs : [release_please, ssdlc, build]
8292 environment : release
8393 runs-on : ubuntu-latest
84- needs : [release_please]
85- permissions :
86- # required for all workflows
87- security-events : write
88- id-token : write
89- contents : write
90-
9194 steps :
9295 - uses : actions/checkout@v4
93- - name : Set up drivers-github-tools
94- uses : mongodb-labs/drivers-github-tools/setup@v2
95- with :
96- aws_region_name : us-east-1
97- aws_role_arn : ${{ secrets.aws_role_arn }}
98- aws_secret_id : ${{ secrets.aws_secret_id }}
9996
100- - name : Get release version and release package file name
101- id : get_version
102- shell : bash
103- run : |
104- package_version=$(jq --raw-output '.version' package.json)
105- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
97+ - name : Install Node and dependencies
98+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
10699
107- name : actions/publish_asset_to_s3
108- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
109- with :
110- version : ${{ steps.get_version.outputs.package_version }}
111- product_name : mongodb-legacy
112- file : sbom.json
113- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
100+ - run : npm publish --provenance --tag=latest
101+ if : ${{ needs.release_please.outputs.release_created }}
102+ env :
103+ NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
0 commit comments