ci: add release action to CI (#40)

baileympearson · web-flow · commit 64b6b8fd682d · 2024-11-25T15:12:48.000-05:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,106 @@
+on:
+  push:
+    branches: ["main"]
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+name: release
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          target-branch: main
+
+  build:
+    needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  # ssdlc:
+  #   needs: [release_please, build]
+  #   permissions:
+  #     # required for all workflows
+  #     security-events: write
+  #     id-token: write
+  #     contents: write
+  #   environment: release
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+
+  #     - name: Install Node and dependencies
+  #       uses: mongodb-labs/drivers-github-tools/node/setup@v2
+  #       with:
+  #         ignore_install_scripts: true
+
+  #     - name: Load version and package info
+  #       uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+  #       with:
+  #         npm_package_name: mongodb-client-encryption
+
+  #     - name: actions/compress_sign_and_upload
+  #       uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
+  #       with:
+  #         aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+  #         aws_region_name: us-east-1
+  #         aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+  #         npm_package_name: mongodb-client-encryption
+  #         dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+  #         sign_native: true
+
+  #     - name: Copy sbom file to release assets
+  #       shell: bash
+  #       if: ${{ 'mongodb-client-encryption-6.1' == '' }}
+  #       run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
+  #     # only used for mongodb-client-encryption
+  #     - name: Augment SBOM and copy to release assets
+  #       if: ${{ 'mongodb-client-encryption-6.1' != '' }}
+  #       uses: mongodb-labs/drivers-github-tools/sbom@v2
+  #       with:
+  #         silk_asset_group: 'mongodb-client-encryption-6.1'
+  #         sbom_file_name: sbom.json
+
+  #     - name: Generate authorized pub report
+  #       uses: mongodb-labs/drivers-github-tools/full-report@v2
+  #       with:
+  #         release_version: ${{ env.package_version }}
+  #         product_name: mongodb-client-encryption
+  #         sarif_report_target_ref: main
+  #         third_party_dependency_tool: n/a
+  #         dist_filenames: artifacts/*
+  #         token: ${{ github.token }}
+  #         sbom_file_name: sbom.json
+
+  #     - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+  #       with:
+  #         version: ${{ env.package_version }}
+  #         product_name: mongodb-client-encryption
+  #         dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+  # publish:
+  #   needs: [release_please, ssdlc, build]
+  #   environment: release
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+
+  #     - name: Install Node and dependencies
+  #       uses: mongodb-labs/drivers-github-tools/node/setup@v2
+  #       with:
+  #         ignore_install_scripts: true
+
+  #     - run: npm publish --provenance
+  #       if: ${{ needs.release_please.outputs.release_created }}
+  #       env:
+  #         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
