Skip to content
Release New Version

Release 1.19.1 #1

Sign in to view logs

Release 1.19.1

Release 1.19.1 #1

Workflow file for this run

.github/workflows/release.yml at afe425b
name: "Release New Version"
run-name: "Release ${{ inputs.version }}"
on:
workflow_dispatch:
inputs:
version:
description: "The version to be released. This is checked for consistency with the branch name and configuration"
required: true
type: "string"
jira-version-number:
description: "JIRA version ID (e.g. 54321)"
required: true
type: "string"
env:
default-release-message: |
The PHP team is happy to announce that version {0} of the MongoDB PHP library is now available.
**Release Highlights**
TODO: one or more paragraphs describing important changes in this release
A complete list of resolved issues in this release may be found in [JIRA](https://jira.mongodb.org/secure/ReleaseNote.jspa?version={1}&projectId=12483).
**Documentation**
Documentation for this library may be found in the [PHP Library Manual](https://mongodb.com/docs/php-library/current/).
**Installation**
This library may be installed or upgraded with:
composer require mongodb/mongodb:{0}
Installation instructions for the `mongodb` extension may be found in the [PHP.net documentation](https://php.net/manual/en/mongodb.installation.php).
jobs:
prepare-release:
environment: release
name: "Prepare release"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: "Create release output"
run: echo '🎬 Release process for version ${{ inputs.version }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY
- name: "Generate token and checkout repository"
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: "Store version numbers in env variables"
run: |
echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV
echo RELEASE_BRANCH=v$(echo ${{ inputs.version }} | cut -d '.' -f-2) >> $GITHUB_ENV
- name: "Ensure release tag does not already exist"
run: |
if [[ $(git tag -l ${RELEASE_VERSION}) == ${RELEASE_VERSION} ]]; then
echo '❌ Release failed: tag for version ${{ inputs.version }} already exists' >> $GITHUB_STEP_SUMMARY
exit 1
fi
- name: "Fail if branch names don't match"
if: ${{ github.ref_name != env.RELEASE_BRANCH }}
run: |
echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }}, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY
exit 1
#
# Preliminary checks done - commence the release process
#
- name: "Set up drivers-github-tools"
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: ${{ vars.AWS_REGION_NAME }}
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
- name: "Prepare release message"
run: |
cat > release-message <<'EOL'
${{ format(env.default-release-message, inputs.version, inputs.jira-version-number) }}
EOL
- name: "Create draft release"
run: echo "RELEASE_URL=$(gh release create ${{ inputs.version }} --target ${{ github.ref_name }} --title "${{ inputs.version }}" --notes-file release-message --draft)" >> "$GITHUB_ENV"
- name: "Create release tag"
uses: mongodb-labs/drivers-github-tools/tag-version@v2
with:
version: ${{ inputs.version }}
tag_message_template: 'Release ${VERSION}'
# TODO: Manually merge using ours strategy. This avoids merge-up pull requests being created
# Process is:
# 1. switch to next branch (according to merge-up action)
# 2. merge release branch using --strategy=ours
# 3. push next branch
# 4. switch back to release branch, then push
- name: "Set summary"
run: |
echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
static-analysis:
needs: prepare-release
name: "Run Static Analysis"
uses: ./.github/workflows/static-analysis.yml
with:
ref: refs/tags/${{ inputs.version }}
permissions:
security-events: write
id-token: write
publish-ssdlc-assets:
needs: static-analysis
environment: release
name: "Publish SSDLC Assets"
runs-on: ubuntu-latest
permissions:
security-events: read
id-token: write
contents: write
steps:
- name: "Generate token and checkout repository"
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
ref: refs/tags/${{ inputs.version }}
# Sets the S3_ASSETS environment variable used later
- name: "Set up drivers-github-tools"
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: ${{ vars.AWS_REGION_NAME }}
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
- name: "Generate authorized publication document"
uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
with:
product_name: "MongoDB PHP Driver (library)"
release_version: ${{ inputs.version }}
filenames: ""
token: ${{ env.GH_TOKEN }}
- name: "Download SBOM file from Silk"
uses: mongodb-labs/drivers-github-tools/sbom@v2
with:
silk_asset_group: mongodb-php-driver-library
- name: "Upload SBOM as release artifact"
run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json
continue-on-error: true
- name: "Generate SARIF report from code scanning alerts"
uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
with:
ref: ${{ inputs.version }}
output-file: ${{ env.S3_ASSETS }}/code-scanning-alerts.json
- name: "Generate compliance report"
uses: mongodb-labs/drivers-github-tools/compliance-report@v2
with:
token: ${{ env.GH_TOKEN }}
- name: Upload S3 assets
uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
with:
version: ${{ inputs.version }}
product_name: mongo-php-library