From 1325f572e2b8e42031176e7ee882c294ce49c093 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:27:55 -0600 Subject: [PATCH 01/13] use shared actions --- .../compress_sign_and_upload/action.yml | 59 ------------------- .github/actions/setup/action.yml | 15 ----- .github/workflows/release-5.x.yml | 32 +++++----- .github/workflows/release.yml | 32 +++++----- 4 files changed, 33 insertions(+), 105 deletions(-) delete mode 100644 .github/actions/compress_sign_and_upload/action.yml delete mode 100644 .github/actions/setup/action.yml diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml deleted file mode 100644 index 8bce52aafc4..00000000000 --- a/.github/actions/compress_sign_and_upload/action.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Compress and Sign -description: 'Compresses package and signs with garasign' - -inputs: - aws_role_arn: - description: 'AWS role input for drivers-github-tools/gpg-sign@v2' - required: true - aws_region_name: - description: 'AWS region name input for drivers-github-tools/gpg-sign@v2' - required: true - aws_secret_id: - description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2' - required: true - npm_package_name: - description: 'The name for the npm package this repository represents' - required: true - dry_run: - description: 'Should we upload files to the release?' - required: false - default: 'true' - -runs: - using: composite - steps: - - run: npm pack - shell: bash - - - name: Get release version and release package file name - id: get_vars - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT" - - - name: Set up drivers-github-tools - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_region_name: ${{ inputs.aws_region_name }} - aws_role_arn: ${{ inputs.aws_role_arn }} - aws_secret_id: ${{ inputs.aws_secret_id }} - - - name: Create detached signature - uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 - with: - filenames: ${{ steps.get_vars.outputs.package_file }} - env: - RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig - - - name: Name release asset correctly - run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig - shell: bash - - - name: "Upload release artifacts" - if: ${{ inputs.dry_run == false }} - run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig - shell: bash - env: - GH_TOKEN: ${{ github.token }} diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml deleted file mode 100644 index ced847c1bc4..00000000000 --- a/.github/actions/setup/action.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Setup -description: 'Installs node, driver dependencies, and builds source' - -runs: - using: composite - steps: - - uses: actions/setup-node@v4 - with: - node-version: 'lts/*' - cache: 'npm' - registry-url: 'https://registry.npmjs.org' - - run: npm install -g npm@latest - shell: bash - - run: npm clean-install - shell: bash diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index f62347a7b62..30e58fde57e 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -32,23 +32,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup - - name: Get release version and release package file name - id: get_vars - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=mongodb-${package_version}.tgz" >> "$GITHUB_OUTPUT" + + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + + - name: Load version and package info + uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node - name: actions/compress_sign_and_upload - uses: ./.github/actions/compress_sign_and_upload + uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: 'us-east-1' + aws_region_name: us-east-1 aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - npm_package_name: 'mongodb' + npm_package_name: mongodb dry_run: ${{ needs.release_please.outputs.release_created == '' }} - name: Copy sbom file to release assets @@ -67,14 +64,21 @@ jobs: token: ${{ github.token }} sbom_file_name: sbom.json + - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 + with: + version: ${{ env.package_version }} + product_name: mongodb + dry_run: ${{ needs.release_please.outputs.release_created == '' }} + publish: needs: [release_please, ssdlc] environment: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm publish --provenance --tag=5.x if: ${{ needs.release_please.outputs.release_created }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 29ff67862a4..2abd961df53 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,23 +30,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup - - name: Get release version and release package file name - id: get_vars - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=mongodb-${package_version}.tgz" >> "$GITHUB_OUTPUT" + + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + + - name: Load version and package info + uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node - name: actions/compress_sign_and_upload - uses: ./.github/actions/compress_sign_and_upload + uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: 'us-east-1' + aws_region_name: us-east-1 aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - npm_package_name: 'mongodb' + npm_package_name: mongodb dry_run: ${{ needs.release_please.outputs.release_created == '' }} - name: Copy sbom file to release assets @@ -67,9 +64,9 @@ jobs: - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 with: - version: ${{ inputs.version }} - product_name: ${{ inputs.product_name }} - dry_run: ${{ needs.release_please.outputs.release_created == '' }} + version: ${{ env.package_version }} + product_name: mongodb + dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: needs: [release_please, ssdlc] @@ -77,8 +74,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm publish --provenance --tag=latest if: ${{ needs.release_please.outputs.release_created }} From e0d2165e15e2ff3abf9511a10fdf0318d31c0cb7 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:33:28 -0600 Subject: [PATCH 02/13] use generated release action --- .github/workflows/release-5.x.yml | 2 +- .github/workflows/release.yml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 30e58fde57e..d66859e0889 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -8,7 +8,7 @@ permissions: pull-requests: write id-token: write -name: release-5x +name: release-5.x jobs: release_please: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2abd961df53..3d82eac0121 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ permissions: pull-requests: write id-token: write -name: release +name: release-latest jobs: release_please: @@ -18,6 +18,8 @@ jobs: steps: - id: release uses: googleapis/release-please-action@v4 + with: + target-branch: main ssdlc: needs: [release_please] From 5cbc5b372412ea3a1feddec6225948273536bf4a Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:41:02 -0600 Subject: [PATCH 03/13] fix pub report integration --- .github/workflows/release-5.x.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index d66859e0889..71bcb3c153e 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -55,12 +55,12 @@ jobs: - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: - release_version: ${{ steps.get_version.outputs.package_version }} + release_version: ${{ env.package_version }} product_name: mongodb sarif_report_target_ref: 5.x third_party_dependency_tool: n/a # and .sig - dist_filenames: ${{ steps.get_vars.outputs.package_file }}* + dist_filenames: ${{ env.package_file }}* token: ${{ github.token }} sbom_file_name: sbom.json diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3d82eac0121..ea9850293ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -55,12 +55,12 @@ jobs: - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: - release_version: ${{ steps.get_version.outputs.package_version }} + release_version: ${{ env.package_version }} product_name: mongodb sarif_report_target_ref: main third_party_dependency_tool: n/a # and .sig - dist_filenames: ${{ steps.get_vars.outputs.package_file }}* + dist_filenames: ${{ env.package_file }}* token: ${{ github.token }} sbom_file_name: sbom.json From c156562872a3009979be8d790b6720511c8718b8 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:55:43 -0600 Subject: [PATCH 04/13] add evergreen patch info --- .github/workflows/release-5.x.yml | 2 ++ .github/workflows/release.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 71bcb3c153e..73f81f64145 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -63,6 +63,8 @@ jobs: dist_filenames: ${{ env.package_file }}* token: ${{ github.token }} sbom_file_name: sbom.json + evergreen_project: mongo-node-driver-next + evergreen_commit: ${{ env.commit }} - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea9850293ac..6627ffb0e21 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,6 +63,8 @@ jobs: dist_filenames: ${{ env.package_file }}* token: ${{ github.token }} sbom_file_name: sbom.json + evergreen_project: mongo-node-driver-next + evergreen_commit: ${{ env.commit }} - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 with: From e14bfd39d2ced7076e79d425afcadd3757caa8d3 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:57:19 -0600 Subject: [PATCH 05/13] upload package info --- .github/workflows/release-5.x.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 73f81f64145..bd876808fff 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -53,7 +53,7 @@ jobs: run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - name: Generate authorized pub report - uses: mongodb-labs/drivers-github-tools/full-report@v2 + uses: blink1073/drivers-github-tools/full-report@add-evergreen-link with: release_version: ${{ env.package_version }} product_name: mongodb diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6627ffb0e21..65ce9179d51 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - name: Generate authorized pub report - uses: mongodb-labs/drivers-github-tools/full-report@v2 + uses: blink1073/drivers-github-tools/full-report@add-evergreen-link with: release_version: ${{ env.package_version }} product_name: mongodb @@ -70,7 +70,7 @@ jobs: with: version: ${{ env.package_version }} product_name: mongodb - dry_run: ${{ needs.release_please.outputs.release_created == '' }} + dry_run: false publish: needs: [release_please, ssdlc] From 03585ef949fbc2fdfb52ca84add404c8fd4c6f92 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 25 Jun 2024 08:29:27 -0600 Subject: [PATCH 06/13] incorporate changes --- .github/workflows/release-5.x.yml | 2 +- .github/workflows/release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index bd876808fff..73f81f64145 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -53,7 +53,7 @@ jobs: run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - name: Generate authorized pub report - uses: blink1073/drivers-github-tools/full-report@add-evergreen-link + uses: mongodb-labs/drivers-github-tools/full-report@v2 with: release_version: ${{ env.package_version }} product_name: mongodb diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 65ce9179d51..6627ffb0e21 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - name: Generate authorized pub report - uses: blink1073/drivers-github-tools/full-report@add-evergreen-link + uses: mongodb-labs/drivers-github-tools/full-report@v2 with: release_version: ${{ env.package_version }} product_name: mongodb @@ -70,7 +70,7 @@ jobs: with: version: ${{ env.package_version }} product_name: mongodb - dry_run: false + dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: needs: [release_please, ssdlc] From 81117907c16dace4d8bb1ebfb45d2c01b0cda49a Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 25 Jun 2024 08:32:48 -0600 Subject: [PATCH 07/13] replace usages of setup --- .github/workflows/build_docs.yml | 4 ++-- .github/workflows/dependencies.yml | 4 ++-- .github/workflows/release-alpha.yml | 4 ++-- .github/workflows/release-nightly.yml | 4 ++-- .github/workflows/release_notes.yml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml index de47ba9028f..9c076b3d3ab 100644 --- a/.github/workflows/build_docs.yml +++ b/.github/workflows/build_docs.yml @@ -19,8 +19,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: sudo apt-get install hugo - name: Build Docs run: npm run build:docs -- --yes diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index eab5170f259..f2e0c9ca741 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -14,6 +14,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm run check:dependencies diff --git a/.github/workflows/release-alpha.yml b/.github/workflows/release-alpha.yml index e3b024ccd52..749683a76be 100644 --- a/.github/workflows/release-alpha.yml +++ b/.github/workflows/release-alpha.yml @@ -26,8 +26,8 @@ jobs: exit 1 fi - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm version "${{ inputs.alphaVersion }}" --git-tag-version=false - run: npm publish --provenance --tag=alpha env: diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 649b6c760af..528f6d34a49 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -20,8 +20,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - id: build_nightly run: npm run build:nightly - if: ${{ steps.build_nightly.outputs.publish == 'yes' }} diff --git a/.github/workflows/release_notes.yml b/.github/workflows/release_notes.yml index 54b038f5319..0c0c903362c 100644 --- a/.github/workflows/release_notes.yml +++ b/.github/workflows/release_notes.yml @@ -45,8 +45,8 @@ jobs: # Setup Node.js and npm install - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node # See: https://github.com/googleapis/release-please/issues/1274 From 883e3d8737cd2fec1287c54f08ab9dc2fe36d2e4 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 26 Jun 2024 10:29:26 -0600 Subject: [PATCH 08/13] use latest template for testing --- .github/workflows/release-5.x.yml | 7 ++++--- .github/workflows/release.yml | 6 ++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 73f81f64145..a25674ec145 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -38,9 +38,11 @@ jobs: - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + with: + npm_package_name: mongodb - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node + uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -59,8 +61,7 @@ jobs: product_name: mongodb sarif_report_target_ref: 5.x third_party_dependency_tool: n/a - # and .sig - dist_filenames: ${{ env.package_file }}* + dist_filenames: artifacts/* token: ${{ github.token }} sbom_file_name: sbom.json evergreen_project: mongo-node-driver-next diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6627ffb0e21..71b1c7ad04f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,9 +38,11 @@ jobs: - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + with: + npm_package_name: mongodb - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node + uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -60,7 +62,7 @@ jobs: sarif_report_target_ref: main third_party_dependency_tool: n/a # and .sig - dist_filenames: ${{ env.package_file }}* + dist_filenames: artifacts/* token: ${{ github.token }} sbom_file_name: sbom.json evergreen_project: mongo-node-driver-next From fe0a98e424a7b47d450deccf801e75e842025d15 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 26 Jun 2024 10:48:26 -0600 Subject: [PATCH 09/13] add empty build step --- .github/workflows/build.yml | 16 ++++++++++++++++ .github/workflows/release-5.x.yml | 20 ++++++++++++++++++-- .github/workflows/release.yml | 21 ++++++++++++++++++--- 3 files changed, 52 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000000..3c601ae7b90 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,16 @@ +on: + workflow_call: {} + +name: Build + +permissions: + contents: write + pull-requests: write + id-token: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - run: echo "nothing to do." + shell: bash diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index a25674ec145..86c70403504 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -21,8 +21,13 @@ jobs: with: target-branch: 5.x - ssdlc: + build: needs: [release_please] + name: "Perform any build or bundling steps, as necessary." + uses: ./.github/workflows/build.yml + + ssdlc: + needs: [release_please, build] permissions: # required for all workflows security-events: write @@ -35,6 +40,8 @@ jobs: - name: Install Node and dependencies uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + with: + ignore_install_scripts: false - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node @@ -52,8 +59,17 @@ jobs: - name: Copy sbom file to release assets shell: bash + if: ${{ !'' }} run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json + # only used for mongodb-client-encryption + - name: Augment SBOM and copy to release assets + if: ${{ ''}} + uses: mongodb-labs/drivers-github-tools/sbom@v2 + with: + silk_asset_group: ${{ '' }} + sbom_file_name: sbom.json + - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: @@ -74,7 +90,7 @@ jobs: dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: - needs: [release_please, ssdlc] + needs: [release_please, ssdlc, build] environment: release runs-on: ubuntu-latest steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71b1c7ad04f..013663826de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,8 +21,13 @@ jobs: with: target-branch: main - ssdlc: + build: needs: [release_please] + name: "Perform any build or bundling steps, as necessary." + uses: ./.github/workflows/build.yml + + ssdlc: + needs: [release_please, build] permissions: # required for all workflows security-events: write @@ -35,6 +40,8 @@ jobs: - name: Install Node and dependencies uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + with: + ignore_install_scripts: false - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node @@ -52,8 +59,17 @@ jobs: - name: Copy sbom file to release assets shell: bash + if: ${{ !'' }} run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json + # only used for mongodb-client-encryption + - name: Augment SBOM and copy to release assets + if: ${{ ''}} + uses: mongodb-labs/drivers-github-tools/sbom@v2 + with: + silk_asset_group: ${{ '' }} + sbom_file_name: sbom.json + - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: @@ -61,7 +77,6 @@ jobs: product_name: mongodb sarif_report_target_ref: main third_party_dependency_tool: n/a - # and .sig dist_filenames: artifacts/* token: ${{ github.token }} sbom_file_name: sbom.json @@ -75,7 +90,7 @@ jobs: dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: - needs: [release_please, ssdlc] + needs: [release_please, ssdlc, build] environment: release runs-on: ubuntu-latest steps: From 22d6dc4dddf394a51856dbab2b7a1f34a6593770 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 26 Jun 2024 14:09:14 -0600 Subject: [PATCH 10/13] use env --- .github/workflows/release-5.x.yml | 8 ++++---- .github/workflows/release.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 86c70403504..e4cd12faa54 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -59,15 +59,15 @@ jobs: - name: Copy sbom file to release assets shell: bash - if: ${{ !'' }} + if: ${{ '' == '' }} run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json # only used for mongodb-client-encryption - name: Augment SBOM and copy to release assets - if: ${{ ''}} + if: ${{ '' != '' }} uses: mongodb-labs/drivers-github-tools/sbom@v2 with: - silk_asset_group: ${{ '' }} + silk_asset_group: '' sbom_file_name: sbom.json - name: Generate authorized pub report @@ -78,7 +78,7 @@ jobs: sarif_report_target_ref: 5.x third_party_dependency_tool: n/a dist_filenames: artifacts/* - token: ${{ github.token }} + token: ${{ github.token }} sbom_file_name: sbom.json evergreen_project: mongo-node-driver-next evergreen_commit: ${{ env.commit }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 013663826de..a41c555725e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,15 +59,15 @@ jobs: - name: Copy sbom file to release assets shell: bash - if: ${{ !'' }} + if: ${{ '' == '' }} run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json # only used for mongodb-client-encryption - name: Augment SBOM and copy to release assets - if: ${{ ''}} + if: ${{ '' != '' }} uses: mongodb-labs/drivers-github-tools/sbom@v2 with: - silk_asset_group: ${{ '' }} + silk_asset_group: '' sbom_file_name: sbom.json - name: Generate authorized pub report @@ -78,7 +78,7 @@ jobs: sarif_report_target_ref: main third_party_dependency_tool: n/a dist_filenames: artifacts/* - token: ${{ github.token }} + token: ${{ github.token }} sbom_file_name: sbom.json evergreen_project: mongo-node-driver-next evergreen_commit: ${{ env.commit }} From 9c4427259ab35aa949fafa896639c12bf68f20f2 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 27 Jun 2024 09:35:23 -0600 Subject: [PATCH 11/13] use shared actions --- .github/workflows/build_docs.yml | 2 +- .github/workflows/dependencies.yml | 2 +- .github/workflows/release-5.x.yml | 8 ++++---- .github/workflows/release-alpha.yml | 2 +- .github/workflows/release-nightly.yml | 2 +- .github/workflows/release.yml | 8 ++++---- .github/workflows/release_notes.yml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml index 9c076b3d3ab..5fa8064e3d5 100644 --- a/.github/workflows/build_docs.yml +++ b/.github/workflows/build_docs.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: sudo apt-get install hugo - name: Build Docs run: npm run build:docs -- --yes diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index f2e0c9ca741..310b9a3e5e7 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -15,5 +15,5 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm run check:dependencies diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index e4cd12faa54..12dbdeb439f 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -39,17 +39,17 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 with: ignore_install_scripts: false - name: Load version and package info - uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2 with: npm_package_name: mongodb - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2 with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -97,7 +97,7 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm publish --provenance --tag=5.x if: ${{ needs.release_please.outputs.release_created }} diff --git a/.github/workflows/release-alpha.yml b/.github/workflows/release-alpha.yml index 749683a76be..ab7512d72eb 100644 --- a/.github/workflows/release-alpha.yml +++ b/.github/workflows/release-alpha.yml @@ -27,7 +27,7 @@ jobs: fi - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm version "${{ inputs.alphaVersion }}" --git-tag-version=false - run: npm publish --provenance --tag=alpha env: diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 528f6d34a49..b94eb6caf94 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - id: build_nightly run: npm run build:nightly - if: ${{ steps.build_nightly.outputs.publish == 'yes' }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a41c555725e..8369b7af8e5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,17 +39,17 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 with: ignore_install_scripts: false - name: Load version and package info - uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2 with: npm_package_name: mongodb - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2 with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -97,7 +97,7 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm publish --provenance --tag=latest if: ${{ needs.release_please.outputs.release_created }} diff --git a/.github/workflows/release_notes.yml b/.github/workflows/release_notes.yml index 0c0c903362c..486aa5ec950 100644 --- a/.github/workflows/release_notes.yml +++ b/.github/workflows/release_notes.yml @@ -46,7 +46,7 @@ jobs: # Setup Node.js and npm install - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 # See: https://github.com/googleapis/release-please/issues/1274 From b847143a1fc3c037d06cc7904af3d69d59c9ad6a Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 27 Jun 2024 10:26:58 -0600 Subject: [PATCH 12/13] correct tag --- .github/workflows/release-5.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 12dbdeb439f..2e743b1c184 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -99,7 +99,7 @@ jobs: - name: Install Node and dependencies uses: mongodb-labs/drivers-github-tools/node/setup@v2 - - run: npm publish --provenance --tag=5.x + - run: npm publish --provenance --tag=5x if: ${{ needs.release_please.outputs.release_created }} env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 566dc6bb39f86052a2a9c3ae1db30ce2f05b5697 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 27 Jun 2024 10:30:29 -0600 Subject: [PATCH 13/13] fix name --- .github/workflows/release-5.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml index 2e743b1c184..02d862cb860 100644 --- a/.github/workflows/release-5.x.yml +++ b/.github/workflows/release-5.x.yml @@ -8,7 +8,7 @@ permissions: pull-requests: write id-token: write -name: release-5.x +name: release-5x jobs: release_please: