File tree Expand file tree Collapse file tree 3 files changed +83
-7
lines changed Expand file tree Collapse file tree 3 files changed +83
-7
lines changed Original file line number Diff line number Diff line change @@ -2,18 +2,13 @@ name: "CodeQL"
22
33on :
44 push :
5- branches : [ "main" ]
5+ branches : [ "main", 5.x ]
66 pull_request :
7- branches : [ "main" ]
7+ branches : [ "main", 5.x ]
88
99jobs :
1010 analyze :
1111 name : Analyze (${{ matrix.language }} - ${{ matrix.identifier }})
12- # Runner size impacts CodeQL analysis time. To learn more, please see:
13- # - https://gh.io/recommended-hardware-resources-for-running-codeql
14- # - https://gh.io/supported-runners-and-hardware-resources
15- # - https://gh.io/using-larger-runners (GitHub.com only)
16- # Consider using larger runners or machines with greater resources for possible analysis time improvements.
1712 runs-on : ' ubuntu-latest'
1813 timeout-minutes : 360
1914 permissions :
Original file line number Diff line number Diff line change 4040 - run : npm publish --provenance --tag=5x
4141 env :
4242 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
43+
44+ generate_sarif_report :
45+ environment : release
46+ runs-on : ubuntu-latest
47+ needs : [release_please]
48+ permissions :
49+ # required for all workflows
50+ security-events : write
51+ id-token : write
52+ contents : write
53+
54+ steps :
55+ - uses : actions/checkout@v4
56+ - name : Set up drivers-github-tools
57+ uses : mongodb-labs/drivers-github-tools/setup@v2
58+ with :
59+ aws_region_name : us-east-1
60+ aws_role_arn : ${{ secrets.aws_role_arn }}
61+ aws_secret_id : ${{ secrets.aws_secret_id }}
62+
63+ - name : " Generate Sarif Report"
64+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
65+ with :
66+ ref : 5.x
67+ output-file : sarif-report.json
68+
69+ - name : Get release version and release package file name
70+ id : get_version
71+ shell : bash
72+ run : |
73+ package_version=$(jq --raw-output '.version' package.json)
74+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
75+
76+ name : actions/publish_asset_to_s3
77+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
78+ with :
79+ version : ${{ steps.get_version.outputs.package_version }}
80+ product_name : js-bson
81+ file : sarif-report.json
82+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
Original file line number Diff line number Diff line change 3838 - run : npm publish --provenance
3939 env :
4040 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
41+
42+ generate_sarif_report :
43+ environment : release
44+ runs-on : ubuntu-latest
45+ needs : [release_please]
46+ permissions :
47+ # required for all workflows
48+ security-events : write
49+ id-token : write
50+ contents : write
51+
52+ steps :
53+ - uses : actions/checkout@v4
54+ - name : Set up drivers-github-tools
55+ uses : mongodb-labs/drivers-github-tools/setup@v2
56+ with :
57+ aws_region_name : us-east-1
58+ aws_role_arn : ${{ secrets.aws_role_arn }}
59+ aws_secret_id : ${{ secrets.aws_secret_id }}
60+
61+ - name : " Generate Sarif Report"
62+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
63+ with :
64+ ref : main
65+ output-file : sarif-report.json
66+
67+ - name : Get release version and release package file name
68+ id : get_version
69+ shell : bash
70+ run : |
71+ package_version=$(jq --raw-output '.version' package.json)
72+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
73+
74+ name : actions/publish_asset_to_s3
75+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
76+ with :
77+ version : ${{ steps.get_version.outputs.package_version }}
78+ product_name : js-bson
79+ file : sarif-report.json
80+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
81+
You can’t perform that action at this time.
0 commit comments