@@ -21,95 +21,85 @@ jobs:
2121 with :
2222 target-branch : 5.x
2323
24- compress_sign_and_upload :
24+ build :
2525 needs : [release_please]
26- if : ${{ needs.release_please.outputs.release_created }}
26+ name : " Perform any build or bundling steps, as necessary."
27+ uses : ./.github/workflows/build.yml
28+
29+ ssdlc :
30+ needs : [release_please, build]
31+ permissions :
32+ # required for all workflows
33+ security-events : write
34+ id-token : write
35+ contents : write
2736 environment : release
2837 runs-on : ubuntu-latest
2938 steps :
3039 - uses : actions/checkout@v4
31- - name : actions/setup
32- uses : ./.github/actions/setup
40+
41+ - name : Install Node and dependencies
42+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
43+ with :
44+ ignore_install_scripts : false
45+
46+ - name : Load version and package info
47+ uses : mongodb-labs/drivers-github-tools/node/get_version_info@v2
48+ with :
49+ npm_package_name : mongodb
50+
3351 - name : actions/compress_sign_and_upload
34- uses : ./. github/actions/compress_sign_and_upload
52+ uses : mongodb-labs/drivers- github-tools/node/sign_node_package@v2
3553 with :
3654 aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
37- aws_region_name : ' us-east-1'
55+ aws_region_name : us-east-1
3856 aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
39- npm_package_name : ' mongodb'
40- - run : npm publish --provenance --tag=5x
41- env :
42- NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
57+ npm_package_name : mongodb
58+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
4359
44- generate_sarif_report :
45- environment : release
46- runs-on : ubuntu-latest
47- needs : [release_please]
48- permissions :
49- # required for all workflows
50- security-events : write
51- id-token : write
52- contents : write
60+ - name : Copy sbom file to release assets
61+ shell : bash
62+ if : ${{ '' == '' }}
63+ run : cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
5364
54- steps :
55- - uses : actions/checkout@v4
56- - name : Set up drivers-github-tools
57- uses : mongodb-labs/drivers-github-tools/setup @v2
65+ # only used for mongodb-client-encryption
66+ - name : Augment SBOM and copy to release assets
67+ if : ${{ '' != '' }}
68+ uses : mongodb-labs/drivers-github-tools/sbom @v2
5869 with :
59- aws_region_name : us-east-1
60- aws_role_arn : ${{ secrets.aws_role_arn }}
61- aws_secret_id : ${{ secrets.aws_secret_id }}
70+ silk_asset_group : ' '
71+ sbom_file_name : sbom.json
6272
63- - name : " Generate Sarif Report "
64- uses : mongodb-labs/drivers-github-tools/code-scanning-export @v2
73+ - name : Generate authorized pub report
74+ uses : mongodb-labs/drivers-github-tools/full-report @v2
6575 with :
66- ref : 5.x
67- output-file : sarif-report.json
76+ release_version : ${{ env.package_version }}
77+ product_name : mongodb
78+ sarif_report_target_ref : 5.x
79+ third_party_dependency_tool : n/a
80+ dist_filenames : artifacts/*
81+ token : ${{ github.token }}
82+ sbom_file_name : sbom.json
83+ evergreen_project : mongo-node-driver-next
84+ evergreen_commit : ${{ env.commit }}
6885
69- - name : Get release version and release package file name
70- id : get_version
71- shell : bash
72- run : |
73- package_version=$(jq --raw-output '.version' package.json)
74- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
75- name : actions/publish_asset_to_s3
76- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
86+ - uses : mongodb-labs/drivers-github-tools/upload-s3-assets@v2
7787 with :
78- version : ${{ steps.get_version.outputs.package_version }}
79- product_name : node-mongodb-native
80- file : sarif-report.json
81- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
88+ version : ${{ env.package_version }}
89+ product_name : mongodb
90+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
8291
83- upload_sbom_lite :
92+ publish :
93+ needs : [release_please, ssdlc, build]
8494 environment : release
8595 runs-on : ubuntu-latest
86- needs : [release_please]
87- permissions :
88- # required for all workflows
89- security-events : write
90- id-token : write
91- contents : write
92-
9396 steps :
9497 - uses : actions/checkout@v4
95- - name : Set up drivers-github-tools
96- uses : mongodb-labs/drivers-github-tools/setup@v2
97- with :
98- aws_region_name : us-east-1
99- aws_role_arn : ${{ secrets.aws_role_arn }}
100- aws_secret_id : ${{ secrets.aws_secret_id }}
10198
102- - name : Get release version and release package file name
103- id : get_version
104- shell : bash
105- run : |
106- package_version=$(jq --raw-output '.version' package.json)
107- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
99+ - name : Install Node and dependencies
100+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
108101
109- name : actions/publish_asset_to_s3
110- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
111- with :
112- version : ${{ steps.get_version.outputs.package_version }}
113- product_name : node-mongodb-native
114- file : sbom.json
115- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
102+ - run : npm publish --provenance --tag=5x
103+ if : ${{ needs.release_please.outputs.release_created }}
104+ env :
105+ NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
0 commit comments