Skip to content

Commit

Permalink
chore(NODE-6212): upload sbom to s3 during releases and use actions v2 (
Browse files Browse the repository at this point in the history
  • Loading branch information
baileympearson authored Jun 13, 2024
1 parent 8cf9323 commit 36c8134
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 6 deletions.
39 changes: 36 additions & 3 deletions .github/workflows/release-5.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,7 @@ jobs:
aws_secret_id: ${{ secrets.aws_secret_id }}

- name: "Generate Sarif Report"
# TODO: Use v2 once it has been re-tagged to include this action
uses: mongodb-labs/drivers-github-tools/code-scanning-export@main
uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
with:
ref: 5.x
output-file: sarif-report.json
Expand All @@ -75,9 +74,43 @@ jobs:
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
- name: actions/publish_asset_to_s3
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
with:
version: ${{ steps.get_version.outputs.package_version }}
product_name: js-bson
file: sarif-report.json
dry_run: ${{ needs.release_please.outputs.release_created == '' }}

upload_sbom_lite:
environment: release
runs-on: ubuntu-latest
needs: [release_please]
permissions:
# required for all workflows
security-events: write
id-token: write
contents: write

steps:
- uses: actions/checkout@v4
- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_region_name: us-east-1
aws_role_arn: ${{ secrets.aws_role_arn }}
aws_secret_id: ${{ secrets.aws_secret_id }}

- name: Get release version and release package file name
id: get_version
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
- name: actions/publish_asset_to_s3
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
with:
version: ${{ steps.get_version.outputs.package_version }}
product_name: js-bson
file: sbom.json
dry_run: ${{ needs.release_please.outputs.release_created == '' }}
38 changes: 35 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,7 @@ jobs:
aws_secret_id: ${{ secrets.aws_secret_id }}

- name: "Generate Sarif Report"
# TODO: Use v2 once it has been re-tagged to include this action
uses: mongodb-labs/drivers-github-tools/code-scanning-export@main
uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
with:
ref: main
output-file: sarif-report.json
Expand All @@ -73,10 +72,43 @@ jobs:
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
- name: actions/publish_asset_to_s3
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
with:
version: ${{ steps.get_version.outputs.package_version }}
product_name: js-bson
file: sarif-report.json
dry_run: ${{ needs.release_please.outputs.release_created == '' }}

upload_sbom_lite:
environment: release
runs-on: ubuntu-latest
needs: [release_please]
permissions:
# required for all workflows
security-events: write
id-token: write
contents: write

steps:
- uses: actions/checkout@v4
- name: Set up drivers-github-tools
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_region_name: us-east-1
aws_role_arn: ${{ secrets.aws_role_arn }}
aws_secret_id: ${{ secrets.aws_secret_id }}

- name: Get release version and release package file name
id: get_version
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
- name: actions/publish_asset_to_s3
uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
with:
version: ${{ steps.get_version.outputs.package_version }}
product_name: js-bson
file: sbom.json
dry_run: ${{ needs.release_please.outputs.release_created == '' }}

0 comments on commit 36c8134

Please sign in to comment.