combine

baileympearson · baileympearson · commit 4cc2a44bab3c · 2024-06-20T14:48:34.000-06:00
diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml
@@ -18,11 +18,14 @@ jobs:
     steps:
       - id: release
         uses: googleapis/release-please-action@v4
-        with:
-          target-branch: 5.x
 
-  compress_sign_and_upload:
+  ssdlc:
     needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
     environment: release
     runs-on: ubuntu-latest
     steps:
@@ -46,140 +49,38 @@ jobs:
           npm_package_name: 'mongodb'
           dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
+      - name: Copy sbom file to release assets
+        shell: bash
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
       - name: Generate authorized pub report
-        uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
+        uses: baileympearson/drivers-github-tools/full-report@adjust-shared-actions-for-node
         with:
           release_version: ${{ steps.get_version.outputs.package_version }}
           product_name: node-mongodb-native
+          sarif_report_target_ref: 5.x
           # <package> and <package>.sig
-          filenames: ${{ steps.get_vars.outputs.package_file }}*
+          dist_filenames: ${{ steps.get_vars.outputs.package_file }}*
           token:  ${{ github.token }}
+          sbom_file_name: sbom.json
 
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
+      - uses: baileympearson/drivers-github-tools/upload-s3-assets@adjust-shared-actions-for-node
         with:
-          version: ${{ steps.get_version.outputs.package_version }}
-          product_name: node-mongodb-native
-          file: ${{env.S3_ASSETS}}/authorized-publication.txt
+          version: ${{ inputs.version }}
+          product_name: ${{ inputs.product_name }}
           dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
 
-      - run: npm publish --provenance --tag=5x
-        if: ${{ needs.release_please.outputs.release_created }}
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
-  generate_sarif_report:
+  publish:
+    needs: [release_please, ssdlc]
     environment: release
     runs-on: ubuntu-latest
-    needs: [release_please]
-    permissions:
-      # required for all workflows
-      security-events: write
-      id-token: write
-      contents: write
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up drivers-github-tools
-        uses: mongodb-labs/drivers-github-tools/setup@v2
-        with:
-          aws_region_name: us-east-1
-          aws_role_arn: ${{ secrets.aws_role_arn }}
-          aws_secret_id: ${{ secrets.aws_secret_id }}
-
-      - name: "Generate Sarif Report"
-        uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
-        with:
-          ref: 5.x
-          output-file: sarif-report.json
-
-      - name: Get release version and release package file name
-        id: get_version
-        shell: bash
-        run: |
-          package_version=$(jq --raw-output '.version' package.json)
-          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
-        with:
-          version: ${{ steps.get_version.outputs.package_version }}
-          product_name: node-mongodb-native
-          file: sarif-report.json
-          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
-
-  upload_sbom_lite:
-    environment: release
-    runs-on: ubuntu-latest
-    needs: [release_please]
-    permissions:
-      # required for all workflows
-      security-events: write
-      id-token: write
-      contents: write
-
     steps:
       - uses: actions/checkout@v4
-      - name: Set up drivers-github-tools
-        uses: mongodb-labs/drivers-github-tools/setup@v2
-        with:
-          aws_region_name: us-east-1
-          aws_role_arn: ${{ secrets.aws_role_arn }}
-          aws_secret_id: ${{ secrets.aws_secret_id }}
-
-      - name: Get release version and release package file name
-        id: get_version
-        shell: bash
-        run: |
-          package_version=$(jq --raw-output '.version' package.json)
-          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
-        with:
-          version: ${{ steps.get_version.outputs.package_version }}
-          product_name: node-mongodb-native
-          file: sbom.json
-          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
-
-  generate_compliance_report:
-    environment: release
-    runs-on: ubuntu-latest
-    needs: [release_please]
-    permissions:
-      # required for all workflows
-      security-events: write
-      id-token: write
-      contents: write
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up drivers-github-tools
-        uses: mongodb-labs/drivers-github-tools/setup@v2
-        with:
-          aws_region_name: us-east-1
-          aws_role_arn: ${{ secrets.aws_role_arn }}
-          aws_secret_id: ${{ secrets.aws_secret_id }}
-
-      - name: Get release version and release package file name
-        id: get_version
-        shell: bash
-        run: |
-          package_version=$(jq --raw-output '.version' package.json)
-          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-
-      - name: Generate compliance report
-        uses: mongodb-labs/drivers-github-tools/compliance-report@v2
-        with:
-          sbom_name: sbom.json
-          sarif_name: sarif-report.json
-          security_report_location: tbd
-          release_version: ${{ steps.get_version.outputs.package_version }}
-          token:  ${{ github.token }}
+      - name: actions/setup
+        uses: ./.github/actions/setup
 
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
-        with:
-          version: ${{ steps.get_version.outputs.package_version }}
-          product_name: node-mongodb-native
-          file: ${{env.S3_ASSETS}}/ssdlc_compliance_report.txt
-          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+      - run: npm publish --provenance --tag=5.x
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,8 +19,13 @@ jobs:
       - id: release
         uses: googleapis/release-please-action@v4
 
-  compress_sign_and_upload:
+  ssdlc:
     needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
     environment: release
     runs-on: ubuntu-latest
     steps:
@@ -44,6 +49,10 @@ jobs:
           npm_package_name: 'mongodb'
           dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
+      - name: Copy sbom file to release assets
+        shell: bash
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
       - name: Generate authorized pub report
         uses: baileympearson/drivers-github-tools/full-report@adjust-shared-actions-for-node
         with:
@@ -53,8 +62,10 @@ jobs:
           # <package> and <package>.sig
           dist_filenames: ${{ steps.get_vars.outputs.package_file }}*
           token:  ${{ github.token }}
+          sbom_file_name: sbom.json
 
-      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+
+      - uses: baileympearson/drivers-github-tools/upload-s3-assets@adjust-shared-actions-for-node
         with:
           version: ${{ inputs.version }}
           product_name: ${{ inputs.product_name }}
@@ -64,3 +75,17 @@ jobs:
         if: ${{ needs.release_please.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  publish:
+    needs: [release_please, ssdlc]
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: actions/setup
+        uses: ./.github/actions/setup
+
+      - run: npm publish --provenance --tag=latest
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
