release-latest #153

Workflow file for this run

.github/workflows/release.yml at 6cdb5b2

	on:
	push:
	branches: [main]
	workflow_dispatch: {}

	permissions:
	contents: write
	pull-requests: write
	id-token: write

	name: release

	jobs:
	release_please:
	runs-on: ubuntu-latest
	outputs:
	release_created: ${{ steps.release.outputs.release_created }}
	steps:
	- id: release
	uses: googleapis/release-please-action@v4

	ssdlc:
	needs: [release_please]
	permissions:
	# required for all workflows
	security-events: write
	id-token: write
	contents: write
	environment: release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: actions/setup
	uses: ./.github/actions/setup
	- name: Get release version and release package file name
	id: get_vars
	shell: bash
	run: \|
	package_version=$(jq --raw-output '.version' package.json)
	echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
	echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT"

	- name: actions/compress_sign_and_upload
	uses: ./.github/actions/compress_sign_and_upload
	with:
	aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
	aws_region_name: 'us-east-1'
	aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
	npm_package_name: 'bson'
	dry_run: ${{ needs.release_please.outputs.release_created == '' }}

	- name: Copy sbom file to release assets
	shell: bash
	run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json

	- name: Generate authorized pub report
	uses: mongodb-labs/drivers-github-tools/full-report@v2
	with:
	release_version: ${{ steps.get_version.outputs.package_version }}
	product_name: bson
	sarif_report_target_ref: main
	third_party_dependency_tool: n/a
	# <package> and <package>.sig
	dist_filenames: ${{ steps.get_vars.outputs.package_file }}*
	token: ${{ github.token }}
	sbom_file_name: sbom.json

	- uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
	with:
	version: ${{ inputs.version }}
	product_name: ${{ inputs.product_name }}
	dry_run: ${{ needs.release_please.outputs.release_created == '' }}

	publish:
	needs: [release_please, ssdlc]
	environment: release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: actions/setup
	uses: ./.github/actions/setup

	- run: npm publish --provenance --tag=latest
	if: ${{ needs.release_please.outputs.release_created }}
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release-latest #153

Workflow file

release-latest #153

Jobs

Run details

Workflow file for this run