Skip to content

release-latest

release-latest #156

Workflow file for this run

on:
push:
branches: [main]
workflow_dispatch: {}
permissions:
contents: write
pull-requests: write
id-token: write
name: release
jobs:
release_please:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- id: release
uses: googleapis/release-please-action@v4
ssdlc:
needs: [release_please]
permissions:
# required for all workflows
security-events: write
id-token: write
contents: write
environment: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: actions/setup
uses: ./.github/actions/setup
- name: Get release version and release package file name
id: get_vars
shell: bash
run: |
package_version=$(jq --raw-output '.version' package.json)
echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
echo "package_file=bson-${package_version}.tgz" >> "$GITHUB_OUTPUT"
- name: actions/compress_sign_and_upload
uses: ./.github/actions/compress_sign_and_upload
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: 'us-east-1'
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
npm_package_name: 'bson'
dry_run: ${{ needs.release_please.outputs.release_created == '' }}
- name: Copy sbom file to release assets
shell: bash
run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
- name: Generate authorized pub report
uses: mongodb-labs/drivers-github-tools/full-report@v2
with:
release_version: ${{ steps.get_version.outputs.package_version }}
product_name: bson
sarif_report_target_ref: main
third_party_dependency_tool: n/a
# <package> and <package>.sig
dist_filenames: ${{ steps.get_vars.outputs.package_file }}*
token: ${{ github.token }}
sbom_file_name: sbom.json
- uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
with:
version: ${{ steps.get_version.outputs.package_version }}
product_name: bson
dry_run: false
publish:
needs: [release_please, ssdlc]
environment: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: actions/setup
uses: ./.github/actions/setup
- run: npm publish --provenance --tag=latest
if: ${{ needs.release_please.outputs.release_created }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}