Skip to content

Commit

Permalink
GODRIVER-3192 Add SSDLC workflow (#1680)
Browse files Browse the repository at this point in the history
Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com>
Co-authored-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com>
  • Loading branch information
blink1073 and mongodb-dbx-release-bot[bot] authored Jun 27, 2024
1 parent 90146e7 commit ad12442
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 7 deletions.
7 changes: 0 additions & 7 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,6 @@ jobs:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: read

strategy:
fail-fast: false
matrix:
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Release

on:
workflow_dispatch:
inputs:
version:
description: "The new version to set"
required: true
prev_version:
description: "The previous tagged version"
required: true
push_changes:
description: "Push changes?"
default: true
type: boolean

defaults:
run:
shell: bash -eux {0}

env:
# Changes per branch
SILK_ASSET_GROUP: mongodb-go-driver-v1
EVERGREEN_PROJECT: mongo-go-driver-v1

jobs:
pre-publish:
environment: release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
outputs:
prev_version: ${{ steps.pre-publish.outputs.prev_version }}
steps:
- uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: ${{ vars.AWS_REGION_NAME }}
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
- name: Pre Publish
id: pre-publish
uses: mongodb-labs/drivers-github-tools/golang/pre-publish@v2
with:
version: ${{ inputs.version }}
push_changes: ${{ inputs.push_changes }}

static-scan:
needs: [pre-publish]
permissions:
security-events: write
uses: ./.github/workflows/codeql.yml
with:
ref: ${{ github.ref }}

publish:
needs: [pre-publish, static-scan]
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
contents: write
security-events: read
steps:
- uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: ${{ vars.AWS_REGION_NAME }}
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
- name: Publish
uses: mongodb-labs/drivers-github-tools/golang/publish@v2
with:
version: ${{ inputs.version }}
silk_asset_group: ${{ env.SILK_ASSET_GROUP }}
evergreen_project: ${{ env.EVERGREEN_PROJECT }}
prev_version: ${{ inputs.prev_version }}
push_changes: ${{ inputs.push_changes }}
token: ${{ env.GH_TOKEN }}

0 comments on commit ad12442

Please sign in to comment.