diff --git a/.evergreen/compass_package.sh b/.evergreen/compass_package.sh index 55f8e3ab1f3..6c68bb4fc70 100755 --- a/.evergreen/compass_package.sh +++ b/.evergreen/compass_package.sh @@ -16,3 +16,49 @@ npm run generate-first-party-deps-json ls -la packages/compass/dist ls -la .sbom + +get_compass_package_json_field() { + node -p 'JSON.parse(fs.readFileSync("packages/compass/package.json"))['"'$1'"']' +} + +papertrail() { + set +x + echo "X-PAPERTRAIL-KEY-ID: ${PAPERTRAIL_KEY_ID}" > .papertrail.headers + echo "X-PAPERTRAIL-SECRET-KEY: ${PAPERTRAIL_SECRET_KEY}" >> .papertrail.headers + set -x + + version=$(get_compass_package_json_field version) + product="compass" + if echo "$version" | grep -q -- -dev. ; then + version+="${EVERGREEN_REVISION}_${EVERGREEN_REVISION_ORDER_ID}" + product+="-dev" + elif echo "$version" | grep -q -- -beta. ; then + product+="-beta" + fi + build="${EVERGREEN_TASK_ID}_${EVERGREEN_EXECUTION}" + platform="evergreen" + submitter=$(get_compass_package_json_field releasePublisher) + if [ $submitter = "null" ]; then + submitter="${EVERGREEN_AUTHOR}" + fi + + for file in packages/compass/dist/* ; do + if [ -f "$file" ]; then + filename=$(basename "$file") + checksum=$(shasum -a 256 "$file" | cut -f1 -d' ') + + curl -G -X POST -H @.papertrail.headers "https://papertrail.devprod-infra.prod.corp.mongodb.com/trace" \ + --data-urlencode "version=${version}" \ + --data-urlencode "product=${product}" \ + --data-urlencode "sha256=${checksum}" \ + --data-urlencode "filename=${filename}" \ + --data-urlencode "build=${build}" \ + --data-urlencode "platform=${platform}" \ + --data-urlencode "submitter=${submitter}" + fi + done + + rm -f .papertrail.headers +} + +papertrail diff --git a/.evergreen/functions.yml b/.evergreen/functions.yml index 07e24f4d77f..c812e09a5ad 100644 --- a/.evergreen/functions.yml +++ b/.evergreen/functions.yml @@ -304,7 +304,9 @@ functions: # Load environment variables eval $(.evergreen/print-compass-env.sh) # Generates and expansion file with build target metadata in packages/compass/expansions.yml - npm run --workspace mongodb-compass build-info -- ${target_platform} ${target_arch} --format=yaml --flatten ${compass_distribution} --out expansions.yml + npm run --workspace mongodb-compass build-info -- ${target_platform} ${target_arch} --format=yaml --flatten ${compass_distribution} --out expansions.raw.yml + # the 'author' key conflicts with evergreen's own expansion + grep -v '^author:' < packages/compass/expansions.raw.yml > packages/compass/expansions.yml - command: expansions.update params: # packaging and publishing is using all the *_filename variables @@ -408,6 +410,8 @@ functions: SIGNING_SERVER_USERNAME: ${SIGNING_SERVER_USERNAME} SIGNING_SERVER_PORT: ${SIGNING_SERVER_PORT} GITHUB_PR_NUMBER: ${github_pr_number} + PAPERTRAIL_KEY_ID: ${papertrail_key_id} + PAPERTRAIL_SECRET_KEY: ${papertrail_secret_key} script: | set -e # Load environment variables @@ -452,7 +456,7 @@ functions: set -e # Load environment variables eval $(.evergreen/print-compass-env.sh) - .evergreen/create-static-analysis-report.sh + .evergreen/create-static-analysis-report.sh - command: s3.put params: <<: *save-artifact-params-private diff --git a/.github/workflows/start-beta.yml b/.github/workflows/start-beta.yml index ed947237293..1b66c22c179 100644 --- a/.github/workflows/start-beta.yml +++ b/.github/workflows/start-beta.yml @@ -45,4 +45,5 @@ jobs: run: | node scripts/release.js beta \ --merge-branch="${{ github.event.inputs.mergeBranch || 'main' }}" \ - --next-ga="${{ github.event.inputs.overrideNextGa }}" + --next-ga="${{ github.event.inputs.overrideNextGa }}" \ + --submitter="${{ github.actor }}" diff --git a/.github/workflows/start-ga.yaml b/.github/workflows/start-ga.yaml index 27b9ea9365c..a4ebfa5defa 100644 --- a/.github/workflows/start-ga.yaml +++ b/.github/workflows/start-ga.yaml @@ -47,4 +47,5 @@ jobs: run: | node scripts/release.js ga \ --release-ticket="${{ github.event.inputs.releaseTicket }}" \ - --merge-branch="${{ github.event.inputs.mergeBranch || 'beta-releases' }}" + --merge-branch="${{ github.event.inputs.mergeBranch || 'beta-releases' }}" \ + --submitter="${{ github.actor }}" diff --git a/.mailmap b/.mailmap index 56b7471ba31..845903cd35c 100644 --- a/.mailmap +++ b/.mailmap @@ -1,14 +1,18 @@ -Alena Khineika Alena Khineika <> -Alena Khineika Alena Khineika -Alena Khineika Alena Khineika -Anna Henningsen Anna Henningsen -Anna Henningsen Anna Henningsen -Anna Henningsen Anna Henningsen +Alena Khineika Alena Khineika +Alena Khineika Alena Khineika <> +Alena Khineika +Alena Khineika Alena Khineika +Anna Henningsen Anna Henningsen +Anna Henningsen Anna Henningsen +Anna Henningsen Anna Henningsen +Anna Henningsen Anna Herlihy aherlihy Anna Herlihy anna herlihy +Basit Chonka Brahm Gardner brahmgardner Fred Truman Fred Truman Greenkeeper[bot] Greenkeeper +Himanshu Singh Irina Shestak Irina Shestak Irina Shestak Irina Shestak Irina Shestak lrlna @@ -17,27 +21,34 @@ Jonathan Balsano Jonathan Balsano Jonathan Balsano Joy Sampoonachot Joy Sampoonachot Joy Sampoonachot Joy Sampoonachot +Kevin Mas Ruiz Kevin Meyer kevinat10gen +Le Roux Bodenstein Lucas Hrabovsky Lucas Hrabovsky Marc Schäffner-Gurney Marc Schaffner-Gurney Massimiliano Marcon Massimiliano Marcon Matt Cotter Matt Cotter Matt Fairbrass Matt Fairbrass Matt Kangas Matt Kangas -Maurizio Casimirri Maurizio Casimirri -Maurizio Casimirri maurizio.cas@gmail.com -Maurizio Casimirri mcasimir +Maurizio Casimirri Maurizio Casimirri +Maurizio Casimirri Maurizio Casimirri +Maurizio Casimirri maurizio.cas@gmail.com +Maurizio Casimirri mcasimir +Maurizio Casimirri Michael Rose rosem Paul Thurlow Paul Thurlow +Paula Stachova Preston Vasquez Preston Vasquez -Rhys Howell Anemy -Rhys Howell Rhys -Rhys Howell Rhys Howell +Rhys Howell Rhys Howell +Rhys Howell Anemy +Rhys Howell +Rhys Howell Rhys Howell Satya Sinha Satya Satya Sinha satyasinha Sean Oh Sean Oh -Sergey Petushkov Sergey -Sergey Petushkov Sergey Petushkov +Sergey Petushkov Sergey +Sergey Petushkov Sergey Petushkov +Sergey Petushkov snyk-bot[bot] snyk-bot Thomas Rueckstiess Thomas Rückstieß Thomas Rueckstiess Thomas Rueckstiess @@ -45,4 +56,4 @@ Thomas Rueckstiess Thomas Rueckstiess Waley Waley Waley Chen Yonatan Schreiber yonatan -Yonatan Schreiber yonatan s \ No newline at end of file +Yonatan Schreiber yonatan s diff --git a/packages/compass/.gitignore b/packages/compass/.gitignore index 195d896adad..857337a23bd 100644 --- a/packages/compass/.gitignore +++ b/packages/compass/.gitignore @@ -14,10 +14,11 @@ report.json .compiled-sources/ src/app/.compiled-less/ expansions.yml +expansions.raw.yml .nvmrc .vscode src/app/fonts/akzid* src/app/fonts/Euclid* src/app/fonts/MongoDB* .compile-cache-mappings.json -THIRD-PARTY-NOTICES.md \ No newline at end of file +THIRD-PARTY-NOTICES.md diff --git a/scripts/release.js b/scripts/release.js index 25aac146102..a71e20d4736 100644 --- a/scripts/release.js +++ b/scripts/release.js @@ -23,6 +23,7 @@ program .command('beta') .description('Starts a new beta') .option('--merge-branch ', 'branch to merge', 'main') + .option('--submitter ', 'github username of the releaser', '') .option( '--next-ga [nextGa]', 'next ga version, default to the next GA version in Jira' @@ -32,6 +33,10 @@ program if (!options.mergeBranch) { throw new Error('mergeBranch is required'); } + if (!options.submitter) { + throw new Error('submitter is required'); + } + const publisher = getReleasePublisher(options.submitter); const nextGa = options.nextGa || (await getNextGaVersionInJira()); @@ -62,13 +67,14 @@ program console.info(`Promoting ${currentCompassPackageVersion} to ${nextBeta}`); await syncWithBranch(options.mergeBranch); - await bumpAndPush(nextBeta, BETA_RELEASE_BRANCH); + await bumpAndPush(nextBeta, BETA_RELEASE_BRANCH, publisher); }); program .command('ga') .description('Starts a new GA') .option('--release-ticket ') + .option('--submitter ', 'github username of the releaser', '') .option( '--merge-branch ', 'branch to merge', @@ -83,6 +89,10 @@ program if (!options.mergeBranch) { throw new Error('mergeBranch is required'); } + if (!options.submitter) { + throw new Error('submitter is required'); + } + const publisher = getReleasePublisher(options.submitter); const nextGa = await getReleaseVersionFromTicket(options.releaseTicket); @@ -104,7 +114,7 @@ program } console.info(`Promoting ${currentCompassPackageVersion} to ${nextGa}`); - await bumpAndPush(nextGa, GA_RELEASE_BRANCH); + await bumpAndPush(nextGa, GA_RELEASE_BRANCH, publisher); }); program.parseAsync(); @@ -159,8 +169,37 @@ async function gitCheckout(branchName) { }); } -async function bumpAndPush(nextVersion, releaseBranch) { - await execFile('npm', ['version', nextVersion], { cwd: compassPackagePath }); +async function getReleasePublisher(submitter) { + const publisherData = ( + await execFile( + 'git', + ['check-mailmap', `<${submitter}@users.noreply.github.com>`], + { + cwd: monorepoRoot, + encoding: 'utf8', + } + ) + ).stdout.trim(); + + if (!publisherData.match(/^[^<]+<[^@>]+@mongodb.com>/)) { + throw new Error( + `Could not translate username ${submitter} to recognized authorized email (${publisherData})` + ); + } + return publisherData; +} + +async function bumpAndPush(nextVersion, releaseBranch, publisher) { + await execFile('npm', ['version', '--no-git-tag-version', nextVersion], { + cwd: compassPackagePath, + }); + await fs.writeFile( + compassPackageJsonPath, + JSON.stringify({ + ...JSON.parse(await fs.readFile(compassPackageJsonPath, 'utf8')), + releasePublisher: publisher, + }) + ); await execFile('git', ['add', compassPackageJsonPath, `package-lock.json`], { cwd: monorepoRoot, }); @@ -174,6 +213,26 @@ async function bumpAndPush(nextVersion, releaseBranch) { cwd: monorepoRoot, }); await execFile('git', ['push', '--tags'], { cwd: monorepoRoot }); + + const currentBranch = ( + await execFile('git', ['branch', '--show-current'], { + cwd: monorepoRoot, + encoding: 'utf8', + }) + ).stdout.trim(); + await execFile( + 'gh', + [ + 'workflow', + 'run', + 'codeql.yml', + '-R', + 'mongodb-js/compass', + '-r', + currentBranch, + ], + { cwd: monorepoRoot } + ); } // NOTE: if there are more "unreleased" versions it will