Skip to content

release

release #8

Workflow file for this run

on:
push:
branches: ["main"]
workflow_dispatch: {}
permissions:
contents: write
pull-requests: write
id-token: write
name: release
jobs:
release_please:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- id: release
uses: googleapis/release-please-action@v4
with:
target-branch: main
build:
needs: [release_please]
name: "Perform any build or bundling steps, as necessary."
uses: ./.github/workflows/build.yml
ssdlc:
needs: [release_please, build]
permissions:
# required for all workflows
security-events: write
id-token: write
contents: write
environment: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Node and dependencies
uses: mongodb-labs/drivers-github-tools/node/setup@v2
with:
ignore_install_scripts: true
- name: Load version and package info
uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
with:
npm_package_name: "@mongodb-js/zstd"
# - name: Set up drivers-github-tools
# uses: mongodb-labs/drivers-github-tools/setup@v2
# with:
# aws_region_name: ${{ inputs.aws_region_name }}
# aws_role_arn: ${{ inputs.aws_role_arn }}
# aws_secret_id: ${{ inputs.aws_secret_id }}
- name: actions/compress_sign_and_upload
uses: baileympearson/drivers-github-tools/node/sign_node_package@no-story-files
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: us-east-1
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
npm_package_name: "@mongodb-js/zstd"
dry_run: ${{ needs.release_please.outputs.release_created == '' }}
sign_native: true
- name: Copy sbom file to release assets
shell: bash
if: ${{ 'node-zstd' == '' }}
run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
# only used for mongodb-client-encryption
- name: Augment SBOM and copy to release assets
if: ${{ 'node-zstd' != '' }}
uses: mongodb-labs/drivers-github-tools/sbom@v2
with:
silk_asset_group: "node-zstd"
sbom_file_name: sbom.json
- name: Generate authorized pub report
uses: mongodb-labs/drivers-github-tools/full-report@v2
with:
release_version: ${{ env.package_version }}
product_name: "@mongodb-js/zstd"
sarif_report_target_ref: main
third_party_dependency_tool: n/a
dist_filenames: artifacts/*
token: ${{ github.token }}
sbom_file_name: sbom.json
- uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
with:
version: ${{ env.package_version }}
product_name: "@mongodb-js/zstd"
dry_run: ${{ needs.release_please.outputs.release_created == '' }}
# publish:
# needs: [release_please, ssdlc, build]
# environment: release
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - name: Install Node and dependencies
# uses: mongodb-labs/drivers-github-tools/node/setup@v2
# with:
# ignore_install_scripts: true
# - run: npm publish --provenance
# if: ${{ needs.release_please.outputs.release_created }}
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}