release-latest #159

Workflow file for this run

.github/workflows/release.yml at 68f67ba

	on:
	push:
	branches: [main]
	workflow_dispatch: {}

	permissions:
	contents: write
	pull-requests: write
	id-token: write

	name: release

	jobs:
	release_please:
	runs-on: ubuntu-latest
	outputs:
	release_created: ${{ steps.release.outputs.release_created }}
	steps:
	- id: release
	uses: googleapis/release-please-action@v4

	ssdlc:
	needs: [release_please]
	permissions:
	# required for all workflows
	security-events: write
	id-token: write
	contents: write
	environment: release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: actions/setup
	uses: ./.github/actions/setup

	- name: Load version and package info
	uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node

	- name: actions/compress_sign_and_upload
	uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node
	with:
	aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
	aws_region_name: us-east-1
	aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
	npm_package_name: bson
	dry_run: ${{ needs.release_please.outputs.release_created == '' }}

	- name: Copy sbom file to release assets
	shell: bash
	run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json

	- name: Generate authorized pub report
	uses: mongodb-labs/drivers-github-tools/full-report@v2
	with:
	release_version: ${{ env.package_version }}
	product_name: bson
	sarif_report_target_ref: main
	third_party_dependency_tool: n/a
	# <package> and <package>.sig
	dist_filenames: ${{ env.package_file }}*
	token: ${{ github.token }}
	sbom_file_name: sbom.json

	- uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
	with:
	version: ${{ env.package_version.package_version }}
	product_name: bson
	dry_run: ${{ needs.release_please.outputs.release_created == '' }}

	publish:
	needs: [release_please, ssdlc]
	environment: release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: actions/setup
	uses: ./.github/actions/setup

	- run: npm publish --provenance --tag=latest
	if: ${{ needs.release_please.outputs.release_created }}
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release-latest #159

Workflow file

release-latest #159

Jobs

Run details

Workflow file for this run