diff --git a/.github/workflows/create-release-artifacts.yml b/.github/workflows/create-release-artifacts.yml new file mode 100644 index 000000000..96b4283da --- /dev/null +++ b/.github/workflows/create-release-artifacts.yml @@ -0,0 +1,77 @@ +name: create-release-artifacts.yml +on: + push: + tags: + - "*" + +jobs: + static-analysis: + name: "Run Static Analysis" + uses: ./.github/workflows/static-analysis.yml + with: + ref: ${{ github.ref }} + permissions: + security-events: write + id-token: write + + package-release: + name: "Create Release Packages" + uses: ./.github/workflows/create-release-packages.yml + with: + version: ${{ github.ref_name }} + ref: ${{ github.ref }} + secrets: inherit + permissions: + id-token: write + contents: write + + publish-ssdlc-assets: + needs: + - static-analysis + - package-release + environment: release + name: "Publish SSDLC Assets" + runs-on: ubuntu-latest + permissions: + security-events: read + id-token: write + contents: write + + steps: + - name: "Generate token and checkout repository" + uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + # Sets the S3_ASSETS environment variable used later + - name: "Set up drivers-github-tools" + uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + + - name: "Remove unnecessary files" + run: rm -f ${RELEASE_ASSETS}/release_run_id.txt + shell: bash + + - name: Download all release artifacts + run: gh release download ${{ github.ref_name }} --dir ${{ env.RELEASE_ASSETS }} + + - name: "Generate SSDLC Reports" + uses: mongodb-labs/drivers-github-tools/full-report@v2 + with: + product_name: "MongoDB PHP Driver (extension)" + release_version: ${{ github.ref_name }} + dist_filenames: "${{ env.RELEASE_ASSETS }}/*" + silk_asset_group: mongodb-php-driver-extension + + - name: "Upload SBOM as release artifact" + run: gh release upload ${{ github.ref_name }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json + + - name: Upload S3 assets + uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 + with: + version: ${{ github.ref_name }} + product_name: mongo-php-driver diff --git a/.github/workflows/package-release.yml b/.github/workflows/create-release-packages.yml similarity index 98% rename from .github/workflows/package-release.yml rename to .github/workflows/create-release-packages.yml index 3b5615c5b..be93ebb6b 100644 --- a/.github/workflows/package-release.yml +++ b/.github/workflows/create-release-packages.yml @@ -88,6 +88,6 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: version: ${{ inputs.version }} - ref: refs/tags/${{ inputs.version }} + ref: ${{ inputs.ref }} upload_release_assets: true secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bd657e663..9f0b11389 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -154,77 +154,3 @@ jobs: run: | echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY - - static-analysis: - needs: prepare-release - name: "Run Static Analysis" - uses: ./.github/workflows/static-analysis.yml - with: - ref: refs/tags/${{ inputs.version }} - permissions: - security-events: write - id-token: write - - package-release: - needs: prepare-release - name: "Create Release Packages" - uses: ./.github/workflows/package-release.yml - with: - version: ${{ inputs.version }} - ref: refs/tags/${{ inputs.version }} - secrets: inherit - permissions: - id-token: write - contents: write - - publish-ssdlc-assets: - needs: - - static-analysis - - package-release - environment: release - name: "Publish SSDLC Assets" - runs-on: ubuntu-latest - permissions: - security-events: read - id-token: write - contents: write - - steps: - - name: "Generate token and checkout repository" - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 - with: - app_id: ${{ vars.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - ref: refs/tags/${{ inputs.version }} - - # Sets the S3_ASSETS environment variable used later - - name: "Set up drivers-github-tools" - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: ${{ vars.AWS_REGION_NAME }} - aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - - - name: "Remove unnecessary files" - run: rm -f ${RELEASE_ASSETS}/release_run_id.txt - shell: bash - - - name: Download all release artifacts - run: gh release download ${{ inputs.version }} --dir ${{ env.RELEASE_ASSETS }} - - - name: "Generate SSDLC Reports" - uses: mongodb-labs/drivers-github-tools/full-report@v2 - with: - product_name: "MongoDB PHP Driver (extension)" - release_version: ${{ inputs.version }} - dist_filenames: "${{ env.RELEASE_ASSETS }}/*" - silk_asset_group: mongodb-php-driver-extension - - - name: "Upload SBOM as release artifact" - run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json - - - name: Upload S3 assets - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 - with: - version: ${{ inputs.version }} - product_name: mongo-php-driver