From 16ee2bcddf9141fef6a586a6c4a0b3912587ad86 Mon Sep 17 00:00:00 2001 From: Andreas Braun Date: Wed, 28 Jan 2026 09:25:57 +0100 Subject: [PATCH 1/7] Trigger release packaging by tag push (#1916) --- .../workflows/create-release-artifacts.yml | 77 +++++++++++++++++++ ...elease.yml => create-release-packages.yml} | 2 +- .github/workflows/release.yml | 74 ------------------ 3 files changed, 78 insertions(+), 75 deletions(-) create mode 100644 .github/workflows/create-release-artifacts.yml rename .github/workflows/{package-release.yml => create-release-packages.yml} (98%) diff --git a/.github/workflows/create-release-artifacts.yml b/.github/workflows/create-release-artifacts.yml new file mode 100644 index 000000000..96b4283da --- /dev/null +++ b/.github/workflows/create-release-artifacts.yml @@ -0,0 +1,77 @@ +name: create-release-artifacts.yml +on: + push: + tags: + - "*" + +jobs: + static-analysis: + name: "Run Static Analysis" + uses: ./.github/workflows/static-analysis.yml + with: + ref: ${{ github.ref }} + permissions: + security-events: write + id-token: write + + package-release: + name: "Create Release Packages" + uses: ./.github/workflows/create-release-packages.yml + with: + version: ${{ github.ref_name }} + ref: ${{ github.ref }} + secrets: inherit + permissions: + id-token: write + contents: write + + publish-ssdlc-assets: + needs: + - static-analysis + - package-release + environment: release + name: "Publish SSDLC Assets" + runs-on: ubuntu-latest + permissions: + security-events: read + id-token: write + contents: write + + steps: + - name: "Generate token and checkout repository" + uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + # Sets the S3_ASSETS environment variable used later + - name: "Set up drivers-github-tools" + uses: mongodb-labs/drivers-github-tools/setup@v2 + with: + aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} + aws_region_name: ${{ vars.AWS_REGION_NAME }} + aws_secret_id: ${{ secrets.AWS_SECRET_ID }} + + - name: "Remove unnecessary files" + run: rm -f ${RELEASE_ASSETS}/release_run_id.txt + shell: bash + + - name: Download all release artifacts + run: gh release download ${{ github.ref_name }} --dir ${{ env.RELEASE_ASSETS }} + + - name: "Generate SSDLC Reports" + uses: mongodb-labs/drivers-github-tools/full-report@v2 + with: + product_name: "MongoDB PHP Driver (extension)" + release_version: ${{ github.ref_name }} + dist_filenames: "${{ env.RELEASE_ASSETS }}/*" + silk_asset_group: mongodb-php-driver-extension + + - name: "Upload SBOM as release artifact" + run: gh release upload ${{ github.ref_name }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json + + - name: Upload S3 assets + uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 + with: + version: ${{ github.ref_name }} + product_name: mongo-php-driver diff --git a/.github/workflows/package-release.yml b/.github/workflows/create-release-packages.yml similarity index 98% rename from .github/workflows/package-release.yml rename to .github/workflows/create-release-packages.yml index 3b5615c5b..be93ebb6b 100644 --- a/.github/workflows/package-release.yml +++ b/.github/workflows/create-release-packages.yml @@ -88,6 +88,6 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: version: ${{ inputs.version }} - ref: refs/tags/${{ inputs.version }} + ref: ${{ inputs.ref }} upload_release_assets: true secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bd657e663..9f0b11389 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -154,77 +154,3 @@ jobs: run: | echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY - - static-analysis: - needs: prepare-release - name: "Run Static Analysis" - uses: ./.github/workflows/static-analysis.yml - with: - ref: refs/tags/${{ inputs.version }} - permissions: - security-events: write - id-token: write - - package-release: - needs: prepare-release - name: "Create Release Packages" - uses: ./.github/workflows/package-release.yml - with: - version: ${{ inputs.version }} - ref: refs/tags/${{ inputs.version }} - secrets: inherit - permissions: - id-token: write - contents: write - - publish-ssdlc-assets: - needs: - - static-analysis - - package-release - environment: release - name: "Publish SSDLC Assets" - runs-on: ubuntu-latest - permissions: - security-events: read - id-token: write - contents: write - - steps: - - name: "Generate token and checkout repository" - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 - with: - app_id: ${{ vars.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - ref: refs/tags/${{ inputs.version }} - - # Sets the S3_ASSETS environment variable used later - - name: "Set up drivers-github-tools" - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: ${{ vars.AWS_REGION_NAME }} - aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - - - name: "Remove unnecessary files" - run: rm -f ${RELEASE_ASSETS}/release_run_id.txt - shell: bash - - - name: Download all release artifacts - run: gh release download ${{ inputs.version }} --dir ${{ env.RELEASE_ASSETS }} - - - name: "Generate SSDLC Reports" - uses: mongodb-labs/drivers-github-tools/full-report@v2 - with: - product_name: "MongoDB PHP Driver (extension)" - release_version: ${{ inputs.version }} - dist_filenames: "${{ env.RELEASE_ASSETS }}/*" - silk_asset_group: mongodb-php-driver-extension - - - name: "Upload SBOM as release artifact" - run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json - - - name: Upload S3 assets - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 - with: - version: ${{ inputs.version }} - product_name: mongo-php-driver From 2015207b0849283abe61ca2a873ae703c53e9226 Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 08:31:50 +0000 Subject: [PATCH 2/7] Package 1.21.3 Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- phongo_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phongo_version.h b/phongo_version.h index 3b889cf13..624eb69e7 100644 --- a/phongo_version.h +++ b/phongo_version.h @@ -22,8 +22,8 @@ * publishing a release. */ /* clang-format off */ -#define PHP_MONGODB_VERSION "1.21.3dev" -#define PHP_MONGODB_STABILITY "devel" +#define PHP_MONGODB_VERSION "1.21.3" +#define PHP_MONGODB_STABILITY "stable" #define PHP_MONGODB_VERSION_DESC 1,21,3,0 /* clang-format on */ From 1e850529141bc86b9bf196a56fd80ce0b12ee2cd Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 08:31:57 +0000 Subject: [PATCH 3/7] Back to -dev Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- phongo_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phongo_version.h b/phongo_version.h index 624eb69e7..36b23e176 100644 --- a/phongo_version.h +++ b/phongo_version.h @@ -22,9 +22,9 @@ * publishing a release. */ /* clang-format off */ -#define PHP_MONGODB_VERSION "1.21.3" -#define PHP_MONGODB_STABILITY "stable" -#define PHP_MONGODB_VERSION_DESC 1,21,3,0 +#define PHP_MONGODB_VERSION "1.21.4dev" +#define PHP_MONGODB_STABILITY "devel" +#define PHP_MONGODB_VERSION_DESC 1,21,4,0 /* clang-format on */ #endif /* PHONGO_VERSION_H */ From 3812e638581bac0ba366b628fff27aa625d467f6 Mon Sep 17 00:00:00 2001 From: Andreas Braun Date: Wed, 28 Jan 2026 09:49:07 +0100 Subject: [PATCH 4/7] Fix broken release workflow (#1919) * Fix workflow name for creating release artifacts * Remove ref parameter from php-windows-builder --- .github/actions/windows/build/action.yml | 4 ---- .github/workflows/build-windows-packages.yml | 1 - .github/workflows/create-release-artifacts.yml | 3 ++- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/actions/windows/build/action.yml b/.github/actions/windows/build/action.yml index 85cc96593..ac131c2aa 100644 --- a/.github/actions/windows/build/action.yml +++ b/.github/actions/windows/build/action.yml @@ -1,9 +1,6 @@ name: "Build DLL files for Windows" description: "Prepares the PHP build environment for the MongoDB driver" inputs: - ref: - description: Git reference to build - required: false php-version: description: "PHP version to build for" required: true @@ -23,7 +20,6 @@ runs: - name: Build extension uses: php/php-windows-builder/extension@1.6.0 with: - extension-ref: ${{ inputs.ref }} php-version: ${{ inputs.php-version }} arch: ${{ inputs.arch }} ts: ${{ inputs.ts }} diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index d48538c3d..4bfb02853 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -48,7 +48,6 @@ jobs: id: build-driver uses: ./.github/actions/windows/build with: - ref: ${{ inputs.ref }} php-version: ${{ matrix.php-version }} arch: ${{ matrix.arch }} ts: ${{ matrix.ts }} diff --git a/.github/workflows/create-release-artifacts.yml b/.github/workflows/create-release-artifacts.yml index 96b4283da..a30f88340 100644 --- a/.github/workflows/create-release-artifacts.yml +++ b/.github/workflows/create-release-artifacts.yml @@ -1,4 +1,5 @@ -name: create-release-artifacts.yml +name: Create Release Artifacts +run-name: Create Release artifacts for ${{ github.ref_name }} on: push: tags: From dc49c0187ac54f42a994578d38b1bb8d0708a337 Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:00:19 +0000 Subject: [PATCH 5/7] Package 1.21.4 Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- phongo_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phongo_version.h b/phongo_version.h index 36b23e176..ac23a84a3 100644 --- a/phongo_version.h +++ b/phongo_version.h @@ -22,8 +22,8 @@ * publishing a release. */ /* clang-format off */ -#define PHP_MONGODB_VERSION "1.21.4dev" -#define PHP_MONGODB_STABILITY "devel" +#define PHP_MONGODB_VERSION "1.21.4" +#define PHP_MONGODB_STABILITY "stable" #define PHP_MONGODB_VERSION_DESC 1,21,4,0 /* clang-format on */ From 37e939e943160988dcdc3c8c34313e1653890a51 Mon Sep 17 00:00:00 2001 From: "mongodb-dbx-release-bot[bot]" <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:00:26 +0000 Subject: [PATCH 6/7] Back to -dev Signed-off-by: mongodb-dbx-release-bot[bot] <167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com> --- phongo_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phongo_version.h b/phongo_version.h index ac23a84a3..549fada84 100644 --- a/phongo_version.h +++ b/phongo_version.h @@ -22,9 +22,9 @@ * publishing a release. */ /* clang-format off */ -#define PHP_MONGODB_VERSION "1.21.4" -#define PHP_MONGODB_STABILITY "stable" -#define PHP_MONGODB_VERSION_DESC 1,21,4,0 +#define PHP_MONGODB_VERSION "1.21.5dev" +#define PHP_MONGODB_STABILITY "devel" +#define PHP_MONGODB_VERSION_DESC 1,21,5,0 /* clang-format on */ #endif /* PHONGO_VERSION_H */ From ed8d14cd527143c207d6d6bcca2a1d797bf287d4 Mon Sep 17 00:00:00 2001 From: Andreas Braun Date: Wed, 28 Jan 2026 10:55:48 +0100 Subject: [PATCH 7/7] Fix wrong path for artifact signing (#1923) --- .github/workflows/build-windows-packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml index 4bfb02853..a314a3b3a 100644 --- a/.github/workflows/build-windows-packages.yml +++ b/.github/workflows/build-windows-packages.yml @@ -86,7 +86,7 @@ jobs: - name: "Create detached signatures for packages" uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 with: - filenames: php_mongodb*.zip + filenames: artifacts/php_mongodb*.zip - name: "Move signatures from release assets folder" run: |