diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 945259d32d..7600e7f9a1 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -36,5 +36,9 @@ jobs: ref: ${{ inputs.ref }} - name: Install Node and dependencies uses: mongodb-labs/drivers-github-tools/node/setup@v3 - - run: npm version "${{ inputs.version }}" --git-tag-version=false --allow-same-version - - run: npm publish --provenance --tag="${{ inputs.tag }}" + - run: npm version "$VERSION" --git-tag-version=false --allow-same-version + env: + VERSION: ${{ inputs.version }} + - run: npm publish --provenance --tag="$TAG" + env: + TAG: ${{ inputs.tag }} diff --git a/.github/workflows/release-6.8.yml b/.github/workflows/release-6.8.yml deleted file mode 100644 index e3c8c6a2e5..0000000000 --- a/.github/workflows/release-6.8.yml +++ /dev/null @@ -1,113 +0,0 @@ -on: - push: - branches: ['6.8'] - workflow_dispatch: {} - -permissions: - contents: write - pull-requests: write - id-token: write - -name: release-68 - -jobs: - release_please: - runs-on: ubuntu-latest - outputs: - release_created: ${{ steps.release.outputs.release_created }} - steps: - - id: release - uses: googleapis/release-please-action@v4 - with: - target-branch: '6.8' - - build: - needs: [release_please] - name: 'Perform any build or bundling steps, as necessary.' - uses: ./.github/workflows/build.yml - - ssdlc: - needs: [release_please, build] - permissions: - # required for all workflows - security-events: write - id-token: write - contents: write - environment: release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - with: - ref: '6.8' - - - name: Install Node and dependencies - uses: mongodb-labs/drivers-github-tools/node/setup@v3 - with: - ignore_install_scripts: false - - - name: Load version and package info - uses: mongodb-labs/drivers-github-tools/node/get_version_info@v3 - with: - npm_package_name: mongodb - - - name: actions/compress_sign_and_upload - uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v3 - with: - aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: us-east-1 - aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - npm_package_name: mongodb - dry_run: ${{ needs.release_please.outputs.release_created == '' }} - - - name: Copy sbom file to release assets - shell: bash - if: ${{ '' == '' }} - run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - - # only used for mongodb-client-encryption - - name: Augment SBOM and copy to release assets - if: ${{ '' != '' }} - uses: mongodb-labs/drivers-github-tools/sbom@v3 - with: - silk_asset_group: '' - sbom_file_name: sbom.json - - - name: Generate authorized pub report - uses: mongodb-labs/drivers-github-tools/full-report@v3 - with: - release_version: ${{ env.package_version }} - product_name: mongodb - sarif_report_target_ref: '6.8' - third_party_dependency_tool: n/a - dist_filenames: artifacts/* - token: ${{ github.token }} - sbom_file_name: sbom.json - evergreen_project: mongo-node-driver-next - evergreen_commit: ${{ env.commit }} - - - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v3 - with: - version: ${{ env.package_version }} - product_name: mongodb - dry_run: ${{ needs.release_please.outputs.release_created == '' }} - - publish: - needs: [release_please, ssdlc, build] - environment: release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - with: - ref: '6.8' - - - name: Install Node and dependencies - uses: mongodb-labs/drivers-github-tools/node/setup@v3 - - # Just picking a string to put here so that releases from this branch are not marked "latest", - # we should go and rm-dist-tag after this is published, no reason to keep it tagged. - - run: | - npm publish --provenance --tag=tag-for-publishing-older-releases - npm dist-tag rm mongodb tag-for-publishing-older-releases - if: ${{ needs.release_please.outputs.release_created }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release-alpha.yml b/.github/workflows/release-alpha.yml index 2c7c0c8d64..759de2b282 100644 --- a/.github/workflows/release-alpha.yml +++ b/.github/workflows/release-alpha.yml @@ -9,7 +9,8 @@ on: type: string permissions: - id-token: write + actions: write + contents: read name: release-alpha @@ -18,17 +19,22 @@ jobs: runs-on: ubuntu-latest steps: - shell: bash + env: + ALPHA_VERSION: ${{ inputs.alphaVersion }} run: | ALPHA_SEMVER_REGEXP="-alpha(\.([0-9]|[1-9][0-9]+))?$" - if ! [[ "${{ inputs.alphaVersion }}" =~ $ALPHA_SEMVER_REGEXP ]]; then + if ! [[ "$ALPHA_VERSION" =~ $ALPHA_SEMVER_REGEXP ]]; then echo "Invalid alphaVersion string" exit 1 fi - uses: actions/checkout@v5 - - name: Install Node and dependencies - uses: mongodb-labs/drivers-github-tools/node/setup@v3 - - run: npm version "${{ inputs.alphaVersion }}" --git-tag-version=false - - run: npm publish --provenance --tag=alpha + - name: Dispatch npm-publish workflow env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ github.token }} + ALPHA_VERSION: ${{ inputs.alphaVersion }} + run: | + node ./.github/scripts/dispatch-and-wait.mjs npm-publish.yml \ + tag=alpha \ + version="$ALPHA_VERSION" \ + ref="${{ github.sha }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dae8942a43..ac9810e05b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,6 @@ on: permissions: contents: write pull-requests: write - id-token: write name: release-latest @@ -91,15 +90,20 @@ jobs: publish: needs: [release_please, ssdlc, build] + permissions: + actions: write + contents: read environment: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - name: Install Node and dependencies - uses: mongodb-labs/drivers-github-tools/node/setup@v3 - - - run: npm publish --provenance --tag=latest + - name: Dispatch npm-publish workflow if: ${{ needs.release_please.outputs.release_created }} env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ github.token }} + run: | + node ./.github/scripts/dispatch-and-wait.mjs npm-publish.yml \ + tag=latest \ + version="$(node -p "require('./package.json').version")" \ + ref="${{ github.sha }}"