Release 4.4.2 #4

Workflow file for this run

.github/workflows/release.yml at 481d5fc

	name: "Release New Version"
	run-name: "Release ${{ inputs.version }}"

	on:
	workflow_dispatch:
	inputs:
	version:
	description: "The version to be released. This is checked for consistency with the branch name and configuration"
	required: true
	type: "string"

	jobs:
	prepare-release:
	environment: release
	name: "Prepare release"
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: write

	steps:
	- name: "Create release output"
	run: echo '🎬 Release process for version ${{ inputs.version }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY

	- name: "Generate token and checkout repository"
	uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
	with:
	app_id: ${{ vars.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}

	- name: "Store version numbers in env variables"
	run: \|
	echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV
	echo RELEASE_BRANCH=$(echo ${{ inputs.version }} \| cut -d '.' -f-2) >> $GITHUB_ENV

	- name: "Ensure release tag does not already exist"
	run: \|
	if [[ $(git tag -l ${RELEASE_VERSION}) == ${RELEASE_VERSION} ]]; then
	echo '❌ Release failed: tag for version ${{ inputs.version }} already exists' >> $GITHUB_STEP_SUMMARY
	exit 1
	fi

	# - name: "Fail if branch names don't match"
	# if: ${{ github.ref_name != env.RELEASE_BRANCH }}
	# run: \|
	# echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }}, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY
	# exit 1

	#
	# Preliminary checks done - commence the release process
	#

	- name: "Set up drivers-github-tools"
	uses: mongodb-labs/drivers-github-tools/setup@v2
	with:
	aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
	aws_region_name: ${{ vars.AWS_REGION_NAME }}
	aws_secret_id: ${{ secrets.AWS_SECRET_ID }}

	# Create draft release with release notes
	- name: "Create draft release"
	run: echo "RELEASE_URL=$(gh release create ${{ inputs.version }} --target ${{ github.ref_name }} --title "${{ inputs.version }}" --generate-notes --draft)" >> "$GITHUB_ENV"

	- name: "Create release tag"
	uses: mongodb-labs/drivers-github-tools/tag-version@v2
	with:
	version: ${{ inputs.version }}
	tag_message_template: 'Release ${VERSION}'

	# TODO: Manually merge using ours strategy. This avoids merge-up pull requests being created
	# Process is:
	# 1. switch to next branch (according to merge-up action)
	# 2. merge release branch using --strategy=ours
	# 3. push next branch
	# 4. switch back to release branch, then push

	- name: "Set summary"
	run: \|
	echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
	echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY

	static-analysis:
	needs: prepare-release
	name: "Run Static Analysis"
	uses: ./.github/workflows/static-analysis.yml
	with:
	ref: refs/tags/${{ inputs.version }}
	permissions:
	security-events: write
	id-token: write

	publish-ssdlc-assets:
	needs: static-analysis
	environment: release
	name: "Publish SSDLC Assets"
	runs-on: ubuntu-latest
	permissions:
	security-events: read
	id-token: write
	contents: write

	steps:
	- name: "Generate token and checkout repository"
	uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
	with:
	app_id: ${{ vars.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	ref: refs/tags/${{ inputs.version }}

	# Sets the S3_ASSETS environment variable used later
	- name: "Set up drivers-github-tools"
	uses: mongodb-labs/drivers-github-tools/setup@v2
	with:
	aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
	aws_region_name: ${{ vars.AWS_REGION_NAME }}
	aws_secret_id: ${{ secrets.AWS_SECRET_ID }}

	- name: "Generate authorized publication document"
	uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
	with:
	product_name: "MongoDB Laravel Integration"
	release_version: ${{ inputs.version }}
	filenames: ""
	token: ${{ env.GH_TOKEN }}

	- name: "Download SBOM file from Silk"
	uses: mongodb-labs/drivers-github-tools/sbom@v2
	with:
	silk_asset_group: laravel-mongodb

	- name: "Upload SBOM as release artifact"
	run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json
	continue-on-error: true

	- name: "Generate SARIF report from code scanning alerts"
	uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
	with:
	ref: ${{ inputs.version }}
	output-file: ${{ env.S3_ASSETS }}/code-scanning-alerts.json

	- name: "Generate compliance report"
	uses: mongodb-labs/drivers-github-tools/compliance-report@v2
	with:
	token: ${{ env.GH_TOKEN }}

	- name: Upload S3 assets
	uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
	with:
	version: ${{ inputs.version }}
	product_name: laravel-mongodb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 4.4.2 #4

Workflow file

Release 4.4.2 #4

Jobs

Run details

Workflow file for this run