use latest generated template

mongodb-js · Jun 26, 2024 · 53970f4 · 53970f4
1 parent 76431e7
commit 53970f4
Showing 1 changed file with 23 additions and 14 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,17 +1,15 @@
 on:
  push:
  branches: [main]
- pull_request:
- branches: [main]
  workflow_dispatch: {}
 
-name: Release
-
 permissions:
  contents: write
  pull-requests: write
  id-token: write
 
+name: release-latest
+
 jobs:
  release_please:
  runs-on: ubuntu-latest
@@ -20,10 +18,12 @@ jobs:
  steps:
  - id: release
  uses: googleapis/release-please-action@v4
+ with:
+ target-branch: main
 
  build:
  needs: [release_please]
- name: "Build native code"
+ name: "Perform any build or bundling steps, as necessary."
  uses: ./.github/workflows/build.yml
 
  ssdlc:
@@ -40,43 +40,52 @@ jobs:
 
  - name: Install Node and dependencies
  uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node
+ with:
+ ignore_install_scripts: true
 
  - name: Load version and package info
  uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node
  with:
  npm_package_name: mongodb-client-encryption
 
- - name: actions/sign_and_upload_package
- uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node
+ - name: actions/compress_sign_and_upload
+ uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node
  with:
  aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
- aws_region_name: 'us-east-1'
+ aws_region_name: us-east-1
  aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
- npm_package_name: 'mongodb-client-encryption'
+ npm_package_name: mongodb-client-encryption
  dry_run: ${{ needs.release_please.outputs.release_created == '' }}
- sign_native: true
 
  - name: Copy sbom file to release assets
  shell: bash
+ if: ${{ '' == '' }}
  run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
 
+ # only used for mongodb-client-encryption
+ - name: Augment SBOM and copy to release assets
+ if: ${{ '' != '' }}
+ uses: mongodb-labs/drivers-github-tools/sbom@v2
+ with:
+ silk_asset_group: ''
+ sbom_file_name: sbom.json
+
  - name: Generate authorized pub report
  uses: mongodb-labs/drivers-github-tools/full-report@v2
  with:
  release_version: ${{ env.package_version }}
  product_name: mongodb-client-encryption
  sarif_report_target_ref: main
- third_party_dependency_tool: Silk
- # <package> and <package>.sig
+ third_party_dependency_tool: n/a
  dist_filenames: artifacts/*
- token:  ${{ github.token }}
+ token: ${{ github.token }}
  sbom_file_name: sbom.json
 
  - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
  with:
  version: ${{ env.package_version }}
  product_name: mongodb-client-encryption
- dry_run: false
+ dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
  publish:
  needs: [release_please, ssdlc, build]