make action shared

Author: baileympearson

node/generate_release.js

@@ -4,13 +4,13 @@ const { join } = require('path');
 const args = process.argv.slice(2);
 if (args.length != 3) {
 	console.error(`usage: generate_release.js <package> <branch> <npm tag>`);
-	process.exitCode = 1;
-	process.exit();
+	process.exit(1);
 }
 
 const [package, branch, tag] = args;
 
-const template = readFileSync(join(__dirname, './release_template.yml'), 'utf-8');
+const isNative = package === 'kerberos' || package === 'mongodb-client-encryption';
+const template = readFileSync(join(__dirname, isNative ? './native_release_template.yml' : './release_template.yml'), 'utf-8');
 
 const EVERGREEN_PROJECTS = {
 	'mongodb': 'mongo-node-driver-next',

node/native_release_template.yml

@@ -0,0 +1,96 @@
+on:
+  push:
+    branches: [RELEASE_BRANCH]
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+name: release-RELEASE_TAG
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          target-branch: RELEASE_BRANCH
+  
+  build:
+    needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node
+        with:
+          ignore_install_scripts: true
+
+      - name: Load version and package info
+        uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node
+        with:
+          npm_package_name: RELEASE_PACKAGE
+
+      - name: actions/compress_sign_and_upload
+        uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: us-east-1
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          npm_package_name: RELEASE_PACKAGE
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+      - name: Copy sbom file to release assets
+        shell: bash
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
+      - name: Generate authorized pub report
+        uses: mongodb-labs/drivers-github-tools/full-report@v2
+        with:
+          release_version: ${{ env.package_version }}
+          product_name: RELEASE_PACKAGE
+          sarif_report_target_ref: RELEASE_BRANCH
+          third_party_dependency_tool: n/a
+          dist_filenames: artifacts/*
+          token:  ${{ github.token }}
+          sbom_file_name: sbom.json
+          evergreen_project: EVERGREEN_PROJECT
+          evergreen_commit: ${{ env.commit }}
+
+      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+        with:
+          version: ${{ env.package_version }}
+          product_name: RELEASE_PACKAGE
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+  publish:
+    needs: [release_please, ssdlc, build]
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node
+
+      - run: npm publish --provenance --tag=RELEASE_TAG
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

node/release_template.yml

@@ -42,7 +42,7 @@ jobs:
           npm_package_name: RELEASE_PACKAGE
 
       - name: actions/compress_sign_and_upload
-        uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node
+        uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: us-east-1
@@ -61,8 +61,7 @@ jobs:
           product_name: RELEASE_PACKAGE
           sarif_report_target_ref: RELEASE_BRANCH
           third_party_dependency_tool: n/a
-          # <package> and <package>.sig
-          dist_filenames: ${{ env.package_file }}*
+          dist_filenames: artifacts/*
           token:  ${{ github.token }}
           sbom_file_name: sbom.json
           evergreen_project: EVERGREEN_PROJECT

node/setup/action.yml

@@ -1,5 +1,9 @@
 name: Setup
 description: 'Installs node, driver dependencies, and builds source'
+inputs: 
+  ignore_install_scripts:
+    description: Should we ignore postinstall scripts?
+    default: 'false'
 
 runs:
   using: composite
@@ -12,4 +16,8 @@ runs:
     - run: npm install -g npm@latest
       shell: bash
     - run: npm clean-install
+      if: ${{ inputs.ignore_install_scripts == 'false' }}
       shell: bash
+    - run: npm clean-install --ignore-scripts
+      if: ${{ inputs.ignore_install_scripts == 'true' }}
+      shell: bash