5959 aws_secret_id : ${{ secrets.aws_secret_id }}
6060
6161 - name : " Generate Sarif Report"
62- # TODO: Use v2 once it has been re-tagged to include this action
63- uses : mongodb-labs/drivers-github-tools/code-scanning-export@main
62+ uses : mongodb-labs/drivers-github-tools/code-scanning-export@v2
6463 with :
6564 ref : main
6665 output-file : sarif-report.json
@@ -73,10 +72,43 @@ jobs:
7372 echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
7473
7574name : actions/publish_asset_to_s3
76- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
75+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
7776 with :
7877 version : ${{ steps.get_version.outputs.package_version }}
7978 product_name : js-bson
8079 file : sarif-report.json
8180 dry_run : ${{ needs.release_please.outputs.release_created == '' }}
8281
82+ upload_sbom_lite :
83+ environment : release
84+ runs-on : ubuntu-latest
85+ needs : [release_please]
86+ permissions :
87+ # required for all workflows
88+ security-events : write
89+ id-token : write
90+ contents : write
91+
92+ steps :
93+ - uses : actions/checkout@v4
94+ - name : Set up drivers-github-tools
95+ uses : mongodb-labs/drivers-github-tools/setup@v2
96+ with :
97+ aws_region_name : us-east-1
98+ aws_role_arn : ${{ secrets.aws_role_arn }}
99+ aws_secret_id : ${{ secrets.aws_secret_id }}
100+
101+ - name : Get release version and release package file name
102+ id : get_version
103+ shell : bash
104+ run : |
105+ package_version=$(jq --raw-output '.version' package.json)
106+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
107+
108+ name : actions/publish_asset_to_s3
109+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
110+ with :
111+ version : ${{ steps.get_version.outputs.package_version }}
112+ product_name : js-bson
113+ file : sbom.json
114+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
0 commit comments