chore(NODE-6825): add release tooling to v6.9.x branch (#779)

Co-authored-by: Warren James <[email protected]>

Author: baileympearson

.github/workflows/release-6.9.yml

@@ -0,0 +1,106 @@
+on:
+    push:
+      branches: ["v6.9.x"]
+    workflow_dispatch: {}
+  
+permissions:
+    contents: write
+    pull-requests: write
+    id-token: write
+
+name: release-6.9
+  
+jobs:
+    release_please:
+      runs-on: ubuntu-latest
+      outputs:
+        release_created: ${{ steps.release.outputs.release_created }}
+      steps:
+        - id: release
+          uses: googleapis/release-please-action@v4
+          with:
+            target-branch: "v6.9.x"
+  
+    build:
+      needs: [release_please]
+      name: "Perform any build or bundling steps, as necessary."
+      uses: ./.github/workflows/build.yml
+  
+    ssdlc:
+      needs: [release_please, build]
+      permissions:
+        # required for all workflows
+        security-events: write
+        id-token: write
+        contents: write
+      environment: release
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v4
+  
+        - name: Install Node and dependencies
+          uses: mongodb-labs/drivers-github-tools/node/setup@v2
+          with:
+            ignore_install_scripts: false
+  
+        - name: Load version and package info
+          uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+          with:
+            npm_package_name: bson
+  
+        - name: actions/compress_sign_and_upload
+          uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
+          with:
+            aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+            aws_region_name: us-east-1
+            aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+            npm_package_name: bson
+            dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+  
+        - name: Copy sbom file to release assets
+          shell: bash
+          if: ${{ '' == '' }}
+          run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+  
+        # only used for mongodb-client-encryption
+        - name: Augment SBOM and copy to release assets
+          if: ${{ '' != '' }}
+          uses: mongodb-labs/drivers-github-tools/sbom@v2
+          with:
+            silk_asset_group: ''
+            sbom_file_name: sbom.json
+  
+        - name: Generate authorized pub report
+          uses: mongodb-labs/drivers-github-tools/full-report@v2
+          with:
+            release_version: ${{ env.package_version }}
+            product_name: bson
+            sarif_report_target_ref: "v6.9.x"
+            third_party_dependency_tool: n/a
+            dist_filenames: artifacts/*
+            token: ${{ github.token }}
+            sbom_file_name: sbom.json
+            evergreen_project: js-bson
+            evergreen_commit: ${{ env.commit }}
+  
+        - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+          with:
+            version: ${{ env.package_version }}
+            product_name: bson
+            dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+  
+    publish:
+      needs: [release_please, ssdlc, build]
+      environment: release
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v4
+  
+        - name: Install Node and dependencies
+          uses: mongodb-labs/drivers-github-tools/node/setup@v2
+  
+        - run: npm publish --provenance --tag legacy
+          if: ${{ needs.release_please.outputs.release_created }}
+          env:
+            NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
   ".": "6.9.0"
-}
+}

sbom.json

@@ -43,9 +43,9 @@
       }
     ]
   },
-  "serialNumber": "urn:uuid:d959b957-3bd1-4d79-9655-1e05249f993c",
+  "serialNumber": "urn:uuid:429bf85d-1add-4476-b5ee-78202f80b5a9",
   "version": 1,
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5"
-}
+}