chore(NODE-6822): add release tooling to v6.6.x branch (#775)

Co-authored-by: Warren James <[email protected]>

Author: baileympearson

.github/scripts/highlights.mjs

@@ -1,25 +1,22 @@
 // @ts-check
 import * as process from 'node:process';
-import { Octokit } from '@octokit/core';
 import { output } from './util.mjs';
 
 const {
   GITHUB_TOKEN = '',
   PR_LIST = '',
-  owner = 'mongodb',
-  repo = 'js-bson'
+  REPOSITORY = ''
 } = process.env;
 if (GITHUB_TOKEN === '') throw new Error('GITHUB_TOKEN cannot be empty');
+if (REPOSITORY === '') throw new Error('REPOSITORY cannot be empty')
 
-const octokit = new Octokit({
-  auth: GITHUB_TOKEN,
-  log: {
-    debug: msg => console.error('Octokit.debug', msg),
-    info: msg => console.error('Octokit.info', msg),
-    warn: msg => console.error('Octokit.warn', msg),
-    error: msg => console.error('Octokit.error', msg)
+const API_REQ_INFO = {
+  headers: {
+    Accept: 'application/vnd.github.v3+json',
+    'X-GitHub-Api-Version': '2022-11-28',
+    Authorization: `Bearer ${GITHUB_TOKEN}`
   }
-});
+}
 
 const prs = PR_LIST.split(',').map(pr => {
   const prNum = Number(pr);
@@ -35,13 +32,10 @@ async function getPullRequestContent(pull_number) {
 
   let body;
   try {
-    const res = await octokit.request('GET /repos/{owner}/{repo}/pulls/{pull_number}', {
-      owner,
-      repo,
-      pull_number,
-      headers: { 'X-GitHub-Api-Version': '2022-11-28' }
-    });
-    body = res.data.body;
+    const response = await fetch(new URL(`https://api.github.com/repos/${REPOSITORY}/pulls/${pull_number}`), API_REQ_INFO);
+    if (!response.ok) throw new Error(await response.text());
+    const pr = await response.json();
+    body = pr.body;
   } catch (error) {
     console.log(`Could not get PR ${pull_number}, skipping. ${error.status}`);
     return '';

.github/workflows/build.yml

@@ -0,0 +1,16 @@
+on:
+  workflow_call: {}
+
+name: Build
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "nothing to do."
+        shell: bash

.github/workflows/release-6.6.yml

@@ -0,0 +1,106 @@
+on:
+    push:
+      branches: ["v6.6.x"]
+    workflow_dispatch: {}
+  
+permissions:
+    contents: write
+    pull-requests: write
+    id-token: write
+
+name: release-6.6
+  
+jobs:
+    release_please:
+      runs-on: ubuntu-latest
+      outputs:
+        release_created: ${{ steps.release.outputs.release_created }}
+      steps:
+        - id: release
+          uses: googleapis/release-please-action@v4
+          with:
+            target-branch: "v6.6.x"
+  
+    build:
+      needs: [release_please]
+      name: "Perform any build or bundling steps, as necessary."
+      uses: ./.github/workflows/build.yml
+  
+    ssdlc:
+      needs: [release_please, build]
+      permissions:
+        # required for all workflows
+        security-events: write
+        id-token: write
+        contents: write
+      environment: release
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v4
+  
+        - name: Install Node and dependencies
+          uses: mongodb-labs/drivers-github-tools/node/setup@v2
+          with:
+            ignore_install_scripts: false
+  
+        - name: Load version and package info
+          uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+          with:
+            npm_package_name: bson
+  
+        - name: actions/compress_sign_and_upload
+          uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
+          with:
+            aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+            aws_region_name: us-east-1
+            aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+            npm_package_name: bson
+            dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+  
+        - name: Copy sbom file to release assets
+          shell: bash
+          if: ${{ '' == '' }}
+          run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+  
+        # only used for mongodb-client-encryption
+        - name: Augment SBOM and copy to release assets
+          if: ${{ '' != '' }}
+          uses: mongodb-labs/drivers-github-tools/sbom@v2
+          with:
+            silk_asset_group: ''
+            sbom_file_name: sbom.json
+  
+        - name: Generate authorized pub report
+          uses: mongodb-labs/drivers-github-tools/full-report@v2
+          with:
+            release_version: ${{ env.package_version }}
+            product_name: bson
+            sarif_report_target_ref: "v6.6.x"
+            third_party_dependency_tool: n/a
+            dist_filenames: artifacts/*
+            token: ${{ github.token }}
+            sbom_file_name: sbom.json
+            evergreen_project: js-bson
+            evergreen_commit: ${{ env.commit }}
+  
+        - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+          with:
+            version: ${{ env.package_version }}
+            product_name: bson
+            dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+  
+    publish:
+      needs: [release_please, ssdlc, build]
+      environment: release
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v4
+  
+        - name: Install Node and dependencies
+          uses: mongodb-labs/drivers-github-tools/node/setup@v2
+  
+        - run: npm publish --provenance --tag legacy
+          if: ${{ needs.release_please.outputs.release_created }}
+          env:
+            NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  

.github/workflows/release_notes.yml

@@ -39,14 +39,15 @@ jobs:
           fi
 
       # checkout the HEAD ref from prNumber
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: refs/pull/${{ github.event_name == 'issue_comment' && github.event.issue.number || inputs.releasePr }}/head
 
 
       # Setup Node.js and npm install
-      - name: actions/setup
-        uses: ./.github/actions/setup
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+
 
       # See: https://github.com/googleapis/release-please/issues/1274
 
@@ -64,6 +65,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
           PR_LIST: ${{ steps.pr_list.outputs.pr_list }}
+          REPOSITORY: ${{ github.repository }}
 
       # The combined output is available
       - id: release_notes

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "6.6.0"
+}

release-please-config.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "pull-request-title-pattern": "chore${scope}: release ${version} [skip-ci]",
+  "pull-request-header": "Please run the release_notes action before releasing to generate release highlights",
+  "packages": {
+    ".": {
+      "include-component-in-tag": false,
+      "changelog-path": "HISTORY.md",
+      "release-type": "node",
+      "bump-minor-pre-major": false,
+      "bump-patch-for-minor-pre-major": false,
+      "draft": false,
+      "prerelease": false
+    }
+  }
+}

sbom.json

@@ -0,0 +1,51 @@
+{
+  "metadata": {
+    "timestamp": "2024-05-01T20:45:06.517939+00:00",
+    "tools": [
+      {
+        "externalReferences": [
+          {
+            "type": "build-system",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"
+          },
+          {
+            "type": "distribution",
+            "url": "https://pypi.org/project/cyclonedx-python-lib/"
+          },
+          {
+            "type": "documentation",
+            "url": "https://cyclonedx-python-library.readthedocs.io/"
+          },
+          {
+            "type": "issue-tracker",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
+          },
+          {
+            "type": "license",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"
+          },
+          {
+            "type": "release-notes",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"
+          },
+          {
+            "type": "vcs",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib"
+          },
+          {
+            "type": "website",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
+          }
+        ],
+        "name": "cyclonedx-python-lib",
+        "vendor": "CycloneDX",
+        "version": "6.4.4"
+      }
+    ]
+  },
+  "serialNumber": "urn:uuid:903d1626-7841-4db5-885e-8cbad6198266",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5"
+}