File tree Expand file tree Collapse file tree 3 files changed +84
-7
lines changed Expand file tree Collapse file tree 3 files changed +84
-7
lines changed Original file line number Diff line number Diff line change @@ -2,18 +2,13 @@ name: "CodeQL"
22
33on :
44 push :
5- branches : [ "main" ]
5+ branches : [ "main", 5.x ]
66 pull_request :
7- branches : [ "main" ]
7+ branches : [ "main", 5.x ]
88
99jobs :
1010 analyze :
1111 name : Analyze (${{ matrix.language }} - ${{ matrix.identifier }})
12- # Runner size impacts CodeQL analysis time. To learn more, please see:
13- # - https://gh.io/recommended-hardware-resources-for-running-codeql
14- # - https://gh.io/supported-runners-and-hardware-resources
15- # - https://gh.io/using-larger-runners (GitHub.com only)
16- # Consider using larger runners or machines with greater resources for possible analysis time improvements.
1712 runs-on : ' ubuntu-latest'
1813 timeout-minutes : 360
1914 permissions :
Original file line number Diff line number Diff line change 3838 - run : npm publish --provenance --tag=5x
3939 env :
4040 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
41+
42+ generate_sarif_report :
43+ environment : release
44+ runs-on : ubuntu-latest
45+ needs : [release_please]
46+ permissions :
47+ # required for all workflows
48+ security-events : write
49+ id-token : write
50+ contents : write
51+
52+ steps :
53+ - uses : actions/checkout@v4
54+ - name : Set up drivers-github-tools
55+ uses : mongodb-labs/drivers-github-tools/setup@v2
56+ with :
57+ aws_region_name : us-east-1
58+ aws_role_arn : ${{ secrets.aws_role_arn }}
59+ aws_secret_id : ${{ secrets.aws_secret_id }}
60+
61+ - name : " Generate Sarif Report"
62+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
63+ with :
64+ ref : 5.x
65+ output-file : sarif-report.json
66+
67+ - name : Get release version and release package file name
68+ id : get_version
69+ shell : bash
70+ run : |
71+ package_version=$(jq --raw-output '.version' package.json)
72+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
73+
74+ name : actions/publish_asset_to_s3
75+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
76+ with :
77+ version : ${{ steps.get_version.outputs.package_version }}
78+ product_name : js-bson
79+ file : sarif-report.json
80+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
Original file line number Diff line number Diff line change 2121
2222 compress_sign_and_upload :
2323 needs : [release_please]
24+ if : ${{ needs.release_please.outputs.release_created }}
2425 runs-on : ubuntu-latest
2526 steps :
2627 - uses : actions/checkout@v4
3637 - run : npm publish --provenance
3738 env :
3839 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
40+
41+ generate_sarif_report :
42+ environment : release
43+ runs-on : ubuntu-latest
44+ needs : [release_please]
45+ permissions :
46+ # required for all workflows
47+ security-events : write
48+ id-token : write
49+ contents : write
50+
51+ steps :
52+ - uses : actions/checkout@v4
53+ - name : Set up drivers-github-tools
54+ uses : mongodb-labs/drivers-github-tools/setup@v2
55+ with :
56+ aws_region_name : us-east-1
57+ aws_role_arn : ${{ secrets.aws_role_arn }}
58+ aws_secret_id : ${{ secrets.aws_secret_id }}
59+
60+ - name : " Generate Sarif Report"
61+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
62+ with :
63+ ref : main
64+ output-file : sarif-report.json
65+
66+ - name : Get release version and release package file name
67+ id : get_version
68+ shell : bash
69+ run : |
70+ package_version=$(jq --raw-output '.version' package.json)
71+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
72+
73+ name : actions/publish_asset_to_s3
74+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
75+ with :
76+ version : ${{ steps.get_version.outputs.package_version }}
77+ product_name : js-bson
78+ file : sarif-report.json
79+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
80+
You can’t perform that action at this time.
0 commit comments