Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUBY-3512 Backport SSDLC changes from master #332

Merged
merged 1 commit into from
Jul 19, 2024
Merged

RUBY-3512 Backport SSDLC changes from master #332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions .github/workflows/cleanup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: "Dry-Run Cleanup"
run-name: "Dry Run Cleanup for ${{ github.ref }}"

on:
workflow_dispatch:
inputs:
confirm:
description: Indicate whether you want this workflow to run (must be "true")
required: true
type: string
tag:
description: The name of the tag (and release) to clean up
required: true
type: string

jobs:
release:
name: "Dry-Run Cleanup"
environment: release
runs-on: 'ubuntu-latest'
if: ${{ inputs.confirm == 'true' }}

permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: write

# required by the mongodb-labs/drivers-github-tools/setup@v2 step
# also required by `rubygems/release-gem`
id-token: write

steps:
- name: "Run the cleanup action"
uses: mongodb-labs/drivers-github-tools/ruby/cleanup@v2
with:
app_id: ${{ vars.APP_ID }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
tag: ${{ inputs.tag }}
69 changes: 69 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: "CodeQL"

on: [ push, pull_request ]

jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: 'ubuntu-latest'
timeout-minutes: 360
permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: read

strategy:
fail-fast: false
matrix:
include:
- language: ruby
build-mode: none
- language: c
build-mode: manual
- language: java
build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config: |
paths-ignore:
- .evergreen
- spec
- perf
- vendor

- name: Setup Ruby
if: matrix.build-mode == 'manual'
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
bundler-cache: true

- name: Manually build the native code
if: matrix.build-mode == 'manual'
run: |
bundle exec rake compile

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

170 changes: 170 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
name: "BSON Release"
run-name: "BSON Release for ${{ github.ref }}"

on:
workflow_dispatch:
inputs:
dry_run:
description: Whether this is a dry run or not
required: true
default: true
type: boolean

env:
SILK_ASSET_GROUP: bson-ruby
RELEASE_MESSAGE_TEMPLATE: |
Version {0} of [BSON for Ruby](https://rubygems.org/gems/bson) is now available.

**Release Highlights**

TODO: one or more paragraphs describing important changes in this release

**Documentation**

Documentation is available at [MongoDB.com](https://www.mongodb.com/docs/ruby-driver/current/tutorials/bson/).

**Installation**

You may install this version via RubyGems, with:

gem install --version {0} bson

permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: write

# required by the mongodb-labs/drivers-github-tools/setup@v2 step
# also required by `rubygems/release-gem`
id-token: write

jobs:
build:
name: "Build Gems"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ruby: [ '3.2', jruby ]
steps:
- name: Check out the repository
uses: actions/checkout@v4

- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true

- name: Set output gem file name
shell: bash
run: |
echo "GEM_FILE_NAME=$(bundle exec rake gem_file_name)" >> "$GITHUB_ENV"

- name: Build the gem
shell: bash
run: bundle exec rake build

- name: Save the generated gem file for later
uses: actions/upload-artifact@v4
with:
name: ${{ env.GEM_FILE_NAME }}
path: ${{ env.GEM_FILE_NAME }}
retention-days: 1
overwrite: true

publish:
name: Publish Gems
needs: build
environment: release
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
with:
app_id: ${{ vars.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
bundler-cache: true

- name: Get the release version
shell: bash
run: echo "RELEASE_VERSION=$(bundle exec rake version)" >> "$GITHUB_ENV"

- name: Setup GitHub tooling for DBX Drivers
uses: mongodb-labs/drivers-github-tools/setup@v2
with:
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region_name: ${{ vars.AWS_REGION_NAME }}
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}

- name: Fetch the gem artifacts
uses: actions/download-artifact@v4
with:
merge-multiple: true

- name: Sign the gems
uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
with:
filenames: '*.gem'

- name: Generate SSDLC Reports
uses: mongodb-labs/drivers-github-tools/full-report@v2
with:
product_name: BSON for Ruby
release_version: ${{ env.RELEASE_VERSION }}
dist_filenames: '*.gem'
silk_asset_group: bson-ruby

- name: Create the tag
uses: mongodb-labs/drivers-github-tools/tag-version@v2
with:
version: ${{ env.RELEASE_VERSION }}
tag_template: "v${VERSION}"
tag_message_template: "Release tag for v${VERSION}"

- name: Create a new release
shell: bash
run: gh release create v${{ env.RELEASE_VERSION }} --title ${{ env.RELEASE_VERSION }} --generate-notes --draft

- name: Capture the changelog
shell: bash
run: gh release view v${{ env.RELEASE_VERSION }} --json body --template '{{ .body }}' >> changelog

- name: Prepare release message
shell: bash
run: |
echo "${{ format(env.RELEASE_MESSAGE_TEMPLATE, env.RELEASE_VERSION) }}" > release-message
cat changelog >> release-message

- name: Update release information
shell: bash
run: |
echo "RELEASE_URL=$(gh release edit v${{ env.RELEASE_VERSION }} --notes-file release-message)" >> "$GITHUB_ENV"

- name: Upload release artifacts
shell: bash
run: gh release upload v${{ env.RELEASE_VERSION }} *.gem ${{ env.RELEASE_ASSETS }}/*.sig

- name: Upload S3 assets
uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
with:
version: ${{ env.RELEASE_VERSION }}
product_name: 'bson-ruby'
dry_run: ${{ inputs.dry_run }}

- name: Publish the gems
uses: rubygems/release-gem@v1
if: inputs.dry_run == 'false'
with:
await-release: false
Loading
Loading