Skip to content

Commit 552d193

Browse files
alcaeusalcaeus
committed
Publish SSDLC assets after release
1 parent 55976ee commit 552d193

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

.github/workflows/release.yml

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,3 +105,63 @@ jobs:
105105
permissions:
106106
security-events: write
107107
id-token: write
108+
109+
publish-ssdlc-assets:
110+
needs: static-analysis
111+
environment: release
112+
name: "Publish SSDLC Assets"
113+
runs-on: ubuntu-latest
114+
permissions:
115+
security-events: read
116+
id-token: write
117+
contents: write
118+
119+
steps:
120+
- name: "Generate token and checkout repository"
121+
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
122+
with:
123+
app_id: ${{ vars.APP_ID }}
124+
private_key: ${{ secrets.APP_PRIVATE_KEY }}
125+
ref: refs/tags/${{ inputs.version }}
126+
127+
# Sets the S3_ASSETS environment variable used later
128+
- name: "Set up drivers-github-tools"
129+
uses: mongodb-labs/drivers-github-tools/setup@v2
130+
with:
131+
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
132+
aws_region_name: ${{ vars.AWS_REGION_NAME }}
133+
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
134+
135+
- name: "Generate authorized publication document"
136+
uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
137+
with:
138+
product_name: "MongoDB Laravel Integration"
139+
release_version: ${{ inputs.version }}
140+
filenames: ""
141+
token: ${{ env.GH_TOKEN }}
142+
143+
- name: "Download SBOM file from Silk"
144+
uses: mongodb-labs/drivers-github-tools/sbom@v2
145+
with:
146+
silk_asset_group: mongodb-laravel-integration
147+
148+
- name: "Upload SBOM as release artifact"
149+
run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json
150+
continue-on-error: true
151+
152+
- name: "Generate SARIF report from code scanning alerts"
153+
uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
154+
with:
155+
ref: ${{ inputs.version }}
156+
output-file: ${{ env.S3_ASSETS }}/code-scanning-alerts.json
157+
158+
- name: "Generate compliance report"
159+
uses: mongodb-labs/drivers-github-tools/compliance-report@v2
160+
with:
161+
token: ${{ env.GH_TOKEN }}
162+
163+
- name: Upload S3 assets
164+
uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
165+
with:
166+
version: ${{ inputs.version }}
167+
product_name: laravel-mongodb

0 commit comments

Comments
 (0)