upload sbom to s3

baileympearson · baileympearson · commit 3eb66c5318f5 · 2024-06-12T13:22:10.000-06:00
diff --git a/.github/workflows/release-5.x.yml b/.github/workflows/release-5.x.yml
@@ -78,3 +78,37 @@ jobs:
           product_name: js-bson
           file: sarif-report.json
           dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+
+  upload_sbom_lite:
+    environment: release
+    runs-on: ubuntu-latest
+    needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up drivers-github-tools
+        uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_region_name: us-east-1
+          aws_role_arn: ${{ secrets.aws_role_arn }}
+          aws_secret_id: ${{ secrets.aws_secret_id }}
+
+      - name: Get release version and release package file name
+        id: get_version
+        shell: bash
+        run: |
+          package_version=$(jq --raw-output '.version' package.json)
+          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+
+      - name: actions/publish_asset_to_s3
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        with:
+          version: ${{ steps.get_version.outputs.package_version }}
+          product_name: js-bson
+          file: sbom.json
+          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -78,3 +78,36 @@ jobs:
           file: sarif-report.json
           dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
 
+  upload_sbom_lite:
+    environment: release
+    runs-on: ubuntu-latest
+    needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up drivers-github-tools
+        uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_region_name: us-east-1
+          aws_role_arn: ${{ secrets.aws_role_arn }}
+          aws_secret_id: ${{ secrets.aws_secret_id }}
+
+      - name: Get release version and release package file name
+        id: get_version
+        shell: bash
+        run: |
+          package_version=$(jq --raw-output '.version' package.json)
+          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+
+      - name: actions/publish_asset_to_s3
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        with:
+          version: ${{ steps.get_version.outputs.package_version }}
+          product_name: js-bson
+          file: sbom.json
+          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
