File tree Expand file tree Collapse file tree 3 files changed +83
-7
lines changed Expand file tree Collapse file tree 3 files changed +83
-7
lines changed Original file line number Diff line number Diff line change @@ -2,18 +2,13 @@ name: "CodeQL"
22
33on :
44 push :
5- branches : [ "main" ]
5+ branches : [ "main", 5.x ]
66 pull_request :
7- branches : [ "main" ]
7+ branches : [ "main", 5.x ]
88
99jobs :
1010 analyze :
1111 name : Analyze (${{ matrix.language }} - ${{ matrix.identifier }})
12- # Runner size impacts CodeQL analysis time. To learn more, please see:
13- # - https://gh.io/recommended-hardware-resources-for-running-codeql
14- # - https://gh.io/supported-runners-and-hardware-resources
15- # - https://gh.io/using-larger-runners (GitHub.com only)
16- # Consider using larger runners or machines with greater resources for possible analysis time improvements.
1712 runs-on : ' ubuntu-latest'
1813 timeout-minutes : 360
1914 permissions :
Original file line number Diff line number Diff line change 4040 - run : npm publish --provenance --tag=5x
4141 env :
4242 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
43+
44+ generate_sarif_report :
45+ environment : release
46+ runs-on : ubuntu-latest
47+ needs : [release_please]
48+ permissions :
49+ # required for all workflows
50+ security-events : write
51+ id-token : write
52+ contents : write
53+
54+ steps :
55+ - uses : actions/checkout@v4
56+ - name : Set up drivers-github-tools
57+ uses : mongodb-labs/drivers-github-tools/setup@v2
58+ with :
59+ aws_region_name : us-east-1
60+ aws_role_arn : ${{ secrets.aws_role_arn }}
61+ aws_secret_id : ${{ secrets.aws_secret_id }}
62+
63+ - name : " Generate Sarif Report"
64+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
65+ with :
66+ ref : 5.x
67+ output-file : sarif-report.json
68+
69+ - name : Get release version and release package file name
70+ id : get_version
71+ shell : bash
72+ run : |
73+ package_version=$(jq --raw-output '.version' package.json)
74+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
75+
76+ name : actions/publish_asset_to_s3
77+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
78+ with :
79+ version : ${{ steps.get_version.outputs.package_version }}
80+ product_name : js-bson
81+ file : sarif-report.json
82+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
Original file line number Diff line number Diff line change 3737 - run : npm publish --provenance
3838 env :
3939 NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
40+
41+ generate_sarif_report :
42+ environment : release
43+ runs-on : ubuntu-latest
44+ needs : [release_please]
45+ permissions :
46+ # required for all workflows
47+ security-events : write
48+ id-token : write
49+ contents : write
50+
51+ steps :
52+ - uses : actions/checkout@v4
53+ - name : Set up drivers-github-tools
54+ uses : mongodb-labs/drivers-github-tools/setup@v2
55+ with :
56+ aws_region_name : us-east-1
57+ aws_role_arn : ${{ secrets.aws_role_arn }}
58+ aws_secret_id : ${{ secrets.aws_secret_id }}
59+
60+ - name : " Generate Sarif Report"
61+ uses : " alcaeus/drivers-github-tools/code-scanning-export@export-code-scanning-report"
62+ with :
63+ ref : main
64+ output-file : sarif-report.json
65+
66+ - name : Get release version and release package file name
67+ id : get_version
68+ shell : bash
69+ run : |
70+ package_version=$(jq --raw-output '.version' package.json)
71+ echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
72+
73+ name : actions/publish_asset_to_s3
74+ uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
75+ with :
76+ version : ${{ steps.get_version.outputs.package_version }}
77+ product_name : js-bson
78+ file : sarif-report.json
79+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
80+
You can’t perform that action at this time.
0 commit comments