Release 1.19.5 #11
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release New Version" | |
| run-name: "Release ${{ inputs.version }}" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "The version to be released. This is checked for consistency with the branch name and configuration" | |
| required: true | |
| type: "string" | |
| jira-version-number: | |
| description: "JIRA version ID (e.g. 54321)" | |
| required: true | |
| type: "string" | |
| env: | |
| default-release-message: | | |
| The PHP team is happy to announce that version {0} of the MongoDB PHP library is now available. | |
| **Release Highlights** | |
| TODO: one or more paragraphs describing important changes in this release | |
| A complete list of resolved issues in this release may be found in [JIRA](https://jira.mongodb.org/secure/ReleaseNote.jspa?version={1}&projectId=12483). | |
| **Documentation** | |
| Documentation for this library may be found in the [PHP Library Manual](https://mongodb.com/docs/php-library/current/). | |
| **Installation** | |
| This library may be installed or upgraded with: | |
| composer require mongodb/mongodb:{0} | |
| Installation instructions for the `mongodb` extension may be found in the [PHP.net documentation](https://php.net/manual/en/mongodb.installation.php). | |
| jobs: | |
| prepare-release: | |
| environment: release | |
| name: "Prepare release" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: read | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: "Create release output" | |
| run: echo '🎬 Release process for version ${{ inputs.version }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY | |
| - name: "Create temporary app token" | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: "Store GitHub token in environment" | |
| run: echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" | |
| shell: bash | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| token: ${{ env.GH_TOKEN }} | |
| - name: "Store version numbers in env variables" | |
| run: | | |
| echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV | |
| echo RELEASE_BRANCH=v$(echo ${{ inputs.version }} | cut -d '.' -f-2) >> $GITHUB_ENV | |
| - name: "Ensure release tag does not already exist" | |
| run: | | |
| if [[ $(git tag -l ${RELEASE_VERSION}) == ${RELEASE_VERSION} ]]; then | |
| echo '❌ Release failed: tag for version ${{ inputs.version }} already exists' >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| # - name: "Fail if branch names don't match" | |
| # if: ${{ github.ref_name != env.RELEASE_BRANCH }} | |
| # run: | | |
| # echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }}, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY | |
| # exit 1 | |
| # | |
| # Preliminary checks done - commence the release process | |
| # | |
| - name: "Set up drivers-github-tools" | |
| uses: mongodb-labs/drivers-github-tools/setup@v2 | |
| with: | |
| aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} | |
| aws_region_name: ${{ vars.AWS_REGION_NAME }} | |
| aws_secret_id: ${{ secrets.AWS_SECRET_ID }} | |
| # Create a draft release with release message filled in | |
| - name: "Prepare release message" | |
| run: | | |
| cat > release-message <<'EOL' | |
| ${{ format(env.default-release-message, inputs.version, inputs.jira-version-number) }} | |
| EOL | |
| - name: "Create draft release" | |
| run: echo "RELEASE_URL=$(gh release create ${{ inputs.version }} --target ${{ github.ref_name }} --title "${{ inputs.version }}" --notes-file release-message --draft)" >> "$GITHUB_ENV" | |
| # This step creates the signed release tag | |
| - name: "Create release tag" | |
| uses: mongodb-labs/drivers-github-tools/git-sign@v2 | |
| with: | |
| command: "git tag -m 'Release ${{ inputs.version }}' -s --local-user=${{ env.GPG_KEY_ID }} ${{ inputs.version }}" | |
| # TODO: Manually merge using ours strategy. This avoids merge-up pull requests being created | |
| # Process is: | |
| # 1. switch to next branch (according to merge-up action) | |
| # 2. merge release branch using --strategy=ours | |
| # 3. push next branch | |
| # 4. switch back to release branch, then push | |
| - name: "Push changes from release branch" | |
| run: git push | |
| # Pushing the release tag starts build processes that then produce artifacts for the release | |
| - name: "Push release tag" | |
| run: git push origin ${{ inputs.version }} | |
| - name: "Set summary" | |
| run: | | |
| echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY | |
| echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY | |
| static-analysis: | |
| needs: prepare-release | |
| name: "Run Static Analysis" | |
| uses: ./.github/workflows/static-analysis.yml | |
| with: | |
| ref: refs/tags/${{ inputs.version }} | |
| permissions: | |
| security-events: write | |
| id-token: write | |
| contents: write | |
| publish-ssdlc-assets: | |
| needs: static-analysis | |
| environment: release | |
| name: "Publish SSDLC Assets" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: read | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: "Create temporary app token" | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: "Store GitHub token in environment" | |
| run: echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" | |
| shell: bash | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: refs/tags/${{ inputs.version }} | |
| token: ${{ env.GH_TOKEN }} | |
| - name: "Set up drivers-github-tools" | |
| uses: blink1073/drivers-github-tools/setup@add-compliance-report | |
| with: | |
| aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} | |
| aws_region_name: ${{ vars.AWS_REGION_NAME }} | |
| aws_secret_id: ${{ secrets.AWS_SECRET_ID }} | |
| - name: "Generate authorized publication document" | |
| uses: mongodb-labs/drivers-github-tools/authorized-pub@v2 | |
| with: | |
| product_name: "MongoDB PHP Driver (library)" | |
| release_version: ${{ inputs.version }} | |
| filenames: "" | |
| token: ${{ env.GH_TOKEN }} | |
| # Download SBOM from Silk | |
| # TODO: Currently disabled as the asset group seems to no longer exist? | |
| # - name: "Download SBOM file from Silk" | |
| # uses: mongodb-labs/drivers-github-tools/sbom@v2 | |
| # with: | |
| # silk_asset_group: mongodb-php-driver-library | |
| - name: "Generate SARIF report from code scanning alerts" | |
| # TODO: Use main repository when merged | |
| uses: alcaeus/drivers-github-tools/code-scanning-export@document-code-scanning-export | |
| with: | |
| ref: ${{ inputs.version }} | |
| output-file: ${{ env.S3_ASSETS }}/code-scanning-alerts.json | |
| - name: "Generate compliance report" | |
| # TODO: Use main repository when https://github.com/mongodb-labs/drivers-github-tools/pull/25 is merged | |
| uses: blink1073/drivers-github-tools/compliance-report@add-compliance-report | |
| with: | |
| token: ${{ env.GH_TOKEN }} | |
| - name: Upload S3 assets | |
| # TODO: Use main repository when merged | |
| uses: alcaeus/drivers-github-tools/upload-s3-assets@upload-s3-assets | |
| with: | |
| version: ${{ inputs.version }} | |
| product_name: mongo-php-library |