@@ -124,13 +124,54 @@ jobs:
124
124
- name : " Push release tag"
125
125
run : git push origin ${{ inputs.version }}
126
126
127
- # Trigger a static analysis run to have up-to-date code scanning results for this tag
127
+ - name : " Set summary"
128
+ run : |
129
+ echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
130
+ echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
131
+
132
+ static-analysis :
133
+ needs : prepare-release
134
+ environment : release
135
+ name : " Run Static Analysis"
136
+ runs-on : ubuntu-latest
137
+ permissions :
138
+ security-events : read
139
+ id-token : write
140
+ contents : write
141
+
142
+ steps :
128
143
- name : " Run static analysis"
129
144
uses : ./.github/workflows/static-analysis.yml
130
145
with :
131
- ref : " refs/tags/${{ inputs.version }}"
146
+ ref : refs/tags/${{ inputs.version }}
147
+
148
+ publish-ssdlc-assets :
149
+ needs : static-analysis
150
+ environment : release
151
+ name : " Publish SSDLC Assets"
152
+ runs-on : ubuntu-latest
153
+ permissions :
154
+ security-events : read
155
+ id-token : write
156
+ contents : write
157
+
158
+ steps :
159
+ - name : " Create temporary app token"
160
+ uses : actions/create-github-app-token@v1
161
+ id : app-token
162
+ with :
163
+ app-id : ${{ vars.APP_ID }}
164
+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
165
+
166
+ - name : " Store GitHub token in environment"
167
+ run : echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV"
168
+ shell : bash
169
+
170
+ - uses : actions/checkout@v4
171
+ with :
172
+ ref : refs/tags/${{ inputs.version }}
173
+ token : ${{ env.GH_TOKEN }}
132
174
133
- # SSDLC due diligence
134
175
- name : " Generate authorized publication document"
135
176
uses : mongodb-labs/drivers-github-tools/authorized-pub@v2
136
177
with :
@@ -165,8 +206,3 @@ jobs:
165
206
with :
166
207
version : ${{ inputs.version }}
167
208
product_name : mongo-php-library
168
-
169
- - name : " Set summary"
170
- run : |
171
- echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
172
- echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
0 commit comments