Skip to content

Commit 3a2e1fe

Browse files
committed
Split release workflow into multiple dependent jobs
1 parent 32b93b8 commit 3a2e1fe

File tree

1 file changed

+44
-8
lines changed

1 file changed

+44
-8
lines changed

.github/workflows/release.yml

+44-8
Original file line numberDiff line numberDiff line change
@@ -124,13 +124,54 @@ jobs:
124124
- name: "Push release tag"
125125
run: git push origin ${{ inputs.version }}
126126

127-
# Trigger a static analysis run to have up-to-date code scanning results for this tag
127+
- name: "Set summary"
128+
run: |
129+
echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
130+
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
131+
132+
static-analysis:
133+
needs: prepare-release
134+
environment: release
135+
name: "Run Static Analysis"
136+
runs-on: ubuntu-latest
137+
permissions:
138+
security-events: read
139+
id-token: write
140+
contents: write
141+
142+
steps:
128143
- name: "Run static analysis"
129144
uses: ./.github/workflows/static-analysis.yml
130145
with:
131-
ref: "refs/tags/${{ inputs.version }}"
146+
ref: refs/tags/${{ inputs.version }}
147+
148+
publish-ssdlc-assets:
149+
needs: static-analysis
150+
environment: release
151+
name: "Publish SSDLC Assets"
152+
runs-on: ubuntu-latest
153+
permissions:
154+
security-events: read
155+
id-token: write
156+
contents: write
157+
158+
steps:
159+
- name: "Create temporary app token"
160+
uses: actions/create-github-app-token@v1
161+
id: app-token
162+
with:
163+
app-id: ${{ vars.APP_ID }}
164+
private-key: ${{ secrets.APP_PRIVATE_KEY }}
165+
166+
- name: "Store GitHub token in environment"
167+
run: echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV"
168+
shell: bash
169+
170+
- uses: actions/checkout@v4
171+
with:
172+
ref: refs/tags/${{ inputs.version }}
173+
token: ${{ env.GH_TOKEN }}
132174

133-
# SSDLC due diligence
134175
- name: "Generate authorized publication document"
135176
uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
136177
with:
@@ -165,8 +206,3 @@ jobs:
165206
with:
166207
version: ${{ inputs.version }}
167208
product_name: mongo-php-library
168-
169-
- name: "Set summary"
170-
run: |
171-
echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
172-
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)