Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 88de735

Browse files
Merge 4.4 into 4.5 (#3005)
2 parents 83a07d1 + 42f5a49 commit 88de735

File tree

3 files changed

+151
-80
lines changed

3 files changed

+151
-80
lines changed

‎.github/workflows/coding-standards.yml‎

Lines changed: 0 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -67,59 +67,3 @@ jobs:
6767
uses: stefanzweifel/git-auto-commit-action@v5
6868
with:
6969
commit_message: "apply phpcbf formatting"
70-
71-
analysis:
72-
runs-on: "ubuntu-22.04"
73-
continue-on-error: true
74-
strategy:
75-
matrix:
76-
php:
77-
- '8.1'
78-
- '8.2'
79-
steps:
80-
- name: Checkout
81-
uses: actions/checkout@v4
82-
83-
- name: Setup PHP
84-
uses: shivammathur/setup-php@v2
85-
with:
86-
php-version: ${{ matrix.php }}
87-
extensions: curl, mbstring
88-
tools: composer:v2
89-
coverage: none
90-
91-
- name: Cache dependencies
92-
id: composer-cache
93-
uses: actions/cache@v4
94-
with:
95-
path: ./vendor
96-
key: composer-${{ hashFiles('**/composer.lock') }}
97-
98-
- name: Install dependencies
99-
run: composer install
100-
101-
- name: Restore cache PHPStan results
102-
id: phpstan-cache-restore
103-
uses: actions/cache/restore@v4
104-
with:
105-
path: .cache
106-
key: "phpstan-result-cache-${{ github.run_id }}"
107-
restore-keys: |
108-
phpstan-result-cache-
109-
110-
- name: Run PHPStan
111-
run: ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi --error-format=sarif > phpstan.sarif
112-
113-
- name: "Upload SARIF report"
114-
if: always()
115-
uses: "github/codeql-action/upload-sarif@v3"
116-
with:
117-
sarif_file: phpstan.sarif
118-
119-
- name: Save cache PHPStan results
120-
id: phpstan-cache-save
121-
if: always()
122-
uses: actions/cache/save@v4
123-
with:
124-
path: .cache
125-
key: ${{ steps.phpstan-cache-restore.outputs.cache-primary-key }}

‎.github/workflows/release.yml‎

Lines changed: 77 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -22,21 +22,11 @@ jobs:
2222
- name: "Create release output"
2323
run: echo '🎬 Release process for version ${{ inputs.version }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY
2424

25-
- name: "Create temporary app token"
26-
uses: actions/create-github-app-token@v1
27-
id: app-token
25+
- name: "Generate token and checkout repository"
26+
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
2827
with:
29-
app-id: ${{ vars.APP_ID }}
30-
private-key: ${{ secrets.APP_PRIVATE_KEY }}
31-
32-
- name: "Store GitHub token in environment"
33-
run: echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV"
34-
shell: bash
35-
36-
- uses: actions/checkout@v4
37-
with:
38-
submodules: true
39-
token: ${{ env.GH_TOKEN }}
28+
app_id: ${{ vars.APP_ID }}
29+
private_key: ${{ secrets.APP_PRIVATE_KEY }}
4030

4131
- name: "Store version numbers in env variables"
4232
run: |
@@ -71,11 +61,11 @@ jobs:
7161
- name: "Create draft release"
7262
run: echo "RELEASE_URL=$(gh release create ${{ inputs.version }} --target ${{ github.ref_name }} --title "${{ inputs.version }}" --generate-notes --draft)" >> "$GITHUB_ENV"
7363

74-
# This step creates the signed release tag
7564
- name: "Create release tag"
76-
uses: mongodb-labs/drivers-github-tools/git-sign@v2
65+
uses: mongodb-labs/drivers-github-tools/tag-version@v2
7766
with:
78-
command: "git tag -m 'Release ${{ inputs.version }}' -s --local-user=${{ env.GPG_KEY_ID }} ${{ inputs.version }}"
67+
version: ${{ inputs.version }}
68+
tag_message_template: 'Release ${VERSION}'
7969

8070
# TODO: Manually merge using ours strategy. This avoids merge-up pull requests being created
8171
# Process is:
@@ -84,14 +74,77 @@ jobs:
8474
# 3. push next branch
8575
# 4. switch back to release branch, then push
8676

87-
- name: "Push changes from release branch"
88-
run: git push
89-
90-
# Pushing the release tag starts build processes that then produce artifacts for the release
91-
- name: "Push release tag"
92-
run: git push origin ${{ inputs.version }}
93-
9477
- name: "Set summary"
9578
run: |
9679
echo '🚀 Created tag and drafted release for version [${{ inputs.version }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY
9780
echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY
81+
82+
static-analysis:
83+
needs: prepare-release
84+
name: "Run Static Analysis"
85+
uses: ./.github/workflows/static-analysis.yml
86+
with:
87+
ref: refs/tags/${{ inputs.version }}
88+
permissions:
89+
security-events: write
90+
id-token: write
91+
92+
publish-ssdlc-assets:
93+
needs: static-analysis
94+
environment: release
95+
name: "Publish SSDLC Assets"
96+
runs-on: ubuntu-latest
97+
permissions:
98+
security-events: read
99+
id-token: write
100+
contents: write
101+
102+
steps:
103+
- name: "Generate token and checkout repository"
104+
uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
105+
with:
106+
app_id: ${{ vars.APP_ID }}
107+
private_key: ${{ secrets.APP_PRIVATE_KEY }}
108+
ref: refs/tags/${{ inputs.version }}
109+
110+
# Sets the S3_ASSETS environment variable used later
111+
- name: "Set up drivers-github-tools"
112+
uses: mongodb-labs/drivers-github-tools/setup@v2
113+
with:
114+
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
115+
aws_region_name: ${{ vars.AWS_REGION_NAME }}
116+
aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
117+
118+
- name: "Generate authorized publication document"
119+
uses: mongodb-labs/drivers-github-tools/authorized-pub@v2
120+
with:
121+
product_name: "MongoDB Laravel Integration"
122+
release_version: ${{ inputs.version }}
123+
filenames: ""
124+
token: ${{ env.GH_TOKEN }}
125+
126+
- name: "Download SBOM file from Silk"
127+
uses: mongodb-labs/drivers-github-tools/sbom@v2
128+
with:
129+
silk_asset_group: mongodb-laravel-integration
130+
131+
- name: "Upload SBOM as release artifact"
132+
run: gh release upload ${{ inputs.version }} ${{ env.S3_ASSETS }}/cyclonedx.sbom.json
133+
continue-on-error: true
134+
135+
- name: "Generate SARIF report from code scanning alerts"
136+
uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
137+
with:
138+
ref: ${{ inputs.version }}
139+
output-file: ${{ env.S3_ASSETS }}/code-scanning-alerts.json
140+
141+
- name: "Generate compliance report"
142+
uses: mongodb-labs/drivers-github-tools/compliance-report@v2
143+
with:
144+
token: ${{ env.GH_TOKEN }}
145+
146+
- name: Upload S3 assets
147+
uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
148+
with:
149+
version: ${{ inputs.version }}
150+
product_name: laravel-mongodb
Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
name: "Static Analysis"
2+
3+
on:
4+
push:
5+
pull_request:
6+
workflow_call:
7+
inputs:
8+
ref:
9+
description: "The git ref to check"
10+
type: string
11+
required: true
12+
13+
env:
14+
PHP_VERSION: "8.2"
15+
DRIVER_VERSION: "stable"
16+
17+
jobs:
18+
phpstan:
19+
runs-on: "ubuntu-22.04"
20+
continue-on-error: true
21+
strategy:
22+
matrix:
23+
php:
24+
- '8.1'
25+
- '8.2'
26+
steps:
27+
- name: Checkout
28+
uses: actions/checkout@v4
29+
with:
30+
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
31+
32+
- name: Setup PHP
33+
uses: shivammathur/setup-php@v2
34+
with:
35+
php-version: ${{ matrix.php }}
36+
extensions: curl, mbstring
37+
tools: composer:v2
38+
coverage: none
39+
40+
- name: Cache dependencies
41+
id: composer-cache
42+
uses: actions/cache@v4
43+
with:
44+
path: ./vendor
45+
key: composer-${{ hashFiles('**/composer.lock') }}
46+
47+
- name: Install dependencies
48+
run: composer install
49+
50+
- name: Restore cache PHPStan results
51+
id: phpstan-cache-restore
52+
uses: actions/cache/restore@v4
53+
with:
54+
path: .cache
55+
key: "phpstan-result-cache-${{ matrix.php }}-${{ github.run_id }}"
56+
restore-keys: |
57+
phpstan-result-cache-
58+
59+
- name: Run PHPStan
60+
run: ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi --error-format=sarif > phpstan.sarif
61+
62+
- name: "Upload SARIF report"
63+
if: always()
64+
uses: "github/codeql-action/upload-sarif@v3"
65+
with:
66+
sarif_file: phpstan.sarif
67+
68+
- name: Save cache PHPStan results
69+
id: phpstan-cache-save
70+
if: always()
71+
uses: actions/cache/save@v4
72+
with:
73+
path: .cache
74+
key: ${{ steps.phpstan-cache-restore.outputs.cache-primary-key }}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /