diff --git a/.github/workflows/update-ssdlc-report.yaml b/.github/workflows/update-ssdlc-report.yaml new file mode 100644 index 0000000000..00a55c5114 --- /dev/null +++ b/.github/workflows/update-ssdlc-report.yaml @@ -0,0 +1,118 @@ +name: Update Compliance Report + +on: + release: + types: [published] + workflow_dispatch: + inputs: + tag: + description: 'atlascli tag version (e.g. 1.42.2)' + required: true + type: string + +jobs: + update-compliance-report: + runs-on: ubuntu-latest + steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} + - name: Checkout + uses: actions/checkout@v4 + - name: Extract AUTHOR and VERSION + id: extract + run: | + if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then + # Expect input like 'atlascli/v1.42.2' or '1.42.2' + TAG="${{ github.event.inputs.tag }}" + VERSION="${TAG#atlascli/v}" + AUTHOR="${{ github.actor }}" + else + # GITHUB_REF is refs/tags/atlascli/v1.42.2 + VERSION="${GITHUB_REF#refs/tags/atlascli/v}" + AUTHOR="${{ github.event.release.author.login }}" + fi + echo "author=$AUTHOR" >> "$GITHUB_OUTPUT" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + - name: Run gen-ssdlc-report.sh + env: + AUTHOR: ${{ steps.extract.outputs.author }} + VERSION: ${{ steps.extract.outputs.version }} + run: ./build/package/gen-ssdlc-report.sh + - name: set Apix Bot token + id: app-token + uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42 + with: + app-id: ${{ secrets.APIXBOT_APP_ID }} + private-key: ${{ secrets.APIXBOT_APP_PEM }} + - name: Find JIRA ticket + id: find + uses: mongodb/apix-action/find-jira@3024080388613583e3bd119bfb1ab4b4dbf43c42 + with: + token: ${{ secrets.JIRA_API_TOKEN }} + jql: project = CLOUDP AND status NOT IN (Closed, Resolved) AND summary ~ "Update Compliance Report" + - name: Set JIRA ticket (find) + if: steps.find.outputs.found == 'true' + run: | + echo "JIRA_KEY=${{steps.find.outputs.issue-key}}" >> "$GITHUB_ENV" + - name: Create JIRA ticket + uses: mongodb/apix-action/create-jira@3024080388613583e3bd119bfb1ab4b4dbf43c42 + id: create + if: steps.find.outputs.found == 'false' + with: + token: ${{ secrets.JIRA_API_TOKEN }} + project-key: CLOUDP + summary: "[AtlasCLI] Update Compliance Report" + issuetype: Story + description: Update Compliance Report + components: AtlasCLI + assignee: ${{ secrets.ASSIGNEE_JIRA_TICKET }} + extra-data: | + { + "fields": { + "fixVersions": [ + { + "id": "41805" + } + ], + "customfield_12751": [ + { + "id": "22223" + } + ], + "customfield_10257": { + "id": "11861" + } + } + } + - name: Set JIRA ticket (create) + if: steps.find.outputs.found == 'false' + run: | + echo "JIRA_KEY=${{steps.create.outputs.issue-key}}" >> "$GITHUB_ENV" + - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e + id: pr + with: + token: ${{ steps.app-token.outputs.token }} + committer: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" + author: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" + title: "${{ env.JIRA_KEY }}: Update compliance report for v${{ steps.extract.outputs.version }}" + commit-message: "${{ env.JIRA_KEY }}: Update compliance report for v${{ steps.extract.outputs.version }}" + delete-branch: true + base: master + branch: ${{ env.JIRA_KEY }} + labels: | + compliance + auto + auto_close_jira + body: | + ## Proposed changes + Update compliance report for v${{ steps.extract.outputs.version }} + _Jira ticket:_ ${{ env.JIRA_KEY }} + + Note: Jira ticket will be closed automatically when this PR is merged. + + - name: Set auto merge + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + run: | + gh pr merge "${{ steps.pr.outputs.pull-request-url }}" --auto --squash diff --git a/.gitignore b/.gitignore index 34b4a13e2b..68d0517690 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,6 @@ *.so *.dylib bin/** -compliance/** dist/** # mac notarization service linux_amd64/** diff --git a/build/ci/release.yml b/build/ci/release.yml index e8b6a3b856..3d3ddb46d4 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -112,15 +112,6 @@ functions: --repo mongodb_mongodb-atlas-cli \ --branch ${branch_name} rm ${workdir}/kondukto_credentials.env - "generate ssdlc report": - - command: subprocess.exec - params: - include_expansions_in_env: - - author - env: - AUTHOR: ${author} - <<: *go_options - binary: build/package/gen-ssdlc-report.sh "package": - command: github.generate_token params: @@ -404,7 +395,6 @@ tasks: commands: - func: "generate sbom" - func: "run silkbomb" - - func: "generate ssdlc report" - name: package_goreleaser tags: ["packaging"] depends_on: diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index db87b90077..23bfa599be 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -19,22 +19,28 @@ set -eu release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" -VERSION="" -VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) + +if [ -z "${AUTHOR:-}" ]; then + AUTHOR=$(git config user.name) +fi + +if [ -z "${VERSION:-}" ]; then + VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) +fi + +export AUTHOR export VERSION -export AUTHOR="${AUTHOR:-$(git config user.name)}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." -# Ensure compliance directory exists -mkdir -p "compliance/" +# Ensure AtlasCLI version directory exists +mkdir -p "compliance/v${VERSION}" -# Generate the report in compliance/ with a versioned filename envsubst < docs/releases/ssdlc-compliance.template.md \ - > "compliance/ssdlc-compliance-${VERSION}.md" + > "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md" -echo "SDLC checklist ready. Files in compliance/:" -ls -l "compliance/" +echo "SDLC checklist ready. Files in compliance/v${VERSION}/:" +ls -l "compliance/v${VERSION}/" echo "Printing the generated report:" -cat "compliance/ssdlc-compliance-${VERSION}.md" \ No newline at end of file +cat "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md"