From 7b9f213e75cd0bb37b6121799c32d79b64122da7 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 15:11:35 +0100 Subject: [PATCH 01/29] WIP --- build/ci/gen_ssdlc_report.sh | 33 ++++++++++++++++ build/ci/release.yml | 10 +++++ docs/releases/ssdlc-compliance.template.md | 44 ++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100755 build/ci/gen_ssdlc_report.sh create mode 100644 docs/releases/ssdlc-compliance.template.md diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh new file mode 100755 index 0000000000..4735c1bd8d --- /dev/null +++ b/build/ci/gen_ssdlc_report.sh @@ -0,0 +1,33 @@ + +#!/bin/bash +# Copyright 2025 MongoDB Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -eu + +release_date=${DATE:-$(date -u '+%Y-%m-%d')} + +export DATE="${release_date}" +export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) +export AUTHORS="git config user.name" + +echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." + +mkdir -p "dist/releases/${VERSION}/" +envsubst < docs/releases/ssdlc-compliance.template.md \ + > "dist/releases/${VERSION}/ssdlc-compliance.md" + +echo "SDLC checklist ready. Files at dist/releases/${VERSION}:" +ls -l "dist/releases/${VERSION}" diff --git a/build/ci/release.yml b/build/ci/release.yml index 3d3ddb46d4..a3a83e31cf 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -367,6 +367,13 @@ functions: shell: bash script: | ./run-copybara.sh + "gen_ssdlc_report": + - command: subprocess.exec + env: + <<: *go_env + VERSION: ${VERSION} + params: + binary: build/package/gen_ssdlc_report.sh tasks: - name: package_msi tags: ["packaging"] @@ -395,6 +402,9 @@ tasks: commands: - func: "generate sbom" - func: "run silkbomb" + - name: gen_ssdlc_report + commands: + - func: "gen_ssdlc_report" - name: package_goreleaser tags: ["packaging"] depends_on: diff --git a/docs/releases/ssdlc-compliance.template.md b/docs/releases/ssdlc-compliance.template.md new file mode 100644 index 0000000000..dff3e0deac --- /dev/null +++ b/docs/releases/ssdlc-compliance.template.md @@ -0,0 +1,44 @@ +SSDLC Compliance Report: Atlas CLI ${VERSION} +================================================================= + +- Release Creators: ${AUTHORS} +- Created On: ${DATE} + +Overview: + +- **Product and Release Name** + + - Atlas CLI v${VERSION}, ${DATE}. + +- **Process Document** + - http://go/how-we-develop-software-doc + +- **Tool used to track third party vulnerabilities** + - [Kondukto](https://arcticglow.kondukto.io/) + +- **Dependency Information** + - See SBOMS Lite manifests (CycloneDX in JSON format) for `Intel` and `ARM` are to be found [here](.) + - See [instructions on how the SBOMs are generated or how to generate them manually](../../dev/image-sboms.md) + +- **Static Analysis Report** + - No SAST findings. Our CI system blocks merges on any SAST findings.${IGNORED_VULNERABILITIES} + +- **Release Signature Report** + - Image signatures enforced by CI pipeline. + - See [Signature verification instructions here](../../dev/signed-images.md) + - Self-verification shortcut: + ```shell + make verify IMG=mongodb/mongodb-atlas-cli:${VERSION} SIGNATURE_REPO=mongodb/signatures + ``` + +- **Security Testing Report** + - Available as needed from Cloud Security. + +- **Security Assessment Report** + - Available as needed from Cloud Security. + +Assumptions and attestations: + +- Internal processes are used to ensure CVEs are identified and mitigated within SLAs. + +- All Operator images are signed by MongoDB, with signatures stored at `docker.io/mongodb/signatures`. \ No newline at end of file From 94413354aa7641995af07b82c463320822e8b2a1 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 15:37:38 +0100 Subject: [PATCH 02/29] update --- build/ci/gen_ssdlc_report.sh | 2 +- build/ci/release.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh index 4735c1bd8d..af80ad95ff 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen_ssdlc_report.sh @@ -21,7 +21,7 @@ release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) -export AUTHORS="git config user.name" +export AUTHOR=$AUTHOR echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." diff --git a/build/ci/release.yml b/build/ci/release.yml index a3a83e31cf..d144e0ce56 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -369,9 +369,10 @@ functions: ./run-copybara.sh "gen_ssdlc_report": - command: subprocess.exec + include_expansions_in_env: + - author env: - <<: *go_env - VERSION: ${VERSION} + AUTHOR: ${author} params: binary: build/package/gen_ssdlc_report.sh tasks: From e3ba2959f267d76affcab9553ef0b5ebe6c2c915 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 17:16:02 +0100 Subject: [PATCH 03/29] update --- build/ci/gen_ssdlc_report.sh | 3 +-- docs/releases/ssdlc-compliance.template.md | 24 +++++----------------- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh index af80ad95ff..92f6319799 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen_ssdlc_report.sh @@ -1,4 +1,3 @@ - #!/bin/bash # Copyright 2025 MongoDB Inc # @@ -21,7 +20,7 @@ release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) -export AUTHOR=$AUTHOR +export AUTHOR="${AUTHOR:-$(git config user.name)}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." diff --git a/docs/releases/ssdlc-compliance.template.md b/docs/releases/ssdlc-compliance.template.md index dff3e0deac..4bbf6d66b5 100644 --- a/docs/releases/ssdlc-compliance.template.md +++ b/docs/releases/ssdlc-compliance.template.md @@ -1,14 +1,13 @@ SSDLC Compliance Report: Atlas CLI ${VERSION} ================================================================= -- Release Creators: ${AUTHORS} +- Release Creator: ${AUTHOR} - Created On: ${DATE} Overview: - **Product and Release Name** - - - Atlas CLI v${VERSION}, ${DATE}. + - Atlas CLI ${VERSION}, ${DATE}. - **Process Document** - http://go/how-we-develop-software-doc @@ -17,19 +16,8 @@ Overview: - [Kondukto](https://arcticglow.kondukto.io/) - **Dependency Information** - - See SBOMS Lite manifests (CycloneDX in JSON format) for `Intel` and `ARM` are to be found [here](.) - - See [instructions on how the SBOMs are generated or how to generate them manually](../../dev/image-sboms.md) - -- **Static Analysis Report** - - No SAST findings. Our CI system blocks merges on any SAST findings.${IGNORED_VULNERABILITIES} - -- **Release Signature Report** - - Image signatures enforced by CI pipeline. - - See [Signature verification instructions here](../../dev/signed-images.md) - - Self-verification shortcut: - ```shell - make verify IMG=mongodb/mongodb-atlas-cli:${VERSION} SIGNATURE_REPO=mongodb/signatures - ``` + - See SBOM Lite manifests (CycloneDX in JSON format): + - https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2F${VERSION}/sbom.json - **Security Testing Report** - Available as needed from Cloud Security. @@ -39,6 +27,4 @@ Overview: Assumptions and attestations: -- Internal processes are used to ensure CVEs are identified and mitigated within SLAs. - -- All Operator images are signed by MongoDB, with signatures stored at `docker.io/mongodb/signatures`. \ No newline at end of file +- Internal processes are used to ensure CVEs are identified and mitigated within SLAs. \ No newline at end of file From 3387c4833b1c026f443b7519f69ecbeb540f6c4d Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 17:43:43 +0100 Subject: [PATCH 04/29] update --- build/ci/gen_ssdlc_report.sh | 11 +++++++---- build/ci/release.yml | 6 ++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh index 92f6319799..241257c115 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen_ssdlc_report.sh @@ -24,9 +24,12 @@ export AUTHOR="${AUTHOR:-$(git config user.name)}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." -mkdir -p "dist/releases/${VERSION}/" +# Ensure compliance directory exists +mkdir -p "compliance/" + +# Generate the report in compliance/ with a versioned filename envsubst < docs/releases/ssdlc-compliance.template.md \ - > "dist/releases/${VERSION}/ssdlc-compliance.md" + > "compliance/ssdlc-compliance-${VERSION}.md" -echo "SDLC checklist ready. Files at dist/releases/${VERSION}:" -ls -l "dist/releases/${VERSION}" +echo "SDLC checklist ready. Files in compliance/:" +ls -l "compliance/" diff --git a/build/ci/release.yml b/build/ci/release.yml index d144e0ce56..23f7c6ae83 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -367,7 +367,7 @@ functions: shell: bash script: | ./run-copybara.sh - "gen_ssdlc_report": + "generate ssdlc report": - command: subprocess.exec include_expansions_in_env: - author @@ -403,9 +403,7 @@ tasks: commands: - func: "generate sbom" - func: "run silkbomb" - - name: gen_ssdlc_report - commands: - - func: "gen_ssdlc_report" + - func: "generate ssdlc report" - name: package_goreleaser tags: ["packaging"] depends_on: From cddaf93c58a6785c967950967f266725ad87d2eb Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 18:07:11 +0100 Subject: [PATCH 05/29] shell check --- build/ci/gen_ssdlc_report.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh index 241257c115..29004d6a7a 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen_ssdlc_report.sh @@ -19,7 +19,9 @@ set -eu release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" -export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) +VERSION="" +VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) +export VERSION export AUTHOR="${AUTHOR:-$(git config user.name)}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." From 9fd512d99e8b4d3b20e32845752ab4ac6fb53e15 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 18:24:47 +0100 Subject: [PATCH 06/29] update --- build/ci/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/ci/release.yml b/build/ci/release.yml index 23f7c6ae83..0668da6300 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -374,7 +374,7 @@ functions: env: AUTHOR: ${author} params: - binary: build/package/gen_ssdlc_report.sh + binary: build/ci/gen_ssdlc_report.sh tasks: - name: package_msi tags: ["packaging"] From 5a5616a8d97f51f30f99084e803f5bf6e8c7bd71 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 18:26:10 +0100 Subject: [PATCH 07/29] update --- build/ci/gen_ssdlc_report.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen_ssdlc_report.sh index 29004d6a7a..a090c7ae84 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen_ssdlc_report.sh @@ -24,7 +24,7 @@ VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) export VERSION export AUTHOR="${AUTHOR:-$(git config user.name)}" -echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}..." +echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." # Ensure compliance directory exists mkdir -p "compliance/" @@ -35,3 +35,6 @@ envsubst < docs/releases/ssdlc-compliance.template.md \ echo "SDLC checklist ready. Files in compliance/:" ls -l "compliance/" + +echo "Printing the generated report:" +cat "compliance/ssdlc-compliance-${VERSION}.md" \ No newline at end of file From 8e016b3d2db0320eb8c4574d8663526661acf72c Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 18:32:38 +0100 Subject: [PATCH 08/29] update working dir --- build/ci/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/build/ci/release.yml b/build/ci/release.yml index 0668da6300..879246d436 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -375,6 +375,7 @@ functions: AUTHOR: ${author} params: binary: build/ci/gen_ssdlc_report.sh + working_dir: src/github.com/mongodb/mongodb-atlas-cli tasks: - name: package_msi tags: ["packaging"] From bc4398f8bb544b9a80d8055483d36fcdd951177e Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 18:43:43 +0100 Subject: [PATCH 09/29] update --- build/ci/evergreen.yml | 2 +- build/ci/{gen_ssdlc_report.sh => gen-ssdlc-report.sh} | 2 +- build/ci/release.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename build/ci/{gen_ssdlc_report.sh => gen-ssdlc-report.sh} (98%) diff --git a/build/ci/evergreen.yml b/build/ci/evergreen.yml index 2a4af46213..13100ca738 100644 --- a/build/ci/evergreen.yml +++ b/build/ci/evergreen.yml @@ -500,7 +500,7 @@ functions: cat < expansions.yaml home: $HOME tag: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1) - version: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) + version: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'atlascli/' -f 2) EOF - command: expansions.update params: diff --git a/build/ci/gen_ssdlc_report.sh b/build/ci/gen-ssdlc-report.sh similarity index 98% rename from build/ci/gen_ssdlc_report.sh rename to build/ci/gen-ssdlc-report.sh index a090c7ae84..db87b90077 100755 --- a/build/ci/gen_ssdlc_report.sh +++ b/build/ci/gen-ssdlc-report.sh @@ -20,7 +20,7 @@ release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" VERSION="" -VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 ) +VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) export VERSION export AUTHOR="${AUTHOR:-$(git config user.name)}" diff --git a/build/ci/release.yml b/build/ci/release.yml index 879246d436..aaf516b4ed 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -374,8 +374,8 @@ functions: env: AUTHOR: ${author} params: - binary: build/ci/gen_ssdlc_report.sh - working_dir: src/github.com/mongodb/mongodb-atlas-cli + binary: build/ci/gen-ssdlc-report.sh + working_dir: src/github.com/mongodb/mongodb-atlas-cli tasks: - name: package_msi tags: ["packaging"] From 1b834db7da4914404bae097377f486313aec9659 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 19:00:16 +0100 Subject: [PATCH 10/29] updatE --- build/ci/release.yml | 19 ++++++++++--------- build/{ci => package}/gen-ssdlc-report.sh | 0 2 files changed, 10 insertions(+), 9 deletions(-) rename build/{ci => package}/gen-ssdlc-report.sh (100%) diff --git a/build/ci/release.yml b/build/ci/release.yml index aaf516b4ed..ad3106a4dc 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -112,6 +112,16 @@ functions: --repo mongodb_mongodb-atlas-cli \ --branch ${branch_name} rm ${workdir}/kondukto_credentials.env + "generate ssdlc report": + - command: subprocess.exec + type: test + include_expansions_in_env: + - author + env: + AUTHOR: ${author} + params: + <<: *go_options + binary: build/package/gen-ssdlc-report.sh "package": - command: github.generate_token params: @@ -367,15 +377,6 @@ functions: shell: bash script: | ./run-copybara.sh - "generate ssdlc report": - - command: subprocess.exec - include_expansions_in_env: - - author - env: - AUTHOR: ${author} - params: - binary: build/ci/gen-ssdlc-report.sh - working_dir: src/github.com/mongodb/mongodb-atlas-cli tasks: - name: package_msi tags: ["packaging"] diff --git a/build/ci/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh similarity index 100% rename from build/ci/gen-ssdlc-report.sh rename to build/package/gen-ssdlc-report.sh From f6c1bf6bf2ef58282142dc205c7f04975e6cf451 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 19:13:13 +0100 Subject: [PATCH 11/29] update --- build/ci/release.yml | 3 +-- build/package/gen-ssdlc-report.sh | 4 +++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build/ci/release.yml b/build/ci/release.yml index ad3106a4dc..fb57fd406c 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -117,8 +117,7 @@ functions: type: test include_expansions_in_env: - author - env: - AUTHOR: ${author} + - github_author params: <<: *go_options binary: build/package/gen-ssdlc-report.sh diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index db87b90077..449ba015a9 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -22,7 +22,9 @@ export DATE="${release_date}" VERSION="" VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) export VERSION -export AUTHOR="${AUTHOR:-$(git config user.name)}" +export AUTHOR="${author:-$(git config user.name)}" + +echo "Author: ${author}, Github Author: ${github_author}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." From d92703c50d33bf6e4ab970db07ba6f6451512a1a Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 19:19:03 +0100 Subject: [PATCH 12/29] update --- build/package/gen-ssdlc-report.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 449ba015a9..3652b707a5 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -24,7 +24,8 @@ VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' export VERSION export AUTHOR="${author:-$(git config user.name)}" -echo "Author: ${author}, Github Author: ${github_author}" +# PR test +echo "Author: ${author:-}, Github Author: ${github_author:-}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." From b37caf0cb2f17f2793ccb51f5a37cf347130af38 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 19:24:06 +0100 Subject: [PATCH 13/29] undo change --- build/ci/evergreen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/ci/evergreen.yml b/build/ci/evergreen.yml index 13100ca738..2a4af46213 100644 --- a/build/ci/evergreen.yml +++ b/build/ci/evergreen.yml @@ -500,7 +500,7 @@ functions: cat < expansions.yaml home: $HOME tag: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1) - version: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'atlascli/' -f 2) + version: $(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) EOF - command: expansions.update params: From d664e083db015e4faa7f62c0d120321f68bf264a Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 19:48:43 +0100 Subject: [PATCH 14/29] update --- build/ci/release.yml | 3 +++ build/package/gen-ssdlc-report.sh | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/build/ci/release.yml b/build/ci/release.yml index fb57fd406c..af008d2234 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -118,6 +118,9 @@ functions: include_expansions_in_env: - author - github_author + env: + AUTHOR: ${author} + GITHUB_AUTHOR: ${github_author} params: <<: *go_options binary: build/package/gen-ssdlc-report.sh diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 3652b707a5..8ae054001c 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -22,10 +22,10 @@ export DATE="${release_date}" VERSION="" VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) export VERSION -export AUTHOR="${author:-$(git config user.name)}" +export AUTHOR="${AUTHOR:-$(git config user.name)}" # PR test -echo "Author: ${author:-}, Github Author: ${github_author:-}" +echo "Author: ${AUTHOR:-}, Github Author: ${GITHUB_AUTHOR:-}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." From 13c177ccb333ddb45f875dbbcb75fa62d27decf4 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Tue, 20 May 2025 20:10:35 +0100 Subject: [PATCH 15/29] update --- build/ci/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/build/ci/release.yml b/build/ci/release.yml index af008d2234..d88d5be095 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -114,7 +114,6 @@ functions: rm ${workdir}/kondukto_credentials.env "generate ssdlc report": - command: subprocess.exec - type: test include_expansions_in_env: - author - github_author From 9e8914d0cdc09fd06b41ae896f241a0b8987336c Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 10:11:06 +0100 Subject: [PATCH 16/29] update --- build/package/gen-ssdlc-report.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 8ae054001c..db87b90077 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -24,9 +24,6 @@ VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' export VERSION export AUTHOR="${AUTHOR:-$(git config user.name)}" -# PR test -echo "Author: ${AUTHOR:-}, Github Author: ${GITHUB_AUTHOR:-}" - echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." # Ensure compliance directory exists From 3f768decaa3be235653be472e8ec0687e8cb3204 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 10:27:35 +0100 Subject: [PATCH 17/29] update --- docs/releases/ssdlc-compliance.template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/releases/ssdlc-compliance.template.md b/docs/releases/ssdlc-compliance.template.md index 4bbf6d66b5..85ac270bbe 100644 --- a/docs/releases/ssdlc-compliance.template.md +++ b/docs/releases/ssdlc-compliance.template.md @@ -17,7 +17,7 @@ Overview: - **Dependency Information** - See SBOM Lite manifests (CycloneDX in JSON format): - - https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2F${VERSION}/sbom.json + - https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2Fv${VERSION}/sbom.json - **Security Testing Report** - Available as needed from Cloud Security. From 4092348911dfc9b29765cfe181dd48c4f10c6401 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 16:03:29 +0100 Subject: [PATCH 18/29] Address comment: update link --- docs/releases/ssdlc-compliance.template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/releases/ssdlc-compliance.template.md b/docs/releases/ssdlc-compliance.template.md index 85ac270bbe..28db093359 100644 --- a/docs/releases/ssdlc-compliance.template.md +++ b/docs/releases/ssdlc-compliance.template.md @@ -10,7 +10,7 @@ Overview: - Atlas CLI ${VERSION}, ${DATE}. - **Process Document** - - http://go/how-we-develop-software-doc + - https://www.mongodb.com/blog/post/how-mongodb-protects-against-supply-chain-vulnerabilities - **Tool used to track third party vulnerabilities** - [Kondukto](https://arcticglow.kondukto.io/) From 9189f5e18c12ce3fe8230c055c5b484aa233a266 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 16:38:31 +0100 Subject: [PATCH 19/29] CLOUDP-319858: Auto-update SBOM report in codebase --- .github/workflows/update-sbom-report.yaml | 64 +++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/update-sbom-report.yaml diff --git a/.github/workflows/update-sbom-report.yaml b/.github/workflows/update-sbom-report.yaml new file mode 100644 index 0000000000..17f0993a93 --- /dev/null +++ b/.github/workflows/update-sbom-report.yaml @@ -0,0 +1,64 @@ +name: Update Compliance Report + +on: + release: + types: [published] + +jobs: + update-compliance-report: + runs-on: ubuntu-latest + steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + config: ${{ vars.PERMISSIONS_CONFIG }} + + - name: Checkout + uses: actions/checkout@v4 + + - name: Make scripts executable + run: chmod +x ./build/package/gen-ssdlc-report.sh + + - name: Run gen-ssdlc-report.sh + run: ./build/package/gen-ssdlc-report.sh + + - name: Extract version from tag + id: extract_version + run: | + TAG="${GITHUB_REF#refs/tags/atlascli/v}" + echo "VERSION=$TAG" >> "$GITHUB_OUTPUT" + + - name: Prepare compliance report folder + run: | + mkdir -p docs/releases/v${{ steps.extract_version.outputs.VERSION }} + cp compliance/ssdlc-compliance-${{ steps.extract_version.outputs.VERSION }}.md docs/releases/v${{ steps.extract_version.outputs.VERSION }}/ + + - name: set Apix Bot token + id: app-token + uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42 + with: + app-id: ${{ secrets.APIXBOT_APP_ID }} + private-key: ${{ secrets.APIXBOT_APP_PEM }} + + - uses: peter-evans/create-pull-request@v6 + id: pr + with: + token: ${{ steps.app-token.outputs.token }} + committer: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" + author: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" + title: "chore: update compliance report for v${{ steps.extract_version.outputs.VERSION }}" + commit-message: "chore: update compliance report for v${{ steps.extract_version.outputs.VERSION }}" + delete-branch: true + base: main + branch: update-compliance-report-v${{ steps.extract_version.outputs.VERSION }} + labels: | + compliance + auto + body: | + ## Proposed changes + Update compliance report for v${{ steps.extract_version.outputs.VERSION }} + + - name: Set auto merge + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + run: | + gh pr merge "${{ steps.pr.outputs.pull-request-url }}" --auto --squash From b562bf879d847d0eda45f2c4eeebcde83c6e0274 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:12:49 +0100 Subject: [PATCH 20/29] update gitignore --- .gitignore | 1 + build/package/gen-ssdlc-report.sh | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 34b4a13e2b..5c50542573 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ *.dylib bin/** compliance/** +!compliance/v* dist/** # mac notarization service linux_amd64/** diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index db87b90077..476d1e1df7 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -27,14 +27,14 @@ export AUTHOR="${AUTHOR:-$(git config user.name)}" echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." # Ensure compliance directory exists -mkdir -p "compliance/" +mkdir -p compliance/v${VERSION} # Generate the report in compliance/ with a versioned filename envsubst < docs/releases/ssdlc-compliance.template.md \ - > "compliance/ssdlc-compliance-${VERSION}.md" + > "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md" -echo "SDLC checklist ready. Files in compliance/:" -ls -l "compliance/" +echo "SDLC checklist ready. Files in compliance/v${VERSION}/:" +ls -l "compliance/v${VERSION}/" echo "Printing the generated report:" -cat "compliance/ssdlc-compliance-${VERSION}.md" \ No newline at end of file +cat "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md" \ No newline at end of file From 65f5fc13dedb3a68fe9d0d93823e75dbc617eb33 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:15:04 +0100 Subject: [PATCH 21/29] update --- .gitignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5c50542573..68d0517690 100644 --- a/.gitignore +++ b/.gitignore @@ -5,8 +5,6 @@ *.so *.dylib bin/** -compliance/** -!compliance/v* dist/** # mac notarization service linux_amd64/** From 61b189f25570adae64d6d4f56d65d419250f49d9 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:38:05 +0100 Subject: [PATCH 22/29] update --- .github/workflows/update-sbom-report.yaml | 48 ++++++++++++++--------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/.github/workflows/update-sbom-report.yaml b/.github/workflows/update-sbom-report.yaml index 17f0993a93..fd967574a6 100644 --- a/.github/workflows/update-sbom-report.yaml +++ b/.github/workflows/update-sbom-report.yaml @@ -3,6 +3,12 @@ name: Update Compliance Report on: release: types: [published] + workflow_dispatch: + inputs: + tag: + description: 'atlascli tag version (e.g. 1.42.2)' + required: true + type: string jobs: update-compliance-report: @@ -11,51 +17,57 @@ jobs: - uses: GitHubSecurityLab/actions-permissions/monitor@v1 with: config: ${{ vars.PERMISSIONS_CONFIG }} - - name: Checkout uses: actions/checkout@v4 - - name: Make scripts executable run: chmod +x ./build/package/gen-ssdlc-report.sh - + - name: Extract AUTHOR and VERSION + id: extract + run: | + if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then + # Expect input like 'atlascli/v1.42.2' or '1.42.2' + TAG="${{ github.event.inputs.tag }}" + VERSION="${TAG#atlascli/v}" + AUTHOR="${{ github.actor }}" + else + # GITHUB_REF is refs/tags/atlascli/v1.42.2 + VERSION="${GITHUB_REF#refs/tags/atlascli/v}" + AUTHOR="${{ github.event.release.author.login }}" + fi + echo "author=$AUTHOR" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> $GITHUB_OUTPUT - name: Run gen-ssdlc-report.sh + env: + AUTHOR: ${{ steps.extract.outputs.author }} + VERSION: ${{ steps.extract.outputs.version }} run: ./build/package/gen-ssdlc-report.sh - - - name: Extract version from tag - id: extract_version - run: | - TAG="${GITHUB_REF#refs/tags/atlascli/v}" - echo "VERSION=$TAG" >> "$GITHUB_OUTPUT" - - name: Prepare compliance report folder run: | - mkdir -p docs/releases/v${{ steps.extract_version.outputs.VERSION }} - cp compliance/ssdlc-compliance-${{ steps.extract_version.outputs.VERSION }}.md docs/releases/v${{ steps.extract_version.outputs.VERSION }}/ - + mkdir -p docs/releases/v${{ steps.extract.outputs.version }} + cp compliance/v${{ steps.extract.outputs.version }}/ssdlc-compliance-${{ steps.extract.outputs.version }}.md docs/releases/v${{ steps.extract.outputs.version }}/ - name: set Apix Bot token id: app-token uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42 with: app-id: ${{ secrets.APIXBOT_APP_ID }} private-key: ${{ secrets.APIXBOT_APP_PEM }} - - uses: peter-evans/create-pull-request@v6 id: pr with: token: ${{ steps.app-token.outputs.token }} committer: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" author: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" - title: "chore: update compliance report for v${{ steps.extract_version.outputs.VERSION }}" - commit-message: "chore: update compliance report for v${{ steps.extract_version.outputs.VERSION }}" + title: "chore: update compliance report for v${{ steps.extract.outputs.version }}" + commit-message: "chore: update compliance report for v${{ steps.extract.outputs.version }}" delete-branch: true base: main - branch: update-compliance-report-v${{ steps.extract_version.outputs.VERSION }} + branch: update-compliance-report-v${{ steps.extract.outputs.version }} labels: | compliance auto body: | ## Proposed changes - Update compliance report for v${{ steps.extract_version.outputs.VERSION }} + Update compliance report for v${{ steps.extract.outputs.version }} - name: Set auto merge env: From 31ae5b1286e289627810051314fccca26142e17e Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:41:00 +0100 Subject: [PATCH 23/29] remove ssdlc report gen from sbom upload task --- build/ci/release.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/build/ci/release.yml b/build/ci/release.yml index 6a0e0c911a..3d3ddb46d4 100644 --- a/build/ci/release.yml +++ b/build/ci/release.yml @@ -112,25 +112,6 @@ functions: --repo mongodb_mongodb-atlas-cli \ --branch ${branch_name} rm ${workdir}/kondukto_credentials.env - "generate ssdlc report": - - command: subprocess.exec -<<<<<<< HEAD - include_expansions_in_env: - - author - - github_author - env: - AUTHOR: ${author} - GITHUB_AUTHOR: ${github_author} - params: -======= - params: - include_expansions_in_env: - - author - env: - AUTHOR: ${author} ->>>>>>> origin/master - <<: *go_options - binary: build/package/gen-ssdlc-report.sh "package": - command: github.generate_token params: @@ -414,7 +395,6 @@ tasks: commands: - func: "generate sbom" - func: "run silkbomb" - - func: "generate ssdlc report" - name: package_goreleaser tags: ["packaging"] depends_on: From b4ce95617c22d68a22502e42e6d89fe4c50d577a Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:45:46 +0100 Subject: [PATCH 24/29] update report gen --- .github/workflows/update-sbom-report.yaml | 4 ---- build/package/gen-ssdlc-report.sh | 15 +++++++++------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/update-sbom-report.yaml b/.github/workflows/update-sbom-report.yaml index fd967574a6..de7a7ea1e0 100644 --- a/.github/workflows/update-sbom-report.yaml +++ b/.github/workflows/update-sbom-report.yaml @@ -41,10 +41,6 @@ jobs: AUTHOR: ${{ steps.extract.outputs.author }} VERSION: ${{ steps.extract.outputs.version }} run: ./build/package/gen-ssdlc-report.sh - - name: Prepare compliance report folder - run: | - mkdir -p docs/releases/v${{ steps.extract.outputs.version }} - cp compliance/v${{ steps.extract.outputs.version }}/ssdlc-compliance-${{ steps.extract.outputs.version }}.md docs/releases/v${{ steps.extract.outputs.version }}/ - name: set Apix Bot token id: app-token uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42 diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 5b0e62dfd3..62e0a272fb 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -19,17 +19,20 @@ set -eu release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" -VERSION="" -VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) -export VERSION -export AUTHOR="${AUTHOR:-$(git config user.name)}" + +if [ -z "${AUTHOR:-}" ]; then + export AUTHOR=$(git config user.name) +fi + +if [ -z "${VERSION:-}" ]; then + export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) +fi echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." -# Ensure compliance directory exists +# Ensure AtlasCLI version directory exists mkdir -p compliance/v${VERSION} -# Generate the report in compliance/ with a versioned filename envsubst < docs/releases/ssdlc-compliance.template.md \ > "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md" From bd8894f24c215aa50fe7375f077342a3fb7590b4 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:46:45 +0100 Subject: [PATCH 25/29] update --- .github/workflows/update-sbom-report.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-sbom-report.yaml b/.github/workflows/update-sbom-report.yaml index de7a7ea1e0..2bab792e49 100644 --- a/.github/workflows/update-sbom-report.yaml +++ b/.github/workflows/update-sbom-report.yaml @@ -19,8 +19,6 @@ jobs: config: ${{ vars.PERMISSIONS_CONFIG }} - name: Checkout uses: actions/checkout@v4 - - name: Make scripts executable - run: chmod +x ./build/package/gen-ssdlc-report.sh - name: Extract AUTHOR and VERSION id: extract run: | From 1ba9ef9dc4120b2caec4b557eca6bb2286d68fcc Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:53:37 +0100 Subject: [PATCH 26/29] update --- build/package/gen-ssdlc-report.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 62e0a272fb..1478dfaf9e 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -21,13 +21,16 @@ release_date=${DATE:-$(date -u '+%Y-%m-%d')} export DATE="${release_date}" if [ -z "${AUTHOR:-}" ]; then - export AUTHOR=$(git config user.name) + AUTHOR=$(git config user.name) fi if [ -z "${VERSION:-}" ]; then - export VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) + VERSION=$(git tag --list 'atlascli/v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2) fi +export AUTHOR +export VERSION + echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." # Ensure AtlasCLI version directory exists From 9eca2a20460325cdd26b48bbb6f76ae4e1ee72b1 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 17:56:29 +0100 Subject: [PATCH 27/29] update --- .../{update-sbom-report.yaml => update-ssdlc-report.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename .github/workflows/{update-sbom-report.yaml => update-ssdlc-report.yaml} (95%) diff --git a/.github/workflows/update-sbom-report.yaml b/.github/workflows/update-ssdlc-report.yaml similarity index 95% rename from .github/workflows/update-sbom-report.yaml rename to .github/workflows/update-ssdlc-report.yaml index 2bab792e49..1f3433a84a 100644 --- a/.github/workflows/update-sbom-report.yaml +++ b/.github/workflows/update-ssdlc-report.yaml @@ -32,8 +32,8 @@ jobs: VERSION="${GITHUB_REF#refs/tags/atlascli/v}" AUTHOR="${{ github.event.release.author.login }}" fi - echo "author=$AUTHOR" >> $GITHUB_OUTPUT - echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "author=$AUTHOR" >> "$GITHUB_OUTPUT" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" - name: Run gen-ssdlc-report.sh env: AUTHOR: ${{ steps.extract.outputs.author }} @@ -47,7 +47,7 @@ jobs: private-key: ${{ secrets.APIXBOT_APP_PEM }} - uses: peter-evans/create-pull-request@v6 id: pr - with: + with: token: ${{ steps.app-token.outputs.token }} committer: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" author: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" From 9bdee99e61b0ea107cb6a7790e4d5d199bf89804 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 18:03:31 +0100 Subject: [PATCH 28/29] Create jira ticket --- .github/workflows/update-ssdlc-report.yaml | 60 +++++++++++++++++++--- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/.github/workflows/update-ssdlc-report.yaml b/.github/workflows/update-ssdlc-report.yaml index 1f3433a84a..00a55c5114 100644 --- a/.github/workflows/update-ssdlc-report.yaml +++ b/.github/workflows/update-ssdlc-report.yaml @@ -45,23 +45,71 @@ jobs: with: app-id: ${{ secrets.APIXBOT_APP_ID }} private-key: ${{ secrets.APIXBOT_APP_PEM }} - - uses: peter-evans/create-pull-request@v6 + - name: Find JIRA ticket + id: find + uses: mongodb/apix-action/find-jira@3024080388613583e3bd119bfb1ab4b4dbf43c42 + with: + token: ${{ secrets.JIRA_API_TOKEN }} + jql: project = CLOUDP AND status NOT IN (Closed, Resolved) AND summary ~ "Update Compliance Report" + - name: Set JIRA ticket (find) + if: steps.find.outputs.found == 'true' + run: | + echo "JIRA_KEY=${{steps.find.outputs.issue-key}}" >> "$GITHUB_ENV" + - name: Create JIRA ticket + uses: mongodb/apix-action/create-jira@3024080388613583e3bd119bfb1ab4b4dbf43c42 + id: create + if: steps.find.outputs.found == 'false' + with: + token: ${{ secrets.JIRA_API_TOKEN }} + project-key: CLOUDP + summary: "[AtlasCLI] Update Compliance Report" + issuetype: Story + description: Update Compliance Report + components: AtlasCLI + assignee: ${{ secrets.ASSIGNEE_JIRA_TICKET }} + extra-data: | + { + "fields": { + "fixVersions": [ + { + "id": "41805" + } + ], + "customfield_12751": [ + { + "id": "22223" + } + ], + "customfield_10257": { + "id": "11861" + } + } + } + - name: Set JIRA ticket (create) + if: steps.find.outputs.found == 'false' + run: | + echo "JIRA_KEY=${{steps.create.outputs.issue-key}}" >> "$GITHUB_ENV" + - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e id: pr - with: + with: token: ${{ steps.app-token.outputs.token }} committer: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" author: "${{ steps.app-token.outputs.user-name }} <${{ steps.app-token.outputs.user-email }}>" - title: "chore: update compliance report for v${{ steps.extract.outputs.version }}" - commit-message: "chore: update compliance report for v${{ steps.extract.outputs.version }}" + title: "${{ env.JIRA_KEY }}: Update compliance report for v${{ steps.extract.outputs.version }}" + commit-message: "${{ env.JIRA_KEY }}: Update compliance report for v${{ steps.extract.outputs.version }}" delete-branch: true - base: main - branch: update-compliance-report-v${{ steps.extract.outputs.version }} + base: master + branch: ${{ env.JIRA_KEY }} labels: | compliance auto + auto_close_jira body: | ## Proposed changes Update compliance report for v${{ steps.extract.outputs.version }} + _Jira ticket:_ ${{ env.JIRA_KEY }} + + Note: Jira ticket will be closed automatically when this PR is merged. - name: Set auto merge env: From 488276742f0f23347bf5fbd29a3ae3478d51e619 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 21 May 2025 18:04:22 +0100 Subject: [PATCH 29/29] shellcheck --- build/package/gen-ssdlc-report.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/package/gen-ssdlc-report.sh b/build/package/gen-ssdlc-report.sh index 1478dfaf9e..23bfa599be 100755 --- a/build/package/gen-ssdlc-report.sh +++ b/build/package/gen-ssdlc-report.sh @@ -34,7 +34,7 @@ export VERSION echo "Generating SSDLC checklist for AtlasCLI version ${VERSION}, author ${AUTHOR} and release date ${DATE}..." # Ensure AtlasCLI version directory exists -mkdir -p compliance/v${VERSION} +mkdir -p "compliance/v${VERSION}" envsubst < docs/releases/ssdlc-compliance.template.md \ > "compliance/v${VERSION}/ssdlc-compliance-${VERSION}.md"