diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index c86fea85ed8..893b67d47af 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -237,6 +237,32 @@ functions: params: file: mo-expansion.yml + generate-ssdlc-report: + - command: shell.exec + params: + working_dir: "mongo-csharp-driver" + env: + PRODUCT_NAME: "mongo-csharp-driver" + github_commit: ${github_commit} + script: | + ${PREPARE_SHELL} + ./evergreen/generate-ssdlc-report.sh + - command: ec2.assume_role + params: + role_arn: ${UPLOAD_SSDLC_RELEASE_ASSETS_ROLE_ARN} + - command: s3.put + params: + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} + local_file: ./mongo-csharp-driver/artifacts/ssdlc/ssdlc_compliance_report.md + remote_file: mongo-csharp-driver/${PACKAGE_VERSION}/ssdlc_compliance_report.md + bucket: csharp-driver-release-assets + region: us-west-2 + permissions: private + content_type: text/markdown + display_name: ssdlc_compliance_report.md + ocsp-bootstrap-mongo-orchestration: - command: shell.exec params: @@ -864,7 +890,7 @@ functions: params: key_id: ${papertrail_key_id} secret_key: ${papertrail_secret_key} - product: ${PRODUCT_NAME} + product: "mongo-csharp-driver" version: ${PACKAGE_VERSION} filenames: - "mongo-csharp-driver/artifacts/nuget/MongoDB.Bson.${PACKAGE_VERSION}.nupkg" @@ -1800,9 +1826,6 @@ tasks: vars: PACKAGES_SOURCE: "https://api.nuget.org/v3/index.json" PACKAGES_SOURCE_KEY: ${nuget_api_key} - - func: trace-artifacts - vars: - PRODUCT_NAME: "mongo-csharp-driver" - name: push-packages-myget commands: @@ -1819,6 +1842,12 @@ tasks: - func: build-apidocs - func: upload-apidocs + - name: generate-ssdlc-reports + commands: + - func: download-packages + - func: trace-artifacts + - func: generate-ssdlc-report + - name: validate-apidocs commands: - func: install-dotnet @@ -2663,3 +2692,15 @@ buildvariants: - name: build-packages variant: ".build-packages" ## add dependency onto packages smoke test once it implemented + +- matrix_name: ssdlc-reports + matrix_spec: + os: "ubuntu-2004" + display_name: "SSDLC Reports" + tags: ["release-tag"] + tasks: + - name: generate-ssdlc-reports + git_tag_only: true + depends_on: + - name: push-packages-nuget + variant: ".push-packages" \ No newline at end of file diff --git a/evergreen/generate-ssdlc-report.sh b/evergreen/generate-ssdlc-report.sh new file mode 100644 index 00000000000..e28a8958dc1 --- /dev/null +++ b/evergreen/generate-ssdlc-report.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -o errexit # Exit the script with error if any of the commands fail + +# Environment variables used as input: +# PRODUCT_NAME +# PACKAGE_VERSION +# github_commit + +echo "$PRODUCT_NAME" +echo "$PACKAGE_VERSION" +echo "$github_commit" + +echo "Creating SSDLC reports" + +declare -r SSDLC_PATH="./artifacts/ssdlc" +mkdir -p "${SSDLC_PATH}" + +echo "Creating SSDLC compliance report" +declare -r TEMPLATE_SSDLC_REPORT_PATH="./evergreen/template_ssdlc_compliance_report.md" +declare -r SSDLC_REPORT_PATH="${SSDLC_PATH}/ssdlc_compliance_report.md" +cp "${TEMPLATE_SSDLC_REPORT_PATH}" "${SSDLC_REPORT_PATH}" + +declare -a SED_EDIT_IN_PLACE_OPTION +if [[ "$OSTYPE" == "darwin"* ]]; then + SED_EDIT_IN_PLACE_OPTION=(-i '') +else + SED_EDIT_IN_PLACE_OPTION=(-i) +fi +sed "${SED_EDIT_IN_PLACE_OPTION[@]}" \ + -e "s/\${PRODUCT_NAME}/${PRODUCT_NAME}/g" \ + -e "s/\${PACKAGE_VERSION}/$PACKAGE_VERSION/g" \ + -e "s/\${github_commit}/$github_commit/g" \ + -e "s/\${REPORT_DATE_UTC}/$(date -u +%Y-%m-%d)/g" \ + "${SSDLC_REPORT_PATH}" +ls "${SSDLC_REPORT_PATH}" \ No newline at end of file diff --git a/evergreen/template_ssdlc_compliance_report.md b/evergreen/template_ssdlc_compliance_report.md new file mode 100644 index 00000000000..8c882d89a0e --- /dev/null +++ b/evergreen/template_ssdlc_compliance_report.md @@ -0,0 +1,59 @@ +# ${PRODUCT_NAME} SSDLC compliance report + +This report is available +here. + + + + + + + + + + + + + + +
Product name${PRODUCT_NAME}
Product version${PACKAGE_VERSION}
Report date, UTC${REPORT_DATE_UTC}
+ +## Release creator + +This information is available in multiple ways: + + + + + + + + + + +
Evergreen + See the "Submitted by" field in Evergreen release patch. +
Papertrail + Refer to data in Papertrail. There is currently no official way to serve that data. +
+ +## Process document + +Blocked on . + +The MongoDB SSDLC policy is available at +. + +## Third-darty dependency information + +There are no dependencies to report vulnerabilities of. +Our [SBOM](https://docs.devprod.prod.corp.mongodb.com/mms/python/src/sbom/silkbomb/docs/CYCLONEDX/) lite +is . + +## Static analysis findings + +Coverity static analysis report is available here, under mongodb-csharp-driver project. + +## Signature information + +Blocked on .