From 9a35cf900e920e11f7c58100d137308646bdb94e Mon Sep 17 00:00:00 2001 From: BorisDog Date: Mon, 3 Jun 2024 15:56:01 -0700 Subject: [PATCH 1/3] CSHARP-5095: Generate ssdlc_compliance_report.md --- evergreen/evergreen.yml | 37 ++++++++++++ evergreen/generate-ssdlc-report.sh | 35 +++++++++++ evergreen/template_ssdlc_compliance_report.md | 59 +++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 evergreen/generate-ssdlc-report.sh create mode 100644 evergreen/template_ssdlc_compliance_report.md diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index c86fea85ed8..8c0ed313179 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -237,6 +237,32 @@ functions: params: file: mo-expansion.yml + generate-ssdlc-report: + - command: shell.exec + params: + working_dir: "mongo-csharp-driver" + env: + PRODUCT_NAME: "mongo-csharp-driver" + github_commit: ${github_commit} + script: | + ${PREPARE_SHELL} + ./evergreen/generate-ssdlc-report.sh + - command: ec2.assume_role + params: + role_arn: ${UPLOAD_SSDLC_RELEASE_ASSETS_ROLE_ARN} + - command: s3.put + params: + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} + local_file: ./mongo-csharp-driver/artifacts/ssdlc/ssdlc_compliance_report.md + remote_file: mongo-csharp-driver/${PACKAGE_VERSION}/ssdlc_compliance_report.md + bucket: csharp-driver-release-assets + region: us-west-2 + permissions: private + content_type: text/markdown + display_name: ssdlc_compliance_report.md + ocsp-bootstrap-mongo-orchestration: - command: shell.exec params: @@ -1824,6 +1850,10 @@ tasks: - func: install-dotnet - func: build-apidocs + - name: generate-ssdlc-report + commands: + - func: generate-ssdlc-report + axes: - id: version display_name: MongoDB Version @@ -2663,3 +2693,10 @@ buildvariants: - name: build-packages variant: ".build-packages" ## add dependency onto packages smoke test once it implemented + +- matrix_name: ssdlc-report + matrix_spec: + os: "ubuntu-2004" + display_name: "SSDLC" + tasks: + - name: generate-ssdlc-report \ No newline at end of file diff --git a/evergreen/generate-ssdlc-report.sh b/evergreen/generate-ssdlc-report.sh new file mode 100644 index 00000000000..e28a8958dc1 --- /dev/null +++ b/evergreen/generate-ssdlc-report.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -o errexit # Exit the script with error if any of the commands fail + +# Environment variables used as input: +# PRODUCT_NAME +# PACKAGE_VERSION +# github_commit + +echo "$PRODUCT_NAME" +echo "$PACKAGE_VERSION" +echo "$github_commit" + +echo "Creating SSDLC reports" + +declare -r SSDLC_PATH="./artifacts/ssdlc" +mkdir -p "${SSDLC_PATH}" + +echo "Creating SSDLC compliance report" +declare -r TEMPLATE_SSDLC_REPORT_PATH="./evergreen/template_ssdlc_compliance_report.md" +declare -r SSDLC_REPORT_PATH="${SSDLC_PATH}/ssdlc_compliance_report.md" +cp "${TEMPLATE_SSDLC_REPORT_PATH}" "${SSDLC_REPORT_PATH}" + +declare -a SED_EDIT_IN_PLACE_OPTION +if [[ "$OSTYPE" == "darwin"* ]]; then + SED_EDIT_IN_PLACE_OPTION=(-i '') +else + SED_EDIT_IN_PLACE_OPTION=(-i) +fi +sed "${SED_EDIT_IN_PLACE_OPTION[@]}" \ + -e "s/\${PRODUCT_NAME}/${PRODUCT_NAME}/g" \ + -e "s/\${PACKAGE_VERSION}/$PACKAGE_VERSION/g" \ + -e "s/\${github_commit}/$github_commit/g" \ + -e "s/\${REPORT_DATE_UTC}/$(date -u +%Y-%m-%d)/g" \ + "${SSDLC_REPORT_PATH}" +ls "${SSDLC_REPORT_PATH}" \ No newline at end of file diff --git a/evergreen/template_ssdlc_compliance_report.md b/evergreen/template_ssdlc_compliance_report.md new file mode 100644 index 00000000000..8c882d89a0e --- /dev/null +++ b/evergreen/template_ssdlc_compliance_report.md @@ -0,0 +1,59 @@ +# ${PRODUCT_NAME} SSDLC compliance report + +This report is available +here. + + + + + + + + + + + + + + +
Product name${PRODUCT_NAME}
Product version${PACKAGE_VERSION}
Report date, UTC${REPORT_DATE_UTC}
+ +## Release creator + +This information is available in multiple ways: + + + + + + + + + + +
Evergreen + See the "Submitted by" field in Evergreen release patch. +
Papertrail + Refer to data in Papertrail. There is currently no official way to serve that data. +
+ +## Process document + +Blocked on . + +The MongoDB SSDLC policy is available at +. + +## Third-darty dependency information + +There are no dependencies to report vulnerabilities of. +Our [SBOM](https://docs.devprod.prod.corp.mongodb.com/mms/python/src/sbom/silkbomb/docs/CYCLONEDX/) lite +is . + +## Static analysis findings + +Coverity static analysis report is available here, under mongodb-csharp-driver project. + +## Signature information + +Blocked on . From 5f3d30973fb567000e3dad3a0e15907c0e82a0a8 Mon Sep 17 00:00:00 2001 From: BorisDog Date: Tue, 4 Jun 2024 16:28:00 -0700 Subject: [PATCH 2/3] - EG update --- evergreen/evergreen.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index 8c0ed313179..68b1b119306 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -890,7 +890,7 @@ functions: params: key_id: ${papertrail_key_id} secret_key: ${papertrail_secret_key} - product: ${PRODUCT_NAME} + product: "mongo-csharp-driver" version: ${PACKAGE_VERSION} filenames: - "mongo-csharp-driver/artifacts/nuget/MongoDB.Bson.${PACKAGE_VERSION}.nupkg" @@ -1826,9 +1826,6 @@ tasks: vars: PACKAGES_SOURCE: "https://api.nuget.org/v3/index.json" PACKAGES_SOURCE_KEY: ${nuget_api_key} - - func: trace-artifacts - vars: - PRODUCT_NAME: "mongo-csharp-driver" - name: push-packages-myget commands: @@ -1845,6 +1842,12 @@ tasks: - func: build-apidocs - func: upload-apidocs + - name: generate-ssdlc-reports + commands: + - func: download-packages + - func: trace-artifacts + - func: generate-ssdlc-report + - name: validate-apidocs commands: - func: install-dotnet @@ -2694,9 +2697,13 @@ buildvariants: variant: ".build-packages" ## add dependency onto packages smoke test once it implemented -- matrix_name: ssdlc-report +- matrix_name: ssdlc-reports matrix_spec: os: "ubuntu-2004" - display_name: "SSDLC" + display_name: "SSDLC Reports" + tags: ["release-tag"] tasks: - - name: generate-ssdlc-report \ No newline at end of file + - name: generate-ssdlc-reports + depends_on: + - name: push-packages-nuget + variant: ".push-packages-nuget" \ No newline at end of file From 0b7e08decd872efe3b840781e5171cc217082100 Mon Sep 17 00:00:00 2001 From: BorisDog Date: Wed, 5 Jun 2024 10:54:30 -0700 Subject: [PATCH 3/3] - PR comments --- evergreen/evergreen.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index 68b1b119306..893b67d47af 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -1853,10 +1853,6 @@ tasks: - func: install-dotnet - func: build-apidocs - - name: generate-ssdlc-report - commands: - - func: generate-ssdlc-report - axes: - id: version display_name: MongoDB Version @@ -2704,6 +2700,7 @@ buildvariants: tags: ["release-tag"] tasks: - name: generate-ssdlc-reports + git_tag_only: true depends_on: - name: push-packages-nuget - variant: ".push-packages-nuget" \ No newline at end of file + variant: ".push-packages" \ No newline at end of file