Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(NODE-6118): generate authorized publisher report and compliance report #4156

Merged
merged 7 commits into from
Jun 24, 2024
Merged

chore(NODE-6118): generate authorized publisher report and compliance report #4156

merged 7 commits into from
Jun 24, 2024

Conversation

baileympearson
Copy link
Contributor

@baileympearson baileympearson commented Jun 20, 2024
edited
Loading

Description

What is changing?

Authorized publisher reports and compliance reports are generated during the main and 5.x releases.

Example successful CI run: https://github.com/mongodb/node-mongodb-native/actions/workflows/release.yml

Here's an example authorized publisher report:

Product: node-mongodb-native
Version: 
Releaser: Bailey Pearson
Build Source: GitHub Actions
Build Number: 9600830984
Filename: mongodb-6.7.0.tgz
Shasum: 41d7f96711c3b309201b850162e484c08f[79](https://github.com/mongodb/node-mongodb-native/actions/runs/9600830984/job/26478024665#step:7:81)cb008b96ebdfc177ecae0f43edb0
Filename: mongodb-6.7.0.tgz.sig
Shasum: fea5d7a0ae385b7186faac73f49732a89d14d3[80](https://github.com/mongodb/node-mongodb-native/actions/runs/9600830984/job/26478024665#step:7:82)b5e83d507fb74675ca7b7023

Here's an example compliance report:

Release Creator
Bailey Pearson

Tool used to track third party vulnerabilities
Silk

Third-Party Dependency Information
See sbom.json

Static Analysis Findings
See sarif-report.json

Signature Information
See authorized-publication.txt

Security Report
See https://github.com/mongodb/node-mongodb-native/blob/6.7.0/tbd

Known Vulnerabilities
Any vulnerabilities that may be shown in the files referenced above have been reviewed and accepted by the appropriate approvers.
Is there new documentation needed for these changes?

What is the motivation for this change?

Release Highlight

Fill in title or leave empty for no highlight

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@baileympearson baileympearson changed the title authorized-publisher-compliance-report chore(NODE-6118): generate authorized publisher report and compliance report Jun 20, 2024
@baileympearson baileympearson marked this pull request as ready for review June 20, 2024 16:29
@aditi-khare-mongoDB aditi-khare-mongoDB self-requested a review June 20, 2024 18:01
@aditi-khare-mongoDB aditi-khare-mongoDB self-assigned this Jun 20, 2024
@aditi-khare-mongoDB aditi-khare-mongoDB added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label Jun 20, 2024
aditi-khare-mongoDB
aditi-khare-mongoDB previously approved these changes Jun 20, 2024
View reviewed changes
Copy link
Contributor

@aditi-khare-mongoDB aditi-khare-mongoDB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, dry_run vars also looks good, moving to team review.

@aditi-khare-mongoDB aditi-khare-mongoDB added Team Review Needs review from team and removed Primary Review In Review with primary reviewer, not yet ready for team's eyes labels Jun 20, 2024
@baileympearson baileympearson mentioned this pull request Jun 20, 2024
Closed
5 tasks
nbbeeken
nbbeeken previously approved these changes Jun 24, 2024
View reviewed changes
@baileympearson baileympearson merged commit 27cb35b into main Jun 24, 2024
17 of 29 checks passed
@baileympearson baileympearson deleted the authorized-publisher-compliance-report branch June 24, 2024 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbbeeken nbbeeken nbbeeken approved these changes

@durran durran durran approved these changes

@aditi-khare-mongoDB aditi-khare-mongoDB Awaiting requested review from aditi-khare-mongoDB

Assignees

@aditi-khare-mongoDB aditi-khare-mongoDB

Labels
Team Review Needs review from team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@baileympearson @durran @nbbeeken @aditi-khare-mongoDB