Skip to content

Update release refs for 8.0-stable #6051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 8.0-stable
Choose a base branch
from
Open

Update release refs for 8.0-stable #6051

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ on:
required: true

env:
SILK_ASSET_GROUP: mongoid
GEM_NAME: mongoid
PRODUCT_NAME: Mongoid
PRODUCT_ID: mongoid
Expand Down Expand Up @@ -47,7 +46,7 @@ jobs:
steps:
- name: "Run the check action"
id: check
uses: jamis/drivers-github-tools/ruby/pr-check@ruby-3643-update-release-process
uses: mongodb-labs/drivers-github-tools/ruby/pr-check@v3
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For supply-chain safety, pin actions to an immutable commit SHA rather than a floating tag. Consider updating to something like uses: mongodb-labs/drivers-github-tools/ruby/pr-check@ and documenting the process to bump SHAs when upgrading.

Suggested change
uses: mongodb-labs/drivers-github-tools/ruby/pr-check@v3
# Pin to a specific commit SHA for supply-chain safety. To upgrade, update the SHA below to the latest for v3: https://github.com/mongodb-labs/drivers-github-tools/commits/v3
uses: mongodb-labs/drivers-github-tools/ruby/pr-check@c0ffee1234567890abcdef1234567890abcdef12

Copilot uses AI. Check for mistakes.


build:
name: "Build Gems"
Expand All @@ -56,7 +55,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Run the build action"
uses: jamis/drivers-github-tools/ruby/build@ruby-3643-update-release-process
uses: mongodb-labs/drivers-github-tools/ruby/build@v3
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pin this action to a specific commit SHA instead of the v3 tag to mitigate the risk of a compromised or re-tagged action. Example: uses: mongodb-labs/drivers-github-tools/ruby/build@.

Suggested change
uses: mongodb-labs/drivers-github-tools/ruby/build@v3
uses: mongodb-labs/drivers-github-tools/ruby/build@a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Copilot uses AI. Check for mistakes.

with:
app_id: ${{ vars.APP_ID }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
Expand All @@ -72,7 +71,7 @@ jobs:
runs-on: 'ubuntu-latest'
steps:
- name: "Run the publish action"
uses: jamis/drivers-github-tools/ruby/publish@ruby-3643-update-release-process
uses: mongodb-labs/drivers-github-tools/ruby/publish@v3
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly, pin the publish action to a commit SHA (e.g., uses: mongodb-labs/drivers-github-tools/ruby/publish@) rather than a mutable major tag.

Suggested change
uses: mongodb-labs/drivers-github-tools/ruby/publish@v3
uses: mongodb-labs/drivers-github-tools/ruby/publish@<commit-sha-for-v3>

Copilot uses AI. Check for mistakes.

with:
app_id: ${{ vars.APP_ID }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
Expand All @@ -84,5 +83,4 @@ jobs:
product_name: ${{ env.PRODUCT_NAME }}
product_id: ${{ env.PRODUCT_ID }}
release_message: ${{ needs.check.outputs.message }}
silk_asset_group: ${{ env.SILK_ASSET_GROUP }}
ref: ${{ needs.check.outputs.ref }}
Comment on lines 83 to 86
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The silk_asset_group input and SILK_ASSET_GROUP env were removed in this PR. If internal release runbooks or docs referenced these, please update them to reflect the new v3 publish action interface.

Copilot uses AI. Check for mistakes.

Loading