From 338729bdabc29ef11226a4264d4c56c16a68f776 Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Thu, 29 Jan 2026 13:23:47 -0800 Subject: [PATCH 1/6] Fix github release note diff --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 005ac768f3b..029349cb1fc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -121,6 +121,8 @@ jobs: - name: "Create draft release with generated changelog" run: | + # Get the latest tag in this repository + LATEST_TAG=$(git describe --tags --abbrev=0) if [[ "${{ inputs.version }}" =~ (alpha|beta|rc) ]]; then PRERELEASE="--prerelease --latest=false" fi @@ -130,6 +132,7 @@ jobs: --target ${{ env.RELEASE_BRANCH }} \ --title "Java Driver ${{ env.RELEASE_VERSION }} ($(date '+%B %d, %Y'))" \ --generate-notes \ + --notes-start-tag ${LATEST_TAG} \ --draft\ )" >> "$GITHUB_ENV" From eee55d30fd256a8c698a759d52147aa9c4be0604 Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Thu, 29 Jan 2026 13:32:31 -0800 Subject: [PATCH 2/6] remove config files --- .github/workflows/release.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 029349cb1fc..b1e4c17be28 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,10 +24,6 @@ jobs: - name: "Create release output" run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY - - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 - with: - app_id: ${{ vars.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - name: "Store version numbers in env variables" # The awk command to increase the version number was copied from From 31ccd27dc4dbbf517c74980c381b61e348b1820e Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Fri, 6 Feb 2026 11:18:48 -0800 Subject: [PATCH 3/6] updtaes to release yml --- .github/workflows/release.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b1e4c17be28..bb765b44eab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,16 @@ jobs: contents: write steps: + - name: "Checkout repository" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: "Store current tag in environment variable" + # Store current tag before creating new tag + run: echo "CURRENT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV + - name: "Create release output" run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY @@ -117,8 +127,6 @@ jobs: - name: "Create draft release with generated changelog" run: | - # Get the latest tag in this repository - LATEST_TAG=$(git describe --tags --abbrev=0) if [[ "${{ inputs.version }}" =~ (alpha|beta|rc) ]]; then PRERELEASE="--prerelease --latest=false" fi @@ -128,7 +136,7 @@ jobs: --target ${{ env.RELEASE_BRANCH }} \ --title "Java Driver ${{ env.RELEASE_VERSION }} ($(date '+%B %d, %Y'))" \ --generate-notes \ - --notes-start-tag ${LATEST_TAG} \ + --notes-start-tag "$CURRENT_TAG" \ --draft\ )" >> "$GITHUB_ENV" From 7814ee98001b729ab5f70d41372ea4b5a2850cec Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Fri, 6 Feb 2026 11:28:45 -0800 Subject: [PATCH 4/6] Revisions to release yml --- .github/workflows/release.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bb765b44eab..55dcf2c3aa4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,19 +21,14 @@ jobs: contents: write steps: - - name: "Checkout repository" - uses: actions/checkout@v4 - with: - fetch-depth: 0 - fetch-tags: true - - - name: "Store current tag in environment variable" - # Store current tag before creating new tag - run: echo "CURRENT_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV - - name: "Create release output" run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY - + + - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + fetch-depth: 0 - name: "Store version numbers in env variables" # The awk command to increase the version number was copied from @@ -49,6 +44,7 @@ jobs: # Example: 5.2.0 => 5.2.x # Example: 5.2.0-beta1 => run: | + echo CURRENT_TAG=$(git describe --tags --abbrev=0) >> $GITHUB_ENV echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV echo RELEASE_VERSION_WITHOUT_SUFFIX=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV if [[ "${{ inputs.version }}" =~ (alpha|beta|rc)[0-9]+$ ]]; then @@ -136,7 +132,7 @@ jobs: --target ${{ env.RELEASE_BRANCH }} \ --title "Java Driver ${{ env.RELEASE_VERSION }} ($(date '+%B %d, %Y'))" \ --generate-notes \ - --notes-start-tag "$CURRENT_TAG" \ + --notes-start-tag "${{ env.CURRENT_TAG }}" \ --draft\ )" >> "$GITHUB_ENV" From 5b68b5b2bdd1c6171537d0b030bb0afdd8c79781 Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Mon, 18 May 2026 10:36:21 -0700 Subject: [PATCH 5/6] change current tag command in release yml to fix alpha/beta/rc diffs --- .github/workflows/release.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 55dcf2c3aa4..b521a73e6af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,11 @@ jobs: # Example: 5.2.0 => 5.2.x # Example: 5.2.0-beta1 => run: | - echo CURRENT_TAG=$(git describe --tags --abbrev=0) >> $GITHUB_ENV + echo CURRENT_TAG=$(git \ + -c versionsort.suffix=-alpha \ + -c versionsort.suffix=-beta \ + -c versionsort.suffix=-rc \ + tag --list 'r*' --sort=-v:refname | head -n 1) >> $GITHUB_ENV echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV echo RELEASE_VERSION_WITHOUT_SUFFIX=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV if [[ "${{ inputs.version }}" =~ (alpha|beta|rc)[0-9]+$ ]]; then From 61f89a921f394460a6177f59c7bf74eb429cdaf0 Mon Sep 17 00:00:00 2001 From: atandon2024 Date: Mon, 18 May 2026 13:55:10 -0700 Subject: [PATCH 6/6] fixed security injection semgrep --- .github/workflows/release.yml | 70 ++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b521a73e6af..3cddd45ac93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Create release output" - run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY + run: echo "🎬 Release process for version ${RELEASE_VERSION} started by @${GITHUB_TRIGGERING_ACTOR}" >> $GITHUB_STEP_SUMMARY - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 with: @@ -43,34 +43,36 @@ jobs: # RELEASE_BRANCH: The name of the stable branch for this release series # Example: 5.2.0 => 5.2.x # Example: 5.2.0-beta1 => + env: + INPUT_VERSION: ${{ inputs.version }} run: | echo CURRENT_TAG=$(git \ -c versionsort.suffix=-alpha \ -c versionsort.suffix=-beta \ -c versionsort.suffix=-rc \ tag --list 'r*' --sort=-v:refname | head -n 1) >> $GITHUB_ENV - echo RELEASE_VERSION=${{ inputs.version }} >> $GITHUB_ENV - echo RELEASE_VERSION_WITHOUT_SUFFIX=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV - if [[ "${{ inputs.version }}" =~ (alpha|beta|rc)[0-9]+$ ]]; then - echo NEXT_VERSION=$(echo ${{ inputs.version }} | awk -F- '{print $1}') >> $GITHUB_ENV - echo RELEASE_BRANCH=${{ github.ref_name }} >> $GITHUB_ENV + echo RELEASE_VERSION=${INPUT_VERSION} >> $GITHUB_ENV + echo RELEASE_VERSION_WITHOUT_SUFFIX=$(echo ${INPUT_VERSION} | awk -F- '{print $1}') >> $GITHUB_ENV + if [[ "${INPUT_VERSION}" =~ (alpha|beta|rc)[0-9]+$ ]]; then + echo NEXT_VERSION=$(echo ${INPUT_VERSION} | awk -F- '{print $1}') >> $GITHUB_ENV + echo RELEASE_BRANCH=${GITHUB_REF_NAME} >> $GITHUB_ENV else - echo NEXT_VERSION=$(echo ${{ inputs.version }} | awk -F. -v OFS=. '{$NF += 1 ; print}') >> $GITHUB_ENV - echo RELEASE_BRANCH=$(echo ${{ inputs.version }} | awk -F. -v OFS=. '{$NF = "x" ; print}') >> $GITHUB_ENV + echo NEXT_VERSION=$(echo ${INPUT_VERSION} | awk -F. -v OFS=. '{$NF += 1 ; print}') >> $GITHUB_ENV + echo RELEASE_BRANCH=$(echo ${INPUT_VERSION} | awk -F. -v OFS=. '{$NF = "x" ; print}') >> $GITHUB_ENV fi - name: "Ensure current snapshot version matches release version" run: | - grep -q "version=${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}-SNAPSHOT" gradle.properties + grep -q "version=${RELEASE_VERSION_WITHOUT_SUFFIX}-SNAPSHOT" gradle.properties if [[ $? != 0 ]]; then - echo '❌ Release failed: version in gradle.properties is not a snapshot for release version ${{ inputs.version }}' >> $GITHUB_STEP_SUMMARY + echo "❌ Release failed: version in gradle.properties is not a snapshot for release version ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY exit 1 fi - name: "Ensure release tag does not already exist" run: | - if [[ $(git tag -l r${{ env.RELEASE_VERSION }}) == r${{ env.RELEASE_VERSION }} ]]; then - echo '❌ Release failed: tag for version ${{ inputs.version }} already exists' >> $GITHUB_STEP_SUMMARY + if [[ $(git tag -l r${RELEASE_VERSION}) == r${RELEASE_VERSION} ]]; then + echo "❌ Release failed: tag for version ${RELEASE_VERSION} already exists" >> $GITHUB_STEP_SUMMARY exit 1 fi @@ -80,7 +82,7 @@ jobs: - name: "Fail if patch release is created from wrong release branch" if: ${{ !endsWith(env.RELEASE_VERSION_WITHOUT_SUFFIX, '.0') && env.RELEASE_BRANCH != github.ref_name }} run: | - echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }}, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY + echo "❌ Release failed due to branch mismatch: expected ${RELEASE_VERSION} to be released from ${RELEASE_BRANCH}, got ${GITHUB_REF_NAME}" >> $GITHUB_STEP_SUMMARY exit 1 # For non-patch releases (A.B.C where C == 0), we expect the release to @@ -89,16 +91,18 @@ jobs: - name: "Fail if non-patch release is created from wrong release branch" if: ${{ endsWith(env.RELEASE_VERSION_WITHOUT_SUFFIX, '.0') && env.RELEASE_BRANCH != github.ref_name && github.ref_name != 'main' }} run: | - echo '❌ Release failed due to branch mismatch: expected ${{ inputs.version }} to be released from ${{ env.RELEASE_BRANCH }} or main, got ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY + echo "❌ Release failed due to branch mismatch: expected ${RELEASE_VERSION} to be released from ${RELEASE_BRANCH} or main, got ${GITHUB_REF_NAME}" >> $GITHUB_STEP_SUMMARY exit 1 # Set commit author information to the user that triggered the release workflow - name: "Set git author information" + env: + ACTOR: ${{ github.actor }} run: | - GITHUB_USER_NAME=$(gh api users/${{ github.actor }} --jq '.name') - GITHUB_USER_ID=$(gh api users/${{ github.actor }} --jq '.id') + GITHUB_USER_NAME=$(gh api users/${ACTOR} --jq '.name') + GITHUB_USER_ID=$(gh api users/${ACTOR} --jq '.id') git config user.name "${GITHUB_USER_NAME}" - git config user.email "${GITHUB_USER_ID}+${{ github.actor }}@users.noreply.github.com" + git config user.email "${GITHUB_USER_ID}+${ACTOR}@users.noreply.github.com" # If a non-patch release is created from a branch other than its # maintenance branch, create that branch from the current one and push it @@ -107,40 +111,40 @@ jobs: - name: "Create new release branch for non-patch release" if: ${{ endsWith(env.RELEASE_VERSION, '.0') && env.RELEASE_BRANCH != github.ref_name }} run: | - echo '🆕 Creating new release branch ${{ env.RELEASE_BRANCH }} from ${{ github.ref_name }}' >> $GITHUB_STEP_SUMMARY - git checkout -b ${{ env.RELEASE_BRANCH }} - NEXT_MINOR_VERSION=$(echo "${{ env.RELEASE_VERSION }}" | awk -F. -v OFS=. '{$2 += 1 ; $NF = 0 ; print}') - echo "➡️ Bumping version for ${{ github.ref_name }} branch to ${NEXT_MINOR_VERSION}" >> $GITHUB_STEP_SUMMARY - git checkout ${{ github.ref_name }} - .github/workflows/bump-version.sh "${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}-SNAPSHOT" "${NEXT_MINOR_VERSION}-SNAPSHOT" - git push origin ${{ github.ref_name }} - git checkout ${{ env.RELEASE_BRANCH }} + echo "🆕 Creating new release branch ${RELEASE_BRANCH} from ${GITHUB_REF_NAME}" >> $GITHUB_STEP_SUMMARY + git checkout -b ${RELEASE_BRANCH} + NEXT_MINOR_VERSION=$(echo "${RELEASE_VERSION}" | awk -F. -v OFS=. '{$2 += 1 ; $NF = 0 ; print}') + echo "➡️ Bumping version for ${GITHUB_REF_NAME} branch to ${NEXT_MINOR_VERSION}" >> $GITHUB_STEP_SUMMARY + git checkout ${GITHUB_REF_NAME} + .github/workflows/bump-version.sh "${RELEASE_VERSION_WITHOUT_SUFFIX}-SNAPSHOT" "${NEXT_MINOR_VERSION}-SNAPSHOT" + git push origin ${GITHUB_REF_NAME} + git checkout ${RELEASE_BRANCH} # This step bumps version numbers in gradle.properties and creates git artifacts for the release - name: "Bump version numbers and create release tag" - run: .github/workflows/bump-and-tag.sh "${{ env.RELEASE_VERSION_WITHOUT_SUFFIX }}" "${{ env.RELEASE_VERSION }}" "${{ env.NEXT_VERSION }}" + run: .github/workflows/bump-and-tag.sh "${RELEASE_VERSION_WITHOUT_SUFFIX}" "${RELEASE_VERSION}" "${NEXT_VERSION}" - name: "Push release branch and tag" run: | - git push origin ${{ env.RELEASE_BRANCH }} - git push origin r${{ env.RELEASE_VERSION }} + git push origin ${RELEASE_BRANCH} + git push origin r${RELEASE_VERSION} - name: "Create draft release with generated changelog" run: | - if [[ "${{ inputs.version }}" =~ (alpha|beta|rc) ]]; then + if [[ "${RELEASE_VERSION}" =~ (alpha|beta|rc) ]]; then PRERELEASE="--prerelease --latest=false" fi echo "RELEASE_URL=$(\ gh release create r${RELEASE_VERSION} \ ${PRERELEASE} \ - --target ${{ env.RELEASE_BRANCH }} \ - --title "Java Driver ${{ env.RELEASE_VERSION }} ($(date '+%B %d, %Y'))" \ + --target ${RELEASE_BRANCH} \ + --title "Java Driver ${RELEASE_VERSION} ($(date '+%B %d, %Y'))" \ --generate-notes \ - --notes-start-tag "${{ env.CURRENT_TAG }}" \ + --notes-start-tag "${CURRENT_TAG}" \ --draft\ )" >> "$GITHUB_ENV" - name: "Set summary" run: | - echo '🚀 Created tag and drafted release for version [${{ env.RELEASE_VERSION }}](${{ env.RELEASE_URL }})' >> $GITHUB_STEP_SUMMARY + echo "🚀 Created tag and drafted release for version [${RELEASE_VERSION}](${RELEASE_URL})" >> $GITHUB_STEP_SUMMARY echo '✍️ You may now update the release notes and publish the release when ready' >> $GITHUB_STEP_SUMMARY