From d2aaf1c8e8efd240aebe45a7ae73000ca63f7850 Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Wed, 26 Jun 2024 14:37:43 -0600
Subject: [PATCH] add build.yml action

---
 .github/workflows/build.yml   | 16 ++++++++++++++++
 .github/workflows/release.yml | 29 +++++++++++++++++++++++------
 2 files changed, 39 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..3c601ae
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,16 @@
+on:
+  workflow_call: {}
+
+name: Build
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "nothing to do."
+        shell: bash
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f3f016c..e03dc23 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,8 +21,13 @@ jobs:
         with:
           target-branch: main
 
-  ssdlc:
+  build:
     needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
     permissions:
       # required for all workflows
       security-events: write
@@ -35,12 +40,16 @@ jobs:
 
       - name: Install Node and dependencies
         uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node
+        with:
+          ignore_install_scripts: false
 
       - name: Load version and package info
         uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node
+        with:
+          npm_package_name: mongodb-legacy
 
       - name: actions/compress_sign_and_upload
-        uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node
+        uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: us-east-1
@@ -50,8 +59,17 @@ jobs:
 
       - name: Copy sbom file to release assets
         shell: bash
+        if: ${{ '' == '' }}
         run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
 
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ '' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v2
+        with:
+          silk_asset_group: ''
+          sbom_file_name: sbom.json
+
       - name: Generate authorized pub report
         uses: mongodb-labs/drivers-github-tools/full-report@v2
         with:
@@ -59,9 +77,8 @@ jobs:
           product_name: mongodb-legacy
           sarif_report_target_ref: main
           third_party_dependency_tool: n/a
-          # <package> and <package>.sig
-          dist_filenames: ${{ env.package_file }}*
-          token:  ${{ github.token }}
+          dist_filenames: artifacts/*
+          token: ${{ github.token }}
           sbom_file_name: sbom.json
 
       - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
@@ -71,7 +88,7 @@ jobs:
           dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
   publish:
-    needs: [release_please, ssdlc]
+    needs: [release_please, ssdlc, build]
     environment: release
     runs-on: ubuntu-latest
     steps: