chore(NODE-6033): sync release flows and add release-please files (#4106)

Author: nbbeeken

.github/actions/setup/action.yml

@@ -4,7 +4,7 @@ description: 'Installs node, driver dependencies, and builds source'
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: 'lts/*'
         cache: 'npm'

.github/workflows/build_docs.yml

@@ -18,14 +18,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: actions/setup
         uses: ./.github/actions/setup
       - run: sudo apt-get install hugo
       - name: Build Docs
         run: npm run build:docs -- --yes
       - name: Open Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v6
         with:
           title: 'docs: generate docs from latest main [skip-ci]'
           delete-branch: true

.github/workflows/dependencies.yml

@@ -13,7 +13,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: actions/setup
         uses: ./.github/actions/setup
       - run: npm run check:dependencies

.github/workflows/release-4.x.yml

@@ -15,20 +15,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: release
-        uses: google-github-actions/release-please-action@v3
+        uses: google-github-actions/release-please-action@v4
         with:
-          release-type: node
-          package-name: mongodb
-          # Example: chore(main): release 5.7.0 [skip-ci]
-          # ${scope} - parenthesis included, base branch name
-          pull-request-title-pattern: 'chore${scope}: release ${version} [skip-ci]'
-          pull-request-header: 'Please run the release_notes action before releasing to generate release highlights'
-          changelog-path: HISTORY.md
-          default-branch: 5.x
+          target-branch: 5.x
 
       # If release-please created a release, publish to npm
       - if: ${{ steps.release.outputs.release_created }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: ${{ steps.release.outputs.release_created }}
         name: actions/setup
         uses: ./.github/actions/setup

.github/workflows/release-5.x.yml

@@ -19,13 +19,13 @@ jobs:
     steps:
       - shell: bash
         run: |
-          ALPHA_SEMVER_REGEXP="-alpha(\.(0|[1-9][0-9]+))?$"
+          ALPHA_SEMVER_REGEXP="-alpha(\.([0-9]|[1-9][0-9]+))?$"
 
           if ! [[ "${{ inputs.alphaVersion }}" =~ $ALPHA_SEMVER_REGEXP ]]; then
             echo "Invalid alphaVersion string"
             exit 1
           fi
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: actions/setup
         uses: ./.github/actions/setup
       - run: npm version "${{ inputs.alphaVersion }}" --git-tag-version=false

.github/workflows/release-alpha.yml

@@ -1,10 +1,9 @@
 on:
-  # TODO: We can reenable cron when needed
-  # schedule:
-  #   # Timezone is UTC
-  #   # https://crontab.guru/#0_0_*_*_*
-  #   # At 00:00 every day.
-  #   - cron: '0 0 * * *'
+  schedule:
+    # Timezone is UTC
+    # https://crontab.guru/#0_0_*_*_*
+    # At 00:00 every day.
+    - cron: '0 0 * * *'
 
   # Allows us to manually trigger a nightly
   # Since npm prevents duplicate releases we can run this at any time
@@ -20,7 +19,7 @@ jobs:
   release-nightly:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: actions/setup
         uses: ./.github/actions/setup
       - id: build_nightly

.github/workflows/release-nightly.yml

@@ -15,20 +15,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: release
-        uses: google-github-actions/release-please-action@v3
-        with:
-          release-type: node
-          package-name: mongodb
-          # Example: chore(main): release 5.7.0 [skip-ci]
-          # ${scope} - parenthesis included, base branch name
-          pull-request-title-pattern: 'chore${scope}: release ${version} [skip-ci]'
-          pull-request-header: 'Please run the release_notes action before releasing to generate release highlights'
-          changelog-path: HISTORY.md
-          default-branch: main
+        uses: google-github-actions/release-please-action@v4
 
       # If release-please created a release, publish to npm
       - if: ${{ steps.release.outputs.release_created }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - if: ${{ steps.release.outputs.release_created }}
         name: actions/setup
         uses: ./.github/actions/setup

.github/workflows/release.yml

@@ -7,13 +7,44 @@ on:
         description: 'Enter release PR number'
         required: true
         type: number
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   release_notes:
     runs-on: ubuntu-latest
+    # Run only if dispatched or comment on a pull request
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && github.event.issue.pull_request && github.event.comment.body == 'run release_notes') }}
     steps:
-      - uses: actions/checkout@v3
+      # Determine if the triggering_actor is allowed to run this action
+      # We only permit maintainers
+      # Not only is 'triggering_actor' common between the trigger events it will also change if someone re-runs an old job
+      - name: check if triggering_actor is allowed to generate notes
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          COMMENTER: ${{ github.triggering_actor && github.triggering_actor || 'empty_triggering_actor' }}
+          API_ENDPOINT: /repos/${{ github.repository }}/collaborators?permission=maintain
+        shell: bash
+        run: |
+          if [ $COMMENTER = "empty_triggering_actor" ]; then exit 1; fi
+          set -o pipefail
+          if gh api "$API_ENDPOINT" --paginate --jq ".[].login" | grep -q "^$COMMENTER\$"; then
+            echo "$COMMENTER permitted to trigger notes!" && exit 0
+          else
+            echo "$COMMENTER not permitted to trigger notes" && exit 1
+          fi
+
+      # checkout the HEAD ref from prNumber
+      - uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ github.event_name == 'issue_comment' && github.event.issue.number || inputs.releasePr }}/head
+
 
+      # Setup Node.js and npm install
       - name: actions/setup
         uses: ./.github/actions/setup
 
@@ -42,7 +73,7 @@ jobs:
           HIGHLIGHTS: ${{ steps.highlights.outputs.highlights }}
 
       # Update the release PR body
-      - run: gh pr edit ${{ inputs.releasePr }} --body-file ${{ steps.release_notes.outputs.release_notes_path }}
+      - run: gh pr edit ${{ github.event_name == 'issue_comment' && github.event.issue.number || inputs.releasePr }} --body-file ${{ steps.release_notes.outputs.release_notes_path }}
         shell: bash
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/release_notes.yml

@@ -0,0 +1,3 @@
+{
+  ".": "5.9.2"
+}

.release-please-manifest.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "pull-request-title-pattern": "chore${scope}: release ${version} [skip-ci]",
+  "pull-request-header": "Please run the release_notes action before releasing to generate release highlights",
+  "packages": {
+    ".": {
+      "include-component-in-tag": false,
+      "changelog-path": "HISTORY.md",
+      "release-type": "node",
+      "bump-minor-pre-major": false,
+      "bump-patch-for-minor-pre-major": false,
+      "draft": false,
+      "prerelease": false
+    }
+  }
+}