SQL-2805: update odbc repo to use new shared test infra funcs

evergreen.yml

@@ -34,6 +34,8 @@ include:
     module: sql-engines-common-test-infra
   - filename: evergreen/configs/rust_util.yml
     module: sql-engines-common-test-infra
+  - filename: evergreen/configs/ssdlc_util.yml
+    module: sql-engines-common-test-infra
 
 variables:
 pre:
@@ -263,97 +265,6 @@ functions:
         bucket: mciuploads
         permissions: public-read
 
-  "scan SBOM":
-    - command: shell.exec
-      type: test
-      params:
-        shell: bash
-        working_dir: mongosql-odbc-driver
-        script: |
-          ${prepare_shell}
-
-          echo ">>>> Scan SBOM for vulnerabilities..."
-          if [[ "$ALLOW_VULNS" != "" ]]; then
-            echo "Vulnerability ids to ignore : $ALLOW_VULNS"
-
-            echo "-- Generate .grype.yaml specifying vulnerabilities to ignore --"
-            GRYPE_CONF_FILE=".grype.yaml"
-            touch $GRYPE_CONF_FILE
-            echo "ignore:" > $GRYPE_CONF_FILE
-
-            IFS=','; for VULN_ID in $ALLOW_VULNS; do
-              echo "Ignoring vulnerability with id $VULN_ID"
-              echo "    - vulnerability: $VULN_ID" >> $GRYPE_CONF_FILE
-            done
-            echo "------------------------------------"
-          fi
-
-          echo "-- Scanning dependency for vulnerabilities --"
-          ./$SBOM_DIR/grype sbom:$SBOM_LICENSES --fail-on low
-          echo "---------------------------------------------"
-          echo "<<<< Done scanning SBOM"
-
-  "generate compliance report":
-    - command: shell.exec
-      params:
-        shell: bash
-        working_dir: mongosql-odbc-driver
-        env:
-          IS_TAG_TRIGGERED: "${triggered_by_git_tag}"
-          AUTHOR: "${author}"
-          AUTHOR_EMAIL: "${author_email}"
-        script: |
-          ${prepare_shell}
-          echo "Author = $AUTHOR"
-          echo "Author email = $AUTHOR_EMAIL"
-          echo "Version = $release_version"
-          SBOM_URL="https://translators-connectors-releases.s3.amazonaws.com/mongosql-odbc-driver/mongosql-odbc-${release_version}.sbom.json"
-          SARIF_URL="https://translators-connectors-releases.s3.amazonaws.com/mongosql-odbc-driver/mongo-odbc-$release_version.sast.sarif"
-          echo "Sbom url = $SBOM_URL"
-          echo "Sarif Url = $SARIF_URL"
-
-          # Copy template
-          cp resources/ssdlc/mongo-odbc-driver_compliance_report_template.md $COMPLIANCE_REPORT_NAME
-
-          # Update the version
-          sed -i.bu "s,%VERSION%,$release_version,g" $COMPLIANCE_REPORT_NAME
-          # Update the SBOM link
-          sed -i.bu "s,%SBOM_URL%,$SBOM_URL,g" $COMPLIANCE_REPORT_NAME
-          # Update the SARIF link
-          sed -i.bu "s,%SARIF_URL%,$SARIF_URL,g" $COMPLIANCE_REPORT_NAME
-          # Update the author information
-          sed -i.bu "s,%AUTHOR%,$AUTHOR,g" $COMPLIANCE_REPORT_NAME
-          sed -i.bu "s,%AUTHOR_EMAIL%,$AUTHOR_EMAIL,g" $COMPLIANCE_REPORT_NAME
-    - command: s3.put
-      params:
-        aws_key: ${aws_key}
-        aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/${COMPLIANCE_REPORT_NAME}
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${COMPLIANCE_REPORT_NAME}
-        content_type: text/markdown
-        bucket: mciuploads
-        permissions: public-read
-
-  "publish compliance report":
-    - command: s3.get
-      params:
-        aws_key: ${aws_key}
-        aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/${COMPLIANCE_REPORT_NAME}
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${COMPLIANCE_REPORT_NAME}
-        content_type: text/markdown
-        bucket: mciuploads
-    - command: s3.put
-      params:
-        aws_key: ${release_aws_key}
-        aws_secret: ${release_aws_secret}
-        local_file: mongosql-odbc-driver/${COMPLIANCE_REPORT_NAME}
-        remote_file: mongosql-odbc-driver/mongosql-odbc-${release_version}-compliance-report.md
-        content_type: text/markdown
-        bucket: translators-connectors-releases
-        permissions: public-read
-        display_name: mongosql-odbc-${release_version}-compliance-report.md
-
   "augment SBOM":
     - command: ec2.assume_role
       display_name: Assume IAM role with permissions to pull Kondukto API token
@@ -388,40 +299,18 @@ functions:
           docker run -i --platform="linux/amd64" --rm -v "$PWD":/pwd \
           --env-file ${workdir}/kondukto_credentials.env \
           artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 \
-          augment --repo mongodb/mongo-odbc-driver --branch ${branch_name} --sbom-in /pwd/$SBOM_FINAL --sbom-out /pwd/mongo-odbc-driver.augmented.sbom.json --force
+          augment --repo mongodb/mongo-odbc-driver --branch ${branch_name} --sbom-in /pwd/$SBOM_FINAL --sbom-out /pwd/${AUGMENTED_SBOM_FILENAME} --force
           echo "-------------------------------"
-
     - command: s3.put
       params:
         aws_key: ${aws_key}
         aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/mongo-odbc-driver.augmented.sbom.json
+        local_file: mongosql-odbc-driver/${AUGMENTED_SBOM_FILENAME}
+        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${AUGMENTED_SBOM_FILENAME}
         content_type: application/json
         bucket: mciuploads
         permissions: public-read
 
-  "publish augmented SBOM":
-    - command: s3.get
-      params:
-        aws_key: ${aws_key}
-        aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/mongo-odbc-driver.augmented.sbom.json
-        content_type: application/json
-        bucket: mciuploads
-        permissions: public-read
-    - command: s3.put
-      params:
-        aws_key: ${release_aws_key}
-        aws_secret: ${release_aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/mongosql-odbc-${release_version}.sbom.json
-        bucket: translators-connectors-releases
-        content_type: application/json
-        permissions: public-read
-        display_name: mongosql-odbc-${release_version}.sbom.json
-
   "use latest mongosql version":
     - command: shell.exec
       type: test
@@ -663,8 +552,8 @@ functions:
       params:
         aws_key: ${aws_key}
         aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/mongo-odbc-driver.augmented.sbom.json
+        local_file: mongosql-odbc-driver/${AUGMENTED_SBOM_FILENAME}
+        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${AUGMENTED_SBOM_FILENAME}
         content_type: application/json
         bucket: mciuploads
         permissions: public-read
@@ -676,7 +565,7 @@ functions:
           ${prepare_shell}
 
           cp target/release/*.dll installer/msi
-          cp ./THIRD_PARTY_LICENSES.txt ./README.md ./mongo-odbc-driver.augmented.sbom.json installer/msi
+          cp ./THIRD_PARTY_LICENSES.txt ./README.md ./${AUGMENTED_SBOM_FILENAME} installer/msi
           cd installer/msi
           if [[ "$release_version" == "snapshot" ]]; then
               MINOR_VERSION="0.1"
@@ -703,8 +592,8 @@ functions:
       params:
         aws_key: ${aws_key}
         aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/mongo-odbc-driver.augmented.sbom.json
+        local_file: mongosql-odbc-driver/${AUGMENTED_SBOM_FILENAME}
+        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${AUGMENTED_SBOM_FILENAME}
         content_type: application/json
         bucket: mciuploads
         permissions: public-read
@@ -1037,8 +926,8 @@ functions:
       params:
         aws_key: ${aws_key}
         aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/mongo-odbc-driver.augmented.sbom.json
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/mongo-odbc-driver.augmented.sbom.json
+        local_file: mongosql-odbc-driver/${AUGMENTED_SBOM_FILENAME}
+        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${AUGMENTED_SBOM_FILENAME}
         content_type: application/json
         bucket: mciuploads
         permissions: public-read
@@ -1051,7 +940,7 @@ functions:
 
           mkdir -p release/mongoodbc/bin
           cp target/release/*.so release/mongoodbc/bin/
-          cp ./LICENSE ./README.md ./mongo-odbc-driver.augmented.sbom.json release/mongoodbc/
+          cp ./LICENSE ./README.md ./${AUGMENTED_SBOM_FILENAME} release/mongoodbc/
           cd release
           tar -czvf $UBUNTU_FILENAME mongoodbc/
 
@@ -1730,7 +1619,7 @@ functions:
         permissions: public-read
         content_type: application/octet-stream
         display_name: crash-dump-
-
+  
   "trace artifacts":
     - command: shell.exec
       params:
@@ -1826,67 +1715,6 @@ functions:
         permissions: public-read
         content_type: application/json
 
-  "generate static code analysis":
-    - command: shell.exec
-      type: test
-      params:
-        shell: bash
-        working_dir: mongosql-odbc-driver
-        script: |
-          ${prepare_shell}
-          export SEMGREP_APP_TOKEN=${semgrep_app_token}
-          echo "Running static code analysis with Semgrep..."
-
-          # Setup or use the existing virtualenv for semgrep
-          if [[ -f "venv/bin/activate" ]]; then
-              echo 'using existing virtualenv'
-              . venv/bin/activate
-          else
-              echo 'Creating new virtualenv'
-              python3 -m virtualenv venv
-              echo 'Activating new virtualenv'
-              . venv/bin/activate
-          fi
-          python3 -m pip install semgrep
-          # Confirm semgrep version
-          semgrep --version
-          set +e
-          semgrep --config p/rust --sarif --exclude "integration_test" --verbose --error --severity=ERROR --sarif-output=mongo-odbc-driver.sast.sarif > mongo-odbc-driver.sast.cmd.verbose.out 2>&1
-          SCAN_RESULT=$?
-          set -e
-          # Exit with a failure if the scan found an issue
-          exit $SCAN_RESULT
-    - command: s3.put
-      params:
-        aws_key: ${aws_key}
-        aws_secret: ${aws_secret}
-        local_files_include_filter:
-          - mongo-odbc-driver.sast.*
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/
-        content_type: text/plain
-        bucket: mciuploads
-        permissions: public-read
-
-  "publish static code analysis":
-    - command: s3.get
-      params:
-        aws_key: ${aws_key}
-        aws_secret: ${aws_secret}
-        local_file: mongosql-odbc-driver/${STATIC_CODE_ANALYSIS_NAME}
-        remote_file: mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${STATIC_CODE_ANALYSIS_NAME}
-        content_type: application/json
-        bucket: mciuploads
-    - command: s3.put
-      params:
-        aws_key: ${release_aws_key}
-        aws_secret: ${release_aws_secret}
-        local_file: mongosql-odbc-driver/${STATIC_CODE_ANALYSIS_NAME}
-        remote_file: mongosql-odbc-driver/mongo-odbc-${release_version}.sast.sarif
-        content_type: application/json
-        bucket: translators-connectors-releases
-        permissions: public-read
-        display_name: mongo-odbc-${release_version}.sast.sarif
-
 tasks:
   - name: make-odbc-docs
     depends_on:
@@ -2098,6 +1926,8 @@ tasks:
       - name: release
     commands:
       - func: "trace artifacts"
+        vars:
+          papertrail_product: "mongo-odbc-driver"
 
   - name: download-center-update
     git_tag_only: true
@@ -2138,6 +1968,11 @@ tasks:
       - func: "publish static code analysis"
       - func: "publish augmented SBOM"
       - func: "generate compliance report"
+        vars:
+          release_version: ${release_version}
+          repo_name: "mongo-odbc-driver"
+          repo_title: "Mongo ODBC Driver"
+          signing_title: "verify-integrity-of-mongodb-odbc-driver-packages"
       - func: "publish compliance report"
 
   - name: ssdlc-artifacts-snapshot
@@ -2153,6 +1988,11 @@ tasks:
       - func: "publish static code analysis"
       - func: "publish augmented SBOM"
       - func: "generate compliance report"
+        vars:
+          release_version: ${release_version}
+          repo_name: "mongo-odbc-driver"
+          repo_title: "Mongo ODBC Driver"
+          signing_title: "verify-integrity-of-mongodb-odbc-driver-packages"
       - func: "publish compliance report"
 
 task_groups:

evergreen/create-expansions.sh

@@ -23,8 +23,7 @@ export DUMP_FOLDER=dumps
 export LOCAL_DUMP_ORIGINAL_REG_VAL=local_dump_original_value.reg
 export MONGOODBC_DEBUGGING_INFO_ARCHIVE=crashDebuggingInfo
 export SCRIPT_FOLDER=resources
-export COMPLIANCE_REPORT_NAME="mongo-odbc-driver_compliance_report.md"
-export STATIC_CODE_ANALYSIS_NAME="mongo-odbc-driver.sast.sarif"
+export SBOM_DIR="sbom_tools"
 export FEATURE_FLAGS=""
 export PRODUCT_NAME="mongoodbc"
 export PATH_PREFIX=""
@@ -38,6 +37,11 @@ fi
 
 export MSI_FILENAME="$PRODUCT_NAME-$release_version.msi"
 export UBUNTU_FILENAME="$PRODUCT_NAME-$release_version.tar.gz"
+export COMPLIANCE_REPORT_NAME="mongosql-odbc-${release_version}-compliance-report.md"
+export STATIC_CODE_ANALYSIS_NAME="mongo-odbc-${release_version}.sast.sarif"
+export SBOM_LICENSES="mongo-odbc-driver.licenses.cdx.json"
+export AUGMENTED_SBOM_FILENAME="mongo-odbc-driver.augmented.sbom.json"
+export SBOM_FILENAME="mongosql-odbc-${release_version}.sbom.json"
 
 cat <<EOT >expansions.yml
 release_version: "$release_version"
@@ -59,6 +63,10 @@ script_dir: "$COMMON_TEST_INFRA_DIR/evergreen/scripts"
 working_dir: "mongosql-odbc-driver"
 MONGO_ORCHESTRATION_HOME: "$DRIVERS_TOOLS/.evergreen/orchestration"
 MONGODB_BINARIES: "$MONGODB_BINARIES"
+SBOM_DIR: "$SBOM_DIR"
+SBOM_LICENSES: "$SBOM_LICENSES"
+SBOM_FILENAME: "$SBOM_FILENAME"
+AUGMENTED_SBOM_FILENAME: "$AUGMENTED_SBOM_FILENAME"
 prepare_shell: |
   set -o errexit
   export release_version="$release_version"
@@ -89,8 +97,10 @@ prepare_shell: |
   export SRV_TEST_PWD="${srv_test_pwd}"
   export SCRIPT_FOLDER="$SCRIPT_FOLDER"
   export SCRIPT_DIR="$(pwd)/$SCRIPT_FOLDER"
-  export SBOM_DIR="sbom_tools"
-  export SBOM_LICENSES="mongo-odbc-driver.licenses.cdx.json"
+  export SBOM_DIR="$SBOM_DIR"
+  export SBOM_LICENSES="$SBOM_LICENSES"
+  export SBOM_FILENAME="$SBOM_FILENAME"
+  export AUGMENTED_SBOM_FILENAME="$AUGMENTED_SBOM_FILENAME"
   export SBOM_VULN="mongo-odbc-driver.merge.grype.cdx.json"
   export SBOM_FINAL="mongo-odbc-driver.full.cdx.json"
   export COMPLIANCE_REPORT_NAME="$COMPLIANCE_REPORT_NAME"