chore(ci): create static analysis report as part of CI COMPASS-7909 (#…

…5870)

Based on mongodb-js/mongosh@37d1a24

.evergreen/connectivity-tests/Dockerfile

@@ -1,5 +1,5 @@
 # "bullseye" is the debian distribution that ubuntu:20.04 is based on
-FROM node:16-bullseye
+FROM node:18-bullseye
 
 COPY .evergreen/connectivity-tests/krb5.conf /etc/krb5.conf
 
@@ -19,7 +19,7 @@ ENV COMPASS_RUN_DOCKER_TESTS="true"
 COPY . /compass-monorepo-root
 WORKDIR /compass-monorepo-root
 
-RUN npm i -g npm@8
+RUN npm i -g npm@10.2.4
 RUN npm run bootstrap-ci
 
 CMD ["bash", ".evergreen/connectivity-tests/entrypoint.sh"]

.evergreen/create-static-analysis-report.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+set -x
+
+npm run create-static-analysis-report
+(cd .sbom && tar czvf ../static-analysis-report.tgz codeql.md codeql.sarif.json)

.evergreen/functions.yml

@@ -429,6 +429,21 @@ functions:
           set -e
 
           .evergreen/create-sbom.sh
+    - command: shell.exec
+      params:
+        working_dir: src
+        shell: bash
+        env:
+          <<: *compass-env
+          DEBUG: ${debug}
+          npm_config_loglevel: ${npm_loglevel}
+          GITHUB_TOKEN: ${devtoolsbot_github_token}
+          GITHUB_PR_NUMBER: ${github_pr_number}
+        script: |
+          set -e
+          # Load environment variables
+          eval $(.evergreen/print-compass-env.sh)
+          .evergreen/create-static-analysis-report.sh
 
   publish:
     - command: shell.exec
@@ -785,6 +800,13 @@ functions:
         remote_file: ${project}/${revision}_${revision_order_id}/${task_id}/sbom.json
         content_type: application/json
         optional: true
+    - command: s3.put
+      params:
+        <<: *save-artifact-params-private
+        local_file: src/static-analysis-report.tgz
+        remote_file: ${project}/${revision}_${revision_order_id}/${task_id}/static-analysis-report.tgz
+        content_type: application/x-gzip
+        optional: true
 
   get-all-artifacts:
     - command: shell.exec