chore: instead of running the whole pipeline again, only allow drafts when main is green already

[kmruiz]

Description

Checklist

• New tests and/or benchmarks are included.
• Documentation is changed or added.
• Changelog is updated accordingly.
• I have signed the MongoDB Contributor License Agreement (https://www.mongodb.com/legal/contributor-agreement).

Open Questions

[github-actions]

Coverage Report

Overall Project	87.83%	✅

There is no coverage information present for the Files changed

[himanshusinghs]

I think its a good idea but there is one thing this might miss, last minute dependency problem creeps (we saw that being quite common in compass repo). Something we should be aware of.

[kmruiz]

We are using fixed versions, it shouldn't happen right?

[himanshusinghs]

Yea so I wanted to mention that our fixed version might get identified for a vuln at some point?

[kmruiz]

Ah true, this might happen for sure. So what we can do is, whenever we generate the SBOM (we are not doing it yet but it's planned), do it also before releasing and after checking main is green. So we don't need to run the whole suite but we verify that our deps don't have any important CVE.

[himanshusinghs]

That sounds like a plan 👍