mongodb-js
diff --git a/‎.github/actions/setup/action.yml
-15 b/‎.github/actions/setup/action.yml
-15
diff --git a/‎.github/actions/sign_and_upload_package/action.yml
-71 b/‎.github/actions/sign_and_upload_package/action.yml
-71
diff --git a/‎.github/workflows/build.yml
+30-57 b/‎.github/workflows/build.yml
+30-57
diff --git a/‎.github/workflows/release.yml
+105 b/‎.github/workflows/release.yml
+105
@@ -1,9 +1,8 @@
 on:
-  push:
-    branches: [main]
   pull_request:
     branches: [main]
   workflow_dispatch: {}
+  workflow_call: {}
 
 name: Build and Test
 
@@ -16,7 +15,8 @@ jobs:
   host_builds:
     strategy:
       matrix:
-        os: [macos-latest, windows-2019]
+        # os: [macos-latest, windows-2019]
+        os: [macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -39,62 +39,35 @@ jobs:
           retention-days: 1
           compression-level: 0
 
-  container_builds:
-    outputs:
-      artifact_id: ${{ steps.upload.outputs.artifact-id }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        linux_arch: [s390x, arm64, amd64]
-    steps:
-      - uses: actions/checkout@v4
+  # container_builds:
+  #   outputs:
+  #     artifact_id: ${{ steps.upload.outputs.artifact-id }}
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       linux_arch: [s390x, arm64, amd64]
+  #   steps:
+  #     - uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+  #     - name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v3
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+  #     - name: Set up Docker Buildx
+  #       uses: docker/setup-buildx-action@v3
 
-      - name: Run Buildx
-        run: |
-          docker buildx create --name builder --bootstrap --use
-          docker buildx build --platform linux/${{ matrix.linux_arch }} --build-arg NODE_ARCH=${{ matrix.linux_arch == 'amd64' && 'x64' || matrix.linux_arch }} --output type=local,dest=./prebuilds,platform-split=false -f ./.github/docker/Dockerfile.glibc .
-
-      - id: upload
-        name: Upload prebuild
-        uses: actions/upload-artifact@v4
-        with:
-          name: build-linux-${{ matrix.linux_arch }}
-          path: prebuilds/
-          if-no-files-found: 'error'
-          retention-days: 1
-          compression-level: 0
+  #     - name: Run Buildx
+  #       run: |
+  #         docker buildx create --name builder --bootstrap --use
+  #         docker buildx build --platform linux/${{ matrix.linux_arch }} --output type=local,dest=./prebuilds,platform-split=false -f ./.github/docker/Dockerfile.glibc .
 
-  release_please:
-    needs: [host_builds, container_builds]
-    runs-on: ubuntu-latest
-    outputs:
-      release_created: ${{ steps.release.outputs.release_created }}
-    steps:
-      - id: release
-        uses: googleapis/release-please-action@v4
+  #     - id: upload
+  #       name: Upload prebuild
+  #       uses: actions/upload-artifact@v4
+  #       with:
+  #         name: build-linux-${{ matrix.linux_arch }}
+  #         path: prebuilds/
+  #         if-no-files-found: 'error'
+  #         retention-days: 1
+  #         compression-level: 0
 
-  sign_and_upload:
-    needs: [release_please]
-    if: ${{ needs.release_please.outputs.release_created }}
-    runs-on: ubuntu-latest
-    environment: release
-    steps:
-      - uses: actions/checkout@v4
-      - name: actions/setup
-        uses: ./.github/actions/setup
-      - name: actions/sign_and_upload_package
-        uses: ./.github/actions/sign_and_upload_package
-        with:
-          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
-          aws_region_name: 'us-east-1'
-          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
-          npm_package_name: 'mongodb-client-encryption'
-      - run: npm publish --provenance --tag=alpha
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  
@@ -0,0 +1,105 @@
+on:
+  push:
+    branches: ["6.1"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch: {}
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+name: release-6.1
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - id: release
+        uses: googleapis/release-please-action@v4
+        with:
+          target-branch: 6.1
+
+  build:
+    needs: [release_please]
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+        with:
+          ignore_install_scripts: true
+
+      - name: Load version and package info
+        uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+        with:
+          npm_package_name: mongodb-client-encryption
+
+      - name: actions/compress_sign_and_upload
+        uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: us-east-1
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          npm_package_name: mongodb-client-encryption
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+      - name: Copy sbom file to release assets
+        shell: bash
+        if: ${{ 'mongodb-client-encryption-6.1' == '' }}
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
+
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ 'mongodb-client-encryption-6.1' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v2
+        with:
+          silk_asset_group: 'mongodb-client-encryption-6.1'
+          sbom_file_name: sbom.json
+
+      - name: Generate authorized pub report
+        uses: mongodb-labs/drivers-github-tools/full-report@v2
+        with:
+          release_version: ${{ env.package_version }}
+          product_name: mongodb-client-encryption
+          sarif_report_target_ref: 6.1
+          third_party_dependency_tool: n/a
+          dist_filenames: artifacts/*
+          token: ${{ github.token }}
+          sbom_file_name: sbom.json
+
+      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+        with:
+          version: ${{ env.package_version }}
+          product_name: mongodb-client-encryption
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
+
+  publish:
+    needs: [release_please, ssdlc, build]
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+
+      - run: npm publish --provenance --tag=6.1
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}