From b5440fdfb212c17051bec8720c02b0297f69f6dd Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Wed, 12 Jun 2024 12:30:01 -0600
Subject: [PATCH 1/5] sarif report

---
 .github/workflows/release.yml | 43 ++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4dc3009..f33c3e0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,7 +30,7 @@ jobs:
         uses: ./.github/actions/setup
       - name: actions/compress_sign_and_upload
         uses: ./.github/actions/compress_sign_and_upload
-        with: 
+        with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: 'us-east-1'
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
@@ -38,3 +38,44 @@ jobs:
       - run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  generate_sarif_report:
+    environment: release
+    runs-on: ubuntu-latest
+    # needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up drivers-github-tools
+        uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_region_name: us-east-1
+          aws_role_arn: ${{ secrets.aws_role_arn }}
+          aws_secret_id: ${{ secrets.aws_secret_id }}
+
+      - name: "Generate Sarif Report"
+        # TODO: Use v2 once it has been re-tagged to include this action
+        uses: mongodb-labs/drivers-github-tools/code-scanning-export@main
+        with:
+          ref: main
+          output-file: sarif-report.json
+
+      - name: Get release version and release package file name
+        id: get_version
+        shell: bash
+        run: |
+          package_version=$(jq --raw-output '.version' package.json)
+          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+      - name: actions/publish_asset_to_s3
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        with:
+          version: ${{ steps.get_version.outputs.package_version }}
+          product_name: mongodb-legacy
+          file: sarif-report.json
+          # dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+          dry_run:  false

From 04faef7b553cb3abe36801df11cf4d980feeba78 Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Wed, 12 Jun 2024 12:38:33 -0600
Subject: [PATCH 2/5] revert POC

---
 .github/workflows/release.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f33c3e0..48a94a5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -42,7 +42,7 @@ jobs:
   generate_sarif_report:
     environment: release
     runs-on: ubuntu-latest
-    # needs: [release_please]
+    needs: [release_please]
     permissions:
       # required for all workflows
       security-events: write
@@ -77,5 +77,4 @@ jobs:
           version: ${{ steps.get_version.outputs.package_version }}
           product_name: mongodb-legacy
           file: sarif-report.json
-          # dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
-          dry_run:  false
+          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}

From ddbd16ae9d7fc8d1e0e2a91d56fcb70a11050237 Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Wed, 12 Jun 2024 13:20:41 -0600
Subject: [PATCH 3/5] sbom lite

---
 .github/workflows/release.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 48a94a5..35462f0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -78,3 +78,37 @@ jobs:
           product_name: mongodb-legacy
           file: sarif-report.json
           dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+
+  upload_sbom_lite:
+    environment: release
+    runs-on: ubuntu-latest
+    needs: [release_please]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up drivers-github-tools
+        uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_region_name: us-east-1
+          aws_role_arn: ${{ secrets.aws_role_arn }}
+          aws_secret_id: ${{ secrets.aws_secret_id }}
+
+      - name: Get release version and release package file name
+        id: get_version
+        shell: bash
+        run: |
+          package_version=$(jq --raw-output '.version' package.json)
+          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+
+      - name: actions/publish_asset_to_s3
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        with:
+          version: ${{ steps.get_version.outputs.package_version }}
+          product_name: node-mongodb-native
+          file: sbom.json
+          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}

From 8dec8f67147510b39c252e89c1362031cc0778bb Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Wed, 12 Jun 2024 13:26:13 -0600
Subject: [PATCH 4/5] fix product name

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 35462f0..4885e00 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -109,6 +109,6 @@ jobs:
         uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
         with:
           version: ${{ steps.get_version.outputs.package_version }}
-          product_name: node-mongodb-native
+          product_name: mongodb-legacy
           file: sbom.json
           dry_run:  ${{ needs.release_please.outputs.release_created == '' }}

From 1e8ac200550f2d580406e9fe32c27c5ccf53596f Mon Sep 17 00:00:00 2001
From: Bailey Pearson <bailey.pearson@mongodb.com>
Date: Thu, 13 Jun 2024 10:26:55 -0600
Subject: [PATCH 5/5] use v2 instead of main

---
 .github/workflows/release.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4885e00..1fb6c95 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,8 +59,7 @@ jobs:
           aws_secret_id: ${{ secrets.aws_secret_id }}
 
       - name: "Generate Sarif Report"
-        # TODO: Use v2 once it has been re-tagged to include this action
-        uses: mongodb-labs/drivers-github-tools/code-scanning-export@main
+        uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
         with:
           ref: main
           output-file: sarif-report.json
@@ -72,7 +71,7 @@ jobs:
           package_version=$(jq --raw-output '.version' package.json)
           echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
       - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
         with:
           version: ${{ steps.get_version.outputs.package_version }}
           product_name: mongodb-legacy
@@ -106,7 +105,7 @@ jobs:
           echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
 
       - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@main
+        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
         with:
           version: ${{ steps.get_version.outputs.package_version }}
           product_name: mongodb-legacy