From b0a68f92c940979520f174335a67f5f704ee896d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 10:17:01 -0600 Subject: [PATCH 01/11] full report --- .github/workflows/release.yml | 105 +++++++++++++--------------------- 1 file changed, 39 insertions(+), 66 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1fb6c95..e363271 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,15 +19,27 @@ jobs: - id: release uses: googleapis/release-please-action@v4 - compress_sign_and_upload: + ssdlc: needs: [release_please] - if: ${{ needs.release_please.outputs.release_created }} + permissions: + # required for all workflows + security-events: write + id-token: write + contents: write environment: release runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: actions/setup uses: ./.github/actions/setup + - name: Get release version and release package file name + id: get_vars + shell: bash + run: | + package_version=$(jq --raw-output '.version' package.json) + echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" + echo "package_file=mongodb-legacy-${package_version}.tgz" >> "$GITHUB_OUTPUT" + - name: actions/compress_sign_and_upload uses: ./.github/actions/compress_sign_and_upload with: @@ -35,79 +47,40 @@ jobs: aws_region_name: 'us-east-1' aws_secret_id: ${{ secrets.AWS_SECRET_ID }} npm_package_name: 'mongodb-legacy' - - run: npm publish --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + dry_run: ${{ needs.release_please.outputs.release_created == '' }} - generate_sarif_report: - environment: release - runs-on: ubuntu-latest - needs: [release_please] - permissions: - # required for all workflows - security-events: write - id-token: write - contents: write - - steps: - - uses: actions/checkout@v4 - - name: Set up drivers-github-tools - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_region_name: us-east-1 - aws_role_arn: ${{ secrets.aws_role_arn }} - aws_secret_id: ${{ secrets.aws_secret_id }} + - name: Copy sbom file to release assets + shell: bash + run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json - - name: "Generate Sarif Report" - uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2 + - name: Generate authorized pub report + uses: mongodb-labs/drivers-github-tools/full-report@v2 with: - ref: main - output-file: sarif-report.json + release_version: ${{ steps.get_version.outputs.package_version }} + product_name: mongodb-legacy + sarif_report_target_ref: main + third_party_dependency_tool: n/a + # and .sig + dist_filenames: ${{ steps.get_vars.outputs.package_file }}* + token: ${{ github.token }} + sbom_file_name: sbom.json - - name: Get release version and release package file name - id: get_version - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - - name: actions/publish_asset_to_s3 - uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2 + - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 with: - version: ${{ steps.get_version.outputs.package_version }} - product_name: mongodb-legacy - file: sarif-report.json + version: ${{ inputs.version }} + product_name: ${{ inputs.product_name }} dry_run: ${{ needs.release_please.outputs.release_created == '' }} - upload_sbom_lite: + publish: + needs: [release_please, ssdlc] environment: release runs-on: ubuntu-latest - needs: [release_please] - permissions: - # required for all workflows - security-events: write - id-token: write - contents: write - steps: - uses: actions/checkout@v4 - - name: Set up drivers-github-tools - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_region_name: us-east-1 - aws_role_arn: ${{ secrets.aws_role_arn }} - aws_secret_id: ${{ secrets.aws_secret_id }} - - - name: Get release version and release package file name - id: get_version - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" + - name: actions/setup + uses: ./.github/actions/setup - - name: actions/publish_asset_to_s3 - uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2 - with: - version: ${{ steps.get_version.outputs.package_version }} - product_name: mongodb-legacy - file: sbom.json - dry_run: ${{ needs.release_please.outputs.release_created == '' }} + - run: npm publish --provenance --tag=latest + if: ${{ needs.release_please.outputs.release_created }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From d3af900bcc90b26b7402bac2dc6ff2e0fd7e480e Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 11:21:39 -0600 Subject: [PATCH 02/11] new garasign adction --- .../compress_sign_and_upload/action.yml | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml index 32b21f7..8bce52a 100644 --- a/.github/actions/compress_sign_and_upload/action.yml +++ b/.github/actions/compress_sign_and_upload/action.yml @@ -1,19 +1,23 @@ name: Compress and Sign description: 'Compresses package and signs with garasign' -inputs: - aws_role_arn: - description: 'AWS role input for drivers-github-tools/gpg-sign@v2' - required: true - aws_region_name: - description: 'AWS region name input for drivers-github-tools/gpg-sign@v2' - required: true - aws_secret_id: - description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2' - required: true - npm_package_name: - description: 'The name for the npm package this repository represents' - required: true +inputs: + aws_role_arn: + description: 'AWS role input for drivers-github-tools/gpg-sign@v2' + required: true + aws_region_name: + description: 'AWS region name input for drivers-github-tools/gpg-sign@v2' + required: true + aws_secret_id: + description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2' + required: true + npm_package_name: + description: 'The name for the npm package this repository represents' + required: true + dry_run: + description: 'Should we upload files to the release?' + required: false + default: 'true' runs: using: composite @@ -31,23 +35,24 @@ runs: - name: Set up drivers-github-tools uses: mongodb-labs/drivers-github-tools/setup@v2 - with: + with: aws_region_name: ${{ inputs.aws_region_name }} aws_role_arn: ${{ inputs.aws_role_arn }} aws_secret_id: ${{ inputs.aws_secret_id }} - name: Create detached signature uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 - with: + with: filenames: ${{ steps.get_vars.outputs.package_file }} - env: + env: RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig - - name: Name release asset correctly + - name: Name release asset correctly run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig shell: bash - name: "Upload release artifacts" + if: ${{ inputs.dry_run == false }} run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig shell: bash env: From a8a3eded9a8cb96ee5eb9ed23757794eb20c42f1 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 11:39:28 -0600 Subject: [PATCH 03/11] testing --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e363271..9cbb4af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -69,7 +69,7 @@ jobs: with: version: ${{ inputs.version }} product_name: ${{ inputs.product_name }} - dry_run: ${{ needs.release_please.outputs.release_created == '' }} + dry_run: false publish: needs: [release_please, ssdlc] From 2087e673efe62f62abdd23d46e9fadf01589f8a7 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:09:05 -0600 Subject: [PATCH 04/11] test with shared action --- .github/workflows/release.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9cbb4af..98d1ece 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,23 +30,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: actions/setup uses: ./.github/actions/setup - - name: Get release version and release package file name - id: get_vars - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=mongodb-legacy-${package_version}.tgz" >> "$GITHUB_OUTPUT" + + - name: Load version and package info + uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node - name: actions/compress_sign_and_upload - uses: ./.github/actions/compress_sign_and_upload + uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} - aws_region_name: 'us-east-1' + aws_region_name: us-east-1 aws_secret_id: ${{ secrets.AWS_SECRET_ID }} - npm_package_name: 'mongodb-legacy' + npm_package_name: mongodb-legacy dry_run: ${{ needs.release_please.outputs.release_created == '' }} - name: Copy sbom file to release assets From 815926a834804c10944b9d27471d25779f79ffde Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:11:34 -0600 Subject: [PATCH 05/11] misc changes --- .github/workflows/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 98d1ece..08058ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,19 +53,19 @@ jobs: - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: - release_version: ${{ steps.get_version.outputs.package_version }} + release_version: ${{ env.package_version }} product_name: mongodb-legacy sarif_report_target_ref: main third_party_dependency_tool: n/a # and .sig - dist_filenames: ${{ steps.get_vars.outputs.package_file }}* + dist_filenames: ${{ env.package_file }}* token: ${{ github.token }} sbom_file_name: sbom.json - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 with: - version: ${{ inputs.version }} - product_name: ${{ inputs.product_name }} + version: ${{ env.package_version }} + product_name: mongodb-legacy dry_run: false publish: From 1851f410ce7c20e1e81d667725270782525aceb8 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:13:38 -0600 Subject: [PATCH 06/11] asdf --- .../compress_sign_and_upload/action.yml | 59 ------------------- 1 file changed, 59 deletions(-) delete mode 100644 .github/actions/compress_sign_and_upload/action.yml diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml deleted file mode 100644 index 8bce52a..0000000 --- a/.github/actions/compress_sign_and_upload/action.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Compress and Sign -description: 'Compresses package and signs with garasign' - -inputs: - aws_role_arn: - description: 'AWS role input for drivers-github-tools/gpg-sign@v2' - required: true - aws_region_name: - description: 'AWS region name input for drivers-github-tools/gpg-sign@v2' - required: true - aws_secret_id: - description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2' - required: true - npm_package_name: - description: 'The name for the npm package this repository represents' - required: true - dry_run: - description: 'Should we upload files to the release?' - required: false - default: 'true' - -runs: - using: composite - steps: - - run: npm pack - shell: bash - - - name: Get release version and release package file name - id: get_vars - shell: bash - run: | - package_version=$(jq --raw-output '.version' package.json) - echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" - echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT" - - - name: Set up drivers-github-tools - uses: mongodb-labs/drivers-github-tools/setup@v2 - with: - aws_region_name: ${{ inputs.aws_region_name }} - aws_role_arn: ${{ inputs.aws_role_arn }} - aws_secret_id: ${{ inputs.aws_secret_id }} - - - name: Create detached signature - uses: mongodb-labs/drivers-github-tools/gpg-sign@v2 - with: - filenames: ${{ steps.get_vars.outputs.package_file }} - env: - RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig - - - name: Name release asset correctly - run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig - shell: bash - - - name: "Upload release artifacts" - if: ${{ inputs.dry_run == false }} - run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig - shell: bash - env: - GH_TOKEN: ${{ github.token }} From 25b9c8add234632c58c762d12943dc7da81eabfa Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 24 Jun 2024 14:15:01 -0600 Subject: [PATCH 07/11] dry run --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 08058ac..453e2b3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -66,7 +66,7 @@ jobs: with: version: ${{ env.package_version }} product_name: mongodb-legacy - dry_run: false + dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: needs: [release_please, ssdlc] From 711cdfa0758abbc354c2a7b70d6bc74213650991 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 25 Jun 2024 11:05:35 -0600 Subject: [PATCH 08/11] use generated yml file and shared tooling --- .github/actions/setup/action.yml | 15 --------------- .github/workflows/lint.yml | 5 ++--- .github/workflows/release.yml | 13 ++++++++----- .github/workflows/release_notes.yml | 4 ++-- 4 files changed, 12 insertions(+), 25 deletions(-) delete mode 100644 .github/actions/setup/action.yml diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml deleted file mode 100644 index ced847c..0000000 --- a/.github/actions/setup/action.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Setup -description: 'Installs node, driver dependencies, and builds source' - -runs: - using: composite - steps: - - uses: actions/setup-node@v4 - with: - node-version: 'lts/*' - cache: 'npm' - registry-url: 'https://registry.npmjs.org' - - run: npm install -g npm@latest - shell: bash - - run: npm clean-install - shell: bash diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a2219c4..81228da 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,8 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm run check:lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 453e2b3..f3f016c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ permissions: pull-requests: write id-token: write -name: release +name: release-latest jobs: release_please: @@ -18,6 +18,8 @@ jobs: steps: - id: release uses: googleapis/release-please-action@v4 + with: + target-branch: main ssdlc: needs: [release_please] @@ -31,8 +33,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node @@ -74,8 +76,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: actions/setup - uses: ./.github/actions/setup + + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node - run: npm publish --provenance --tag=latest if: ${{ needs.release_please.outputs.release_created }} diff --git a/.github/workflows/release_notes.yml b/.github/workflows/release_notes.yml index 54b038f..0c0c903 100644 --- a/.github/workflows/release_notes.yml +++ b/.github/workflows/release_notes.yml @@ -45,8 +45,8 @@ jobs: # Setup Node.js and npm install - - name: actions/setup - uses: ./.github/actions/setup + - name: Install Node and dependencies + uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node # See: https://github.com/googleapis/release-please/issues/1274 From d2aaf1c8e8efd240aebe45a7ae73000ca63f7850 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 26 Jun 2024 14:37:43 -0600 Subject: [PATCH 09/11] add build.yml action --- .github/workflows/build.yml | 16 ++++++++++++++++ .github/workflows/release.yml | 29 +++++++++++++++++++++++------ 2 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..3c601ae --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,16 @@ +on: + workflow_call: {} + +name: Build + +permissions: + contents: write + pull-requests: write + id-token: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - run: echo "nothing to do." + shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f3f016c..e03dc23 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,8 +21,13 @@ jobs: with: target-branch: main - ssdlc: + build: needs: [release_please] + name: "Perform any build or bundling steps, as necessary." + uses: ./.github/workflows/build.yml + + ssdlc: + needs: [release_please, build] permissions: # required for all workflows security-events: write @@ -35,12 +40,16 @@ jobs: - name: Install Node and dependencies uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + with: + ignore_install_scripts: false - name: Load version and package info uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + with: + npm_package_name: mongodb-legacy - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node + uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -50,8 +59,17 @@ jobs: - name: Copy sbom file to release assets shell: bash + if: ${{ '' == '' }} run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json + # only used for mongodb-client-encryption + - name: Augment SBOM and copy to release assets + if: ${{ '' != '' }} + uses: mongodb-labs/drivers-github-tools/sbom@v2 + with: + silk_asset_group: '' + sbom_file_name: sbom.json + - name: Generate authorized pub report uses: mongodb-labs/drivers-github-tools/full-report@v2 with: @@ -59,9 +77,8 @@ jobs: product_name: mongodb-legacy sarif_report_target_ref: main third_party_dependency_tool: n/a - # and .sig - dist_filenames: ${{ env.package_file }}* - token: ${{ github.token }} + dist_filenames: artifacts/* + token: ${{ github.token }} sbom_file_name: sbom.json - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2 @@ -71,7 +88,7 @@ jobs: dry_run: ${{ needs.release_please.outputs.release_created == '' }} publish: - needs: [release_please, ssdlc] + needs: [release_please, ssdlc, build] environment: release runs-on: ubuntu-latest steps: From 38d7c027f935962c2fcb803db244405e63c00147 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 27 Jun 2024 08:32:29 -0600 Subject: [PATCH 10/11] use shared actions v2 --- .github/workflows/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e03dc23..eb4b3e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,17 +39,17 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 with: ignore_install_scripts: false - name: Load version and package info - uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2 with: npm_package_name: mongodb-legacy - name: actions/compress_sign_and_upload - uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2 with: aws_role_arn: ${{ secrets.AWS_ROLE_ARN }} aws_region_name: us-east-1 @@ -95,7 +95,7 @@ jobs: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm publish --provenance --tag=latest if: ${{ needs.release_please.outputs.release_created }} From 718247062fdfd02cb3a3a0420178fe88e2d4f604 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Thu, 27 Jun 2024 08:33:44 -0600 Subject: [PATCH 11/11] fix lint --- .github/workflows/lint.yml | 2 +- .github/workflows/release_notes.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 81228da..1e82ef2 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,6 +12,6 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 - run: npm run check:lint diff --git a/.github/workflows/release_notes.yml b/.github/workflows/release_notes.yml index 0c0c903..486aa5e 100644 --- a/.github/workflows/release_notes.yml +++ b/.github/workflows/release_notes.yml @@ -46,7 +46,7 @@ jobs: # Setup Node.js and npm install - name: Install Node and dependencies - uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node + uses: mongodb-labs/drivers-github-tools/node/setup@v2 # See: https://github.com/googleapis/release-please/issues/1274