use latest generated template

Author: baileympearson

.github/workflows/release.yml

@@ -1,17 +1,15 @@
 on:
   push:
     branches: [main]
-  pull_request:
-    branches: [main]
   workflow_dispatch: {}
 
-name: Release
-
 permissions:
   contents: write
   pull-requests: write
   id-token: write
 
+name: release-latest
+
 jobs:
   release_please:
     runs-on: ubuntu-latest
@@ -20,10 +18,12 @@ jobs:
     steps:
       - id: release
         uses: googleapis/release-please-action@v4
+        with:
+          target-branch: main
 
   build:
     needs: [release_please]
-    name: "Build native code"
+    name: "Perform any build or bundling steps, as necessary."
     uses: ./.github/workflows/build.yml
 
   ssdlc:
@@ -40,43 +40,52 @@ jobs:
 
       - name: Install Node and dependencies
         uses: baileympearson/drivers-github-tools/node/setup@add-signing-env-action-for-node
+        with:
+          ignore_install_scripts: true
 
       - name: Load version and package info
         uses: baileympearson/drivers-github-tools/node/get_version_info@add-signing-env-action-for-node
         with:
           npm_package_name: mongodb-client-encryption
 
-      - name: actions/sign_and_upload_package
-        uses: baileympearson/drivers-github-tools/node/sign_js_only_package@add-signing-env-action-for-node
+      - name: actions/compress_sign_and_upload
+        uses: baileympearson/drivers-github-tools/node/sign_node_package@add-signing-env-action-for-node
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
-          aws_region_name: 'us-east-1'
+          aws_region_name: us-east-1
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
-          npm_package_name: 'mongodb-client-encryption'
+          npm_package_name: mongodb-client-encryption
           dry_run: ${{ needs.release_please.outputs.release_created == '' }}
-          sign_native: true
 
       - name: Copy sbom file to release assets
         shell: bash
+        if: ${{ '' == '' }}
         run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
 
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ '' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v2
+        with:
+          silk_asset_group: ''
+          sbom_file_name: sbom.json
+
       - name: Generate authorized pub report
         uses: mongodb-labs/drivers-github-tools/full-report@v2
         with:
           release_version: ${{ env.package_version }}
           product_name: mongodb-client-encryption
           sarif_report_target_ref: main
-          third_party_dependency_tool: Silk
-          # <package> and <package>.sig
+          third_party_dependency_tool: n/a
           dist_filenames: artifacts/*
-          token:  ${{ github.token }}
+          token: ${{ github.token }}
           sbom_file_name: sbom.json
 
       - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
         with:
           version: ${{ env.package_version }}
           product_name: mongodb-client-encryption
-          dry_run: false
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
   publish:
     needs: [release_please, ssdlc, build]