From 2630feb4e8b06b605712b861228803017ea2726d Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 25 Sep 2025 10:43:23 -0500
Subject: [PATCH 1/3] DRIVERS-3232 Fix second aws credential handling

---
 .github/workflows/update-action-tag.yml | 28 ++++++++++++-------------
 setup/action.yml                        |  1 +
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/update-action-tag.yml b/.github/workflows/update-action-tag.yml
index cfdcd3b..7f065ae 100644
--- a/.github/workflows/update-action-tag.yml
+++ b/.github/workflows/update-action-tag.yml
@@ -32,17 +32,17 @@ jobs:
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
 
-      - name: Remove the existing tag
-        run: |
-          export VERSION=$(cat .github/workflows/version.txt)
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-          git push origin ":v${VERSION}" || true
-
-      - name: Create a new signed tag
-        uses: ./git-sign
-        with:
-          command: git tag -a \"v${{ env.VERSION }}\" -m \"Update tag\" -s --local-user=${{ env.GPG_KEY_ID }}
-
-      - name: Push the tag
-        run:
-            git push origin --tags
\ No newline at end of file
+      # - name: Remove the existing tag
+      #   run: |
+      #     export VERSION=$(cat .github/workflows/version.txt)
+      #     echo "VERSION=$VERSION" >> $GITHUB_ENV
+      #     git push origin ":v${VERSION}" || true
+
+      # - name: Create a new signed tag
+      #   uses: ./git-sign
+      #   with:
+      #     command: git tag -a \"v${{ env.VERSION }}\" -m \"Update tag\" -s --local-user=${{ env.GPG_KEY_ID }}
+
+      # - name: Push the tag
+      #   run:
+      #       git push origin --tags
\ No newline at end of file
diff --git a/setup/action.yml b/setup/action.yml
index 2a14145..173a07f 100644
--- a/setup/action.yml
+++ b/setup/action.yml
@@ -40,6 +40,7 @@ runs:
       role-to-assume: ${{ inputs.aws_role_arn }}
       role-session-name: release-session
       aws-region: ${{ inputs.aws_region_name }}
+      unset-current-credentials: true
   - name: Read secrets from AWS Secrets Manager into environment variables
     uses: aws-actions/aws-secretsmanager-get-secrets@5e19ff380d035695bdd56bbad320ca535c9063f2 # v2
     with:

From c4f582f1df0aefad3ab2afb2dfbf79ee8824820c Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 25 Sep 2025 10:51:46 -0500
Subject: [PATCH 2/3] fix tag handling

---
 .github/workflows/update-action-tag.yml | 28 ++++++++++++-------------
 setup/action.yml                        |  1 -
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/update-action-tag.yml b/.github/workflows/update-action-tag.yml
index 7f065ae..c76631d 100644
--- a/.github/workflows/update-action-tag.yml
+++ b/.github/workflows/update-action-tag.yml
@@ -32,17 +32,17 @@ jobs:
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
 
-      # - name: Remove the existing tag
-      #   run: |
-      #     export VERSION=$(cat .github/workflows/version.txt)
-      #     echo "VERSION=$VERSION" >> $GITHUB_ENV
-      #     git push origin ":v${VERSION}" || true
-
-      # - name: Create a new signed tag
-      #   uses: ./git-sign
-      #   with:
-      #     command: git tag -a \"v${{ env.VERSION }}\" -m \"Update tag\" -s --local-user=${{ env.GPG_KEY_ID }}
-
-      # - name: Push the tag
-      #   run:
-      #       git push origin --tags
\ No newline at end of file
+      - name: Remove the existing tag
+        run: |
+          export VERSION=$(cat .github/workflows/version.txt)
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          git push origin ":v${VERSION}" || true
+
+      - name: Create a new signed tag
+        uses: ./git-sign
+        with:
+          command: git tag -a "v${{ env.VERSION }}\" -m "Update tag" -s --local-user=${{ env.GPG_KEY_ID }}
+
+      - name: Push the tag
+        run:
+            git push origin --tags
\ No newline at end of file
diff --git a/setup/action.yml b/setup/action.yml
index 173a07f..2a14145 100644
--- a/setup/action.yml
+++ b/setup/action.yml
@@ -40,7 +40,6 @@ runs:
       role-to-assume: ${{ inputs.aws_role_arn }}
       role-session-name: release-session
       aws-region: ${{ inputs.aws_region_name }}
-      unset-current-credentials: true
   - name: Read secrets from AWS Secrets Manager into environment variables
     uses: aws-actions/aws-secretsmanager-get-secrets@5e19ff380d035695bdd56bbad320ca535c9063f2 # v2
     with:

From 3bc6b73922c6073c8f74416a7e8cf079b61624eb Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 25 Sep 2025 10:53:00 -0500
Subject: [PATCH 3/3] fix syntax

---
 .github/workflows/update-action-tag.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-action-tag.yml b/.github/workflows/update-action-tag.yml
index c76631d..6a14705 100644
--- a/.github/workflows/update-action-tag.yml
+++ b/.github/workflows/update-action-tag.yml
@@ -41,7 +41,7 @@ jobs:
       - name: Create a new signed tag
         uses: ./git-sign
         with:
-          command: git tag -a "v${{ env.VERSION }}\" -m "Update tag" -s --local-user=${{ env.GPG_KEY_ID }}
+          command: git tag -a "v${{ env.VERSION }}" -m "Update tag" -s --local-user=${{ env.GPG_KEY_ID }}
 
       - name: Push the tag
         run: