From 2b33ccd32ec3797357e811efb14a8ea64fcf925c Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Wed, 19 Feb 2025 10:33:30 -0600
Subject: [PATCH 1/5] test silkbomb 2.0

---
 .github/workflows/release-python.yml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index f6731967d..d279478d9 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -18,8 +18,7 @@ on:
 env:
   # Changes per repo
   PRODUCT_NAME: PyMongoCrypt
-  # Changes per branch
-  SILK_ASSET_GROUP: pymongocrypt
+  SILK_ASSET_GROUP: test
   EVERGREEN_PROJECT: libmongocrypt
   # Constant
   # inputs will be empty on a scheduled run.  so, we only set dry_run
@@ -43,17 +42,17 @@ jobs:
     outputs:
       version: ${{ steps.pre-publish.outputs.version }}
     steps:
-      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
+      - uses: blink1073/drivers-github-tools/secure-checkout@fetsko/gha-sbom-action-silkbomb-2.0
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: mongodb-labs/drivers-github-tools/setup@v2
+      - uses: blink1073/drivers-github-tools/setup@fetsko/gha-sbom-action-silkbomb-2.0
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: mongodb-labs/drivers-github-tools/python/pre-publish@v2
+      - uses: blink1073/drivers-github-tools/python/pre-publish@fetsko/gha-sbom-action-silkbomb-2.0
         id: pre-publish
         with:
           version: ${{ env.VERSION }}
@@ -107,17 +106,17 @@ jobs:
       attestations: write
       security-events: write
     steps:
-      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
+      - uses: blink1073/drivers-github-tools/secure-checkout@fetsko/gha-sbom-action-silkbomb-2.0
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: mongodb-labs/drivers-github-tools/setup@v2
+      - uses: blink1073/drivers-github-tools/setup@fetsko/gha-sbom-action-silkbomb-2.0
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: mongodb-labs/drivers-github-tools/python/post-publish@v2
+      - uses: blink1073/drivers-github-tools/python/post-publish@fetsko/gha-sbom-action-silkbomb-2.0
         with:
           version: ${{ env.VERSION }}
           following_version: ${{ env.FOLLOWING_VERSION }}

From 43e5788253b0e0b5ed47c52ab90a48cb97a83eb6 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Wed, 19 Feb 2025 10:42:52 -0600
Subject: [PATCH 2/5] add sbom_in_path

---
 .github/workflows/release-python.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index d279478d9..a4baafd95 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -18,7 +18,6 @@ on:
 env:
   # Changes per repo
   PRODUCT_NAME: PyMongoCrypt
-  SILK_ASSET_GROUP: test
   EVERGREEN_PROJECT: libmongocrypt
   # Constant
   # inputs will be empty on a scheduled run.  so, we only set dry_run
@@ -122,7 +121,7 @@ jobs:
           following_version: ${{ env.FOLLOWING_VERSION }}
           working_directory: ./bindings/python
           product_name: ${{ env.PRODUCT_NAME }}
-          silk_asset_group: ${{ env.SILK_ASSET_GROUP }}
+          sbom_in_path: bindings/python/sbom.json
           evergreen_project: ${{ env.EVERGREEN_PROJECT }}
           tag_template: "pymongocrypt-${VERSION}"
           token: ${{ github.token }}

From 8d307147ced662f7dc62967eb2b684def3a3af90 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Wed, 19 Feb 2025 11:15:52 -0600
Subject: [PATCH 3/5] add kondukto_sub_project

---
 .github/workflows/release-python.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index a4baafd95..ff1813fcf 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -122,6 +122,7 @@ jobs:
           working_directory: ./bindings/python
           product_name: ${{ env.PRODUCT_NAME }}
           sbom_in_path: bindings/python/sbom.json
+          kondukto_sub_project: pymongocrypt
           evergreen_project: ${{ env.EVERGREEN_PROJECT }}
           tag_template: "pymongocrypt-${VERSION}"
           token: ${{ github.token }}

From 5f6cb00179ebfd5950b099519561c897ef5c2930 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 20 Feb 2025 12:46:30 -0600
Subject: [PATCH 4/5] update to upstream

---
 .github/workflows/release-python.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index ff1813fcf..4a0393742 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -41,17 +41,17 @@ jobs:
     outputs:
       version: ${{ steps.pre-publish.outputs.version }}
     steps:
-      - uses: blink1073/drivers-github-tools/secure-checkout@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@b2
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: blink1073/drivers-github-tools/setup@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/setup@b2
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: blink1073/drivers-github-tools/python/pre-publish@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/python/pre-publish@b2
         id: pre-publish
         with:
           version: ${{ env.VERSION }}
@@ -105,17 +105,17 @@ jobs:
       attestations: write
       security-events: write
     steps:
-      - uses: blink1073/drivers-github-tools/secure-checkout@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@b2
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: blink1073/drivers-github-tools/setup@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/setup@b2
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: blink1073/drivers-github-tools/python/post-publish@fetsko/gha-sbom-action-silkbomb-2.0
+      - uses: mongodb-labs/drivers-github-tools/python/post-publish@b2
         with:
           version: ${{ env.VERSION }}
           following_version: ${{ env.FOLLOWING_VERSION }}

From 60b137b0727ba0a057c45926e811992d972b8add Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 20 Feb 2025 12:48:45 -0600
Subject: [PATCH 5/5] fix tag

---
 .github/workflows/release-python.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index 4a0393742..730500d15 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -41,17 +41,17 @@ jobs:
     outputs:
       version: ${{ steps.pre-publish.outputs.version }}
     steps:
-      - uses: mongodb-labs/drivers-github-tools/secure-checkout@b2
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: mongodb-labs/drivers-github-tools/setup@b2
+      - uses: mongodb-labs/drivers-github-tools/setup@v2
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: mongodb-labs/drivers-github-tools/python/pre-publish@b2
+      - uses: mongodb-labs/drivers-github-tools/python/pre-publish@v2
         id: pre-publish
         with:
           version: ${{ env.VERSION }}
@@ -105,17 +105,17 @@ jobs:
       attestations: write
       security-events: write
     steps:
-      - uses: mongodb-labs/drivers-github-tools/secure-checkout@b2
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - uses: mongodb-labs/drivers-github-tools/setup@b2
+      - uses: mongodb-labs/drivers-github-tools/setup@v2
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
           aws_region_name: ${{ vars.AWS_REGION_NAME }}
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
           artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
-      - uses: mongodb-labs/drivers-github-tools/python/post-publish@b2
+      - uses: mongodb-labs/drivers-github-tools/python/post-publish@v2
         with:
           version: ${{ env.VERSION }}
           following_version: ${{ env.FOLLOWING_VERSION }}