diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 044e1743df..dd93c729a5 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -15,27 +15,13 @@ on:
 
 jobs:
   analyze:
-    name: Analyze (${{ matrix.language }})
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    name: Analyze (go)
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 360
     permissions:
       # required for all workflows
       security-events: write
 
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: go
-          build-mode: manual
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -44,15 +30,14 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
+        languages: go
+        build-mode: manual
 
-    - if: matrix.build-mode == 'manual'
-      shell: bash
+    - shell: bash
       run: |
         make build
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with:
-        category: "/language:${{matrix.language}}"
+        category: "/language:go"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000000..f9a2ac10d4
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,88 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "The new version to set"
+        required: true
+      prev_version:
+        description: "The previous tagged version"
+        required: true
+      push_changes:
+        description: "Push changes?"
+        default: true
+        type: boolean
+
+defaults:
+  run:
+    shell: bash -eux {0}
+
+env:
+  # Changes per branch
+  SILK_ASSET_GROUP: mongodb-go-driver
+  EVERGREEN_PROJECT: mongo-go-driver
+
+jobs:
+  pre-publish:
+    environment: release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    outputs:
+      prev_version: ${{ steps.pre-publish.outputs.prev_version }}
+    steps:
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
+        with:
+          app_id: ${{ vars.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: ${{ vars.AWS_REGION_NAME }}
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
+      - name: Pre Publish
+        id: pre-publish
+        uses: mongodb-labs/drivers-github-tools/golang/pre-publish@v2
+        with:
+          version: ${{ inputs.version }}
+          push_changes: ${{ inputs.push_changes }}
+
+  static-scan:
+    needs: [pre-publish]
+    permissions:
+      security-events: write
+    uses: ./.github/workflows/codeql.yml
+    with:
+      ref: ${{ github.ref }}
+
+  publish:
+    needs: [pre-publish, static-scan]
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
+      security-events: read
+    steps:
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
+        with:
+          app_id: ${{ vars.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: ${{ vars.AWS_REGION_NAME }}
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+          artifactory_username: ${{ vars.ARTIFACTORY_USERNAME }}
+      - name: Publish
+        uses: mongodb-labs/drivers-github-tools/golang/publish@v2
+        with:
+          version: ${{ inputs.version }}
+          silk_asset_group: ${{ env.SILK_ASSET_GROUP }}
+          evergreen_project: ${{ env.EVERGREEN_PROJECT }}
+          prev_version: ${{ inputs.prev_version }}
+          push_changes: ${{ inputs.push_changes }}
+          token: ${{ env.GH_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ab05fafebe..c4e5498fbf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,5 +17,5 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-      - uses: pre-commit/action@v3.0.0
+      - uses: actions/setup-python@v5
+      - uses: pre-commit/action@v3.0.1