# This GitHub action can publish assets for release when a tag is created. # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). # # This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` # secret. If you would rather own your own GPG handling, please fork this action # or use an alternative one for key handling. # # You will need to pass the `--batch` flag to `gpg` in your signing step # in `goreleaser` to indicate this is being used in a non-interactive mode. # name: release on: push: tags: - 'v*' jobs: goreleaser: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@v4 with: go-version: 1.18 - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v5.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: setup-syft run: | curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \ sh -s -- -b /usr/local/bin v0.64.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4.2.0 with: version: latest args: release --rm-dist env: GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} # GitHub sets this automatically GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}