|
1 | | -# This GitHub action can publish assets for release when a tag is created. |
2 | | -# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). |
3 | | -# |
4 | | -# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your |
5 | | -# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` |
6 | | -# secret. If you would rather own your own GPG handling, please fork this action |
7 | | -# or use an alternative one for key handling. |
8 | | -# |
9 | | -# You will need to pass the `--batch` flag to `gpg` in your signing step |
10 | | -# in `goreleaser` to indicate this is being used in a non-interactive mode. |
11 | | -# |
12 | | -name: release |
| 1 | +# Terraform Provider release workflow. |
| 2 | +name: Release |
| 3 | + |
| 4 | +# This GitHub action creates a release when a tag that matches the pattern |
| 5 | +# "v*" (e.g. v0.1.0) is created. |
13 | 6 | on: |
14 | 7 | push: |
15 | 8 | tags: |
16 | 9 | - 'v*' |
| 10 | + |
| 11 | +# Releases need permissions to read and write the repository contents. |
| 12 | +# GitHub considers creating releases and uploading assets as writing contents. |
| 13 | +permissions: |
| 14 | + contents: write |
| 15 | + |
17 | 16 | jobs: |
18 | 17 | goreleaser: |
19 | 18 | runs-on: ubuntu-latest |
20 | 19 | steps: |
21 | | - - |
22 | | - name: Checkout |
23 | | - |
24 | | - - |
25 | | - name: Unshallow |
26 | | - run: git fetch --prune --unshallow |
27 | | - - |
28 | | - name: Set up Go |
29 | | - uses: actions/setup-go@v2 |
| 20 | + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 |
30 | 21 | with: |
31 | | - go-version: 1.16.6 |
32 | | - - |
33 | | - name: Import GPG key |
| 22 | + # Allow goreleaser to access older tag information. |
| 23 | + fetch-depth: 0 |
| 24 | + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 |
| 25 | + with: |
| 26 | + go-version-file: 'go.mod' |
| 27 | + cache: true |
| 28 | + - name: Import GPG key |
| 29 | + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 |
34 | 30 | id: import_gpg |
35 | | - |
36 | | - env: |
37 | | - # These secrets will need to be configured for the repository: |
38 | | - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} |
39 | | - PASSPHRASE: ${{ secrets.PASSPHRASE }} |
40 | | - - |
41 | | - name: Run GoReleaser |
42 | | - uses: goreleaser/[email protected] |
43 | 31 | with: |
44 | | - version: latest |
45 | | - args: release --rm-dist |
| 32 | + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} |
| 33 | + passphrase: ${{ secrets.PASSPHRASE }} |
| 34 | + - name: Run GoReleaser |
| 35 | + uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 |
| 36 | + with: |
| 37 | + args: release --clean |
46 | 38 | env: |
47 | | - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} |
48 | | - # GitHub sets this automatically |
| 39 | + # GitHub sets the GITHUB_TOKEN secret automatically. |
49 | 40 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 41 | + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} |
0 commit comments