diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 0770147..8ce97ca 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -1,10 +1,15 @@ +# Terraform Provider release workflow. name: Release +# This GitHub action creates a release when a tag that matches the pattern +# "v*" (e.g. v0.1.0) is created. on: push: tags: - - "v*" + - 'v*' +# Releases need permissions to read and write the repository contents. +# GitHub considers creating releases and uploading assets as writing contents. permissions: contents: write @@ -12,29 +17,25 @@ jobs: goreleaser: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: + # Allow goreleaser to access older tag information. fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: - go-version: '1.21' + go-version-file: 'go.mod' + cache: true - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 id: import_gpg - uses: crazy-max/ghaction-import-gpg@v3 with: - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 with: - version: latest - args: release --rm-dist + args: release --clean env: + # GitHub sets the GITHUB_TOKEN secret automatically. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - - name: Upload assets - uses: actions/upload-artifact@v4 - with: - path: dist/* + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} \ No newline at end of file