chore: enhance GoReleaser and GitHub Actions workflows for GPG signing

- Added GPG signing configuration in .goreleaser.yml to support artifact signing for all artifacts.
- Updated release.yml to enforce GPG signing by setting global Git configuration options for signing commits and tags.
- Improved the signing process by utilizing the GPG fingerprint from environment variables, enhancing security and flexibility.

.github/workflows/release.yml

@@ -43,6 +43,10 @@ jobs:
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4

.goreleaser.yml

@@ -42,6 +42,18 @@ checksum:
   name_template: 'checksums.txt'
   algorithm: sha256
 
+signs:
+  - cmd: gpg
+    args:
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}"
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+    artifacts: all
+
 changelog:
   sort: asc
   use: github
@@ -95,12 +107,3 @@ release:
 
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
-
-signs:
-  - cmd: gpg
-    args:
-      - "--output"
-      - "${signature}"
-      - "--detach-sign"
-      - "${artifact}"
-    artifacts: checksum