From f440f47e578d4a80c86511da1cc9450b116531d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?= =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= Date: Mon, 30 Dec 2024 18:38:14 +0800 Subject: [PATCH] chore: update GitHub Actions workflows to use latest action versions and streamline release process - Upgraded checkout action from v3 to v4 in both auto-tag.yml and release.yml for improved performance. - Updated setup-go action from v4 to v5 and goreleaser action from v4 to v5 to leverage the latest features. - Changed the release job to inherit secrets instead of explicitly defining them, enhancing security. - Added environment specification for the goreleaser job and refined the conditional execution for the release process. --- .github/workflows/auto-tag.yml | 9 +++------ .github/workflows/release.yml | 14 ++++++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml index ffa12e3..386e155 100644 --- a/.github/workflows/auto-tag.yml +++ b/.github/workflows/auto-tag.yml @@ -18,7 +18,7 @@ jobs: outputs: new_tag: ${{ steps.get_latest_tag.outputs.version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 @@ -50,10 +50,7 @@ jobs: release: needs: auto-tag if: success() - uses: ./.github/workflows/release.yml + uses: ./.github/workflows/release.yml@${{ github.sha }} with: version: ${{ needs.auto-tag.outputs.new_tag }} - secrets: - RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.PASSPHRASE }} + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aee0535..7a5cbd9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,10 +10,13 @@ on: secrets: RELEASE_TOKEN: required: true + description: "GitHub token for release" GPG_PRIVATE_KEY: required: true + description: "GPG private key for signing" PASSPHRASE: required: true + description: "Passphrase for GPG key" push: tags: - "v*" @@ -22,24 +25,25 @@ permissions: write-all jobs: goreleaser: + environment: production runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 lfs: true submodules: recursive - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21" cache: true - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@v5 + uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} @@ -49,7 +53,7 @@ jobs: git_tag_gpgsign: true - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@v5 with: distribution: goreleaser version: latest @@ -58,3 +62,5 @@ jobs: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} VERSION: ${{ inputs.version }} + + if: github.event_name == 'workflow_call' || startsWith(github.ref, 'refs/tags/v')