chore: update GitHub Actions workflows to use latest action versions and streamline release process

- Upgraded checkout action from v3 to v4 in both auto-tag.yml and release.yml for improved performance. - Updated setup-go action from v4 to v5 and goreleaser action from v4 to v5 to leverage the latest features. - Changed the release job to inherit secrets instead of explicitly defining them, enhancing security. - Added environment specification for the goreleaser job and refined the conditional execution for the release process.
5 months ago · f440f47e57
2 changed files with 13 additions and 10 deletions
--- a/.github/workflows/auto-tag.yml
+++ b/.github/workflows/auto-tag.yml
@ -18,7 +18,7 @@ jobs:
    outputs:
      new_tag: ${{ steps.get_latest_tag.outputs.version }}
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

@ -50,10 +50,7 @@ jobs:
  release:
    needs: auto-tag
    if: success()
-    uses: ./.github/workflows/release.yml
+    uses: ./.github/workflows/release.yml@${{ github.sha }}
    with:
      version: ${{ needs.auto-tag.outputs.new_tag }}
-    secrets:
-      RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      PASSPHRASE: ${{ secrets.PASSPHRASE }}
+    secrets: inherit
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -10,10 +10,13 @@ on:
    secrets:
      RELEASE_TOKEN:
        required: true
+        description: "GitHub token for release"
      GPG_PRIVATE_KEY:
        required: true
+        description: "GPG private key for signing"
      PASSPHRASE:
        required: true
+        description: "Passphrase for GPG key"
  push:
    tags:
      - "v*"
@ -22,24 +25,25 @@ permissions: write-all

 jobs:
  goreleaser:
+    environment: production
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true
          submodules: recursive

      - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
          go-version: "1.21"
          cache: true

      - name: Import GPG key
        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
@ -49,7 +53,7 @@ jobs:
          git_tag_gpgsign: true

      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: latest
@ -58,3 +62,5 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
          VERSION: ${{ inputs.version }}
+
+    if: github.event_name == 'workflow_call' || startsWith(github.ref, 'refs/tags/v')