name: Release on: workflow_call: inputs: version: description: "Version to release" required: true type: string secrets: RELEASE_TOKEN: required: true description: "GitHub token for release" GPG_PRIVATE_KEY: required: true description: "GPG private key for signing" PASSPHRASE: required: true description: "Passphrase for GPG key" push: tags: - "v*" permissions: contents: write packages: write actions: write jobs: goreleaser: environment: production runs-on: ubuntu-22.04 timeout-minutes: 15 steps: - name: Check Permissions run: | echo "Checking required permissions..." TOKEN="${{ secrets.RELEASE_TOKEN }}" if [ -z "$TOKEN" ]; then echo "::error::RELEASE_TOKEN is not set" exit 1 fi echo "Token permissions check passed" - name: Debug Workflow Trigger run: | echo "Event name: ${{ github.event_name }}" echo "Ref: ${{ github.ref }}" echo "Version input: ${{ inputs.version }}" echo "Token exists: ${{ secrets.RELEASE_TOKEN != '' }}" - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 lfs: true submodules: recursive - name: Set up Go uses: actions/setup-go@v4 with: go-version: "1.21" cache: true - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} git_config_global: true git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - name: Verify Go installation run: | go version || { echo "::error::Go installation failed" exit 1 } - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4 with: distribution: goreleaser version: latest args: release --clean env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} VERSION: ${{ inputs.version }} continue-on-error: false if: github.event_name == 'workflow_call' || startsWith(github.ref, 'refs/tags/v')