name: Release on: workflow_call: inputs: version: description: "Version to release" required: true type: string secrets: RELEASE_TOKEN: required: true description: "GitHub token for release" GPG_PRIVATE_KEY: required: true description: "GPG private key for signing" PASSPHRASE: required: true description: "Passphrase for GPG key" push: tags: - "v*" permissions: contents: write packages: write actions: write jobs: goreleaser: environment: production runs-on: ubuntu-latest timeout-minutes: 15 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 lfs: true submodules: recursive - name: Set up Go uses: actions/setup-go@v4 with: go-version: "1.21" check-latest: true cache: true - uses: actions/cache@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} git_config_global: true git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4 with: distribution: goreleaser version: latest args: release --clean --timeout 60m env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} VERSION: ${{ inputs.version }} - name: Notify on failure if: failure() run: | echo "::error::Release process failed" - name: Verify Release if: success() run: | echo "Verifying release artifacts..." if [ ! -d "dist" ]; then echo "::error::Release artifacts not found" exit 1 fi if: github.event_name == 'workflow_call' || startsWith(github.ref, 'refs/tags/v')