go-vanity/.github/workflows/publish.yml at main · bryk-io/go-vanity · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: publish
on:
  push:
    tags:
      - "*"
jobs:
  # Publish project package(s)
  publish:
    name: publish package
    runs-on: ubuntu-latest
    timeout-minutes: 10
    if: startsWith(github.ref, 'refs/tags/')
    steps:
      # Harden workflow runner
      - name: Harden workflow runner (audit all outbound calls)
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      # Checkout code
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false

      # Go
      - name: Set up Go
        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
        with:
          go-version: 1.25.x

      # Use goreleaser to create the new release
      # https://github.com/goreleaser/goreleaser-action
      - name: Create release
        uses: goreleaser/goreleaser-action@v6
        if: startsWith(github.ref, 'refs/tags/')
        with:
          version: latest
          args: release --clean --skip=validate
        env:
          # https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow
          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
          # Login of the user that initiated the workflow run
          GITHUB_USER: ${{ github.actor }}