fix: include manifest.json as standalone release asset #46

	name: Release

	on:
	push:
	tags:
	- 'v*'

	permissions:
	contents: write

	jobs:
	release:
	runs-on: ubuntu-latest
	steps:
	# Pin to SHA for supply chain security
	# See: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions
	- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5
	with:
	go-version-file: 'go.mod'

	- name: Run tests
	run: go test -v -race ./...

	- name: Import GPG key
	uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6
	id: import_gpg
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	- name: Verify GPG key imported
	run: \|
	echo "GPG Key fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
	gpg --list-secret-keys --keyid-format LONG

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6
	with:
	distribution: goreleaser
	version: '~> v2'
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

Provide feedback