release.yml

name: goreleaser

on:
  push:
    tags:
      - '*'
  merge_group:
    types: [checks_requested]

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.22.x

          # The default cache key for this action considers only the `go.sum` file.
          # We include .goreleaser.yaml here to differentiate from the cache used by the push action
          # that runs unit tests. This job produces and uses a different cache.
          cache-dependency-path: |
            go.sum
            .goreleaser.yml

      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v2
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.PASSPHRASE }}

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          version: ~> v2
          args: release --clean ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }}
        env:
          # use GITHUB_TOKEN that is already available in secrets.GITHUB_TOKEN
          # https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}