chore: setup release process with github actions #4

	name: release

	on:
	push:
	branches:
	- main

	jobs:
	release:
	name: release
	runs-on: ubuntu-latest
	permissions:
	checks: write
	contents: write
	steps:
	- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

	- name: Release
	run: \|
	npm install @semantic-release/exec
	npx -y semantic-release@v22
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: release-notes
	path: /tmp/release-notes.md

	goreleaser:
	name: upload binaries
	runs-on: ubuntu-latest
	needs: release
	permissions:
	id-token: write
	checks: write
	contents: read
	steps:
	- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
	with:
	fetch-depth: 0

	- uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0

	- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version: "1.20"
	cache: true

	- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
	with:
	name: release-notes
	path: /tmp

	- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
	with:
	distribution: goreleaser
	version: latest
	# NOTE: we use parallelism 1 because the cosign process is not concurrency safe.
	args: release --parallelism 1 --release-notes /tmp/release-notes.md --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	COSIGN_EXPERIMENTAL: true

Provide feedback