From e32d245c3a65bbf62bb115d8f16c35b6c8c0895d Mon Sep 17 00:00:00 2001 From: Atsushi Tanaka Date: Fri, 8 Mar 2024 00:13:32 +0900 Subject: [PATCH] Update release.yml --- .github/workflows/release.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9f5f9ee..9ef95ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,8 @@ # This GitHub action can publish assets for release when a tag is created. # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). # -# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your -# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` +# This uses an action (crazy-max/ghaction-import-gpg) that assumes you set your +# private key in the `gpg_private_key` secret and passphrase in the `passphrase` # secret. If you would rather own your own GPG handling, please fork this action # or use an alternative one for key handling. # @@ -14,6 +14,8 @@ on: push: tags: - 'v*' +permissions: + contents: write jobs: goreleaser: runs-on: ubuntu-latest @@ -29,19 +31,20 @@ jobs: uses: actions/setup-go@v5 with: go-version-file: go.mod + cache: true - name: Import GPG key id: import_gpg - uses: paultyng/ghaction-import-gpg@v2.1.0 - env: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.PASSPHRASE }} + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --rm-dist + args: release --clean env: GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}