From a7bc3f8f054f7183abc1a9f47686b9149f03be52 Mon Sep 17 00:00:00 2001 From: Abhishek Choudhary Date: Wed, 27 May 2026 11:21:46 +0800 Subject: [PATCH 1/2] ci: add goreleaser config and release workflow Wires goreleaser v2 to produce multi-arch binaries (linux, darwin, windows for amd64 and arm64) with sha256 checksums on tag push. Asset naming `a6___.` matches the format expected by the `a6 update` command's FindAsset. Refs #37 --- .github/workflows/release.yml | 30 +++++++++++++++++++++ .goreleaser.yml | 50 +++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .goreleaser.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0c3f7d9 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,30 @@ +name: Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + +jobs: + goreleaser: + name: GoReleaser + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - uses: goreleaser/goreleaser-action@v6 + with: + distribution: goreleaser + version: "~> v2" + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..c48c48e --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,50 @@ +version: 2 + +project_name: a6 + +before: + hooks: + - go mod tidy + +builds: + - main: ./cmd/a6 + binary: a6 + env: + - CGO_ENABLED=0 + ldflags: + - -s -w + - -X github.com/api7/a6/internal/version.Version={{.Version}} + - -X github.com/api7/a6/internal/version.Commit={{.ShortCommit}} + - -X github.com/api7/a6/internal/version.Date={{.Date}} + goos: + - linux + - darwin + - windows + goarch: + - amd64 + - arm64 + +archives: + - formats: [tar.gz] + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + format_overrides: + - goos: windows + formats: [zip] + +checksum: + name_template: "checksums.txt" + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + - "^chore:" + +release: + github: + owner: api7 + name: a6 + draft: false + prerelease: auto From 74c83883ce9c9f0406a70e41d00f0043a14cdb14 Mon Sep 17 00:00:00 2001 From: Abhishek Choudhary Date: Wed, 27 May 2026 13:07:00 +0800 Subject: [PATCH 2/2] ci: pin release workflow actions and disable credential persistence Pin actions/checkout, actions/setup-go, and goreleaser/goreleaser-action to the commit SHAs for their v4/v5/v6 tags, and set persist-credentials: false on checkout. Keeps the top-level contents: write permission since goreleaser needs it to publish the GitHub Release. Addresses CodeRabbit review on #50. --- .github/workflows/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0c3f7d9..a898045 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,15 +13,16 @@ jobs: name: GoReleaser runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 + persist-credentials: false - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod - - uses: goreleaser/goreleaser-action@v6 + - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6 with: distribution: goreleaser version: "~> v2"