Skip to content
Release

fix: pass AUR_KEY via env var to preserve PEM newlines when writing k… #6

Sign in to view logs

fix: pass AUR_KEY via env var to preserve PEM newlines when writing k…

fix: pass AUR_KEY via env var to preserve PEM newlines when writing k… #6

Workflow file for this run

.github/workflows/release.yml at f739612
# ==============================================================================
# .github/workflows/release.yml — cpp-gen
# ==============================================================================
# Release pipeline. Triggered automatically when a tag in the format
# vX.Y.Z is pushed to the repository (e.g.: via `make release` or scripts/release.sh).
#
# Full flow:
# git commit → scripts/release.sh → tag vX.Y.Z → this workflow → goreleaser
# ↓
# binários + archives + GitHub Release
# ↓
# (se AUR_KEY configurado) AUR push
# ==============================================================================
name: Release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+" # v1.2.3
- "v[0-9]+.[0-9]+.[0-9]+-*" # v1.2.3-beta.1 (pre-release)
# Minimum permissions required for goreleaser to create the release
permissions:
contents: write # create releases and upload assets
packages: write # publish packages (if needed in the future)
jobs:
# ── Goreleaser ───────────────────────────────────────────────────────────────
goreleaser:
name: Release ${{ github.ref_name }}
runs-on: ubuntu-latest
steps:
- name: Checkout (com histórico completo)
uses: actions/checkout@v4
with:
# fetch-depth 0 is required for goreleaser to generate the changelog
# correctly from the full commit and tag history.
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Verify dependencies
run: |
go mod verify
go mod tidy
git diff --exit-code go.mod go.sum
# Runs tests before publishing — failure here aborts the release
- name: Test
run: go test -race ./...
# goreleaser v2 requires private_key to be a FILE PATH, not inline content.
# This step writes the secret to a temp file and exposes its path.
# If AUR_KEY is absent the AUR publisher is skipped via --skip=aurs.
- name: Setup AUR key
id: aur
env:
AUR_KEY_CONTENT: ${{ secrets.AUR_KEY }}
run: |
if [ -n "$AUR_KEY_CONTENT" ]; then
mkdir -p ~/.ssh
echo "$AUR_KEY_CONTENT" > ~/.ssh/aur_key
chmod 600 ~/.ssh/aur_key
echo "key_path=$HOME/.ssh/aur_key" >> "$GITHUB_OUTPUT"
echo "goreleaser_args=release --clean" >> "$GITHUB_OUTPUT"
else
echo "key_path=" >> "$GITHUB_OUTPUT"
echo "goreleaser_args=release --clean --skip=aurs" >> "$GITHUB_OUTPUT"
echo "::warning title=AUR_KEY ausente::Publicação no AUR ignorada. Configure o secret AUR_KEY para habilitar."
fi
- name: Run goreleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: "~> v2"
args: ${{ steps.aur.outputs.goreleaser_args }}
env:
# GitHub token to create the release and upload assets.
# GITHUB_TOKEN is automatically injected by Actions — no extra configuration needed.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Path to the SSH private key file written by the "Setup AUR key" step above.
# goreleaser v2 requires a file path here, not inline key content.
AUR_KEY: ${{ steps.aur.outputs.key_path }}
# ── Completion notification ───────────────────────────────────────────────────
notify:
name: Notify
runs-on: ubuntu-latest
needs: goreleaser
if: always()
steps:
- name: Release succeeded
if: needs.goreleaser.result == 'success'
run: |
echo "::notice title=Release publicada::cpp-gen ${{ github.ref_name }} foi publicada com sucesso!"
echo "URL: https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
- name: Release failed
if: needs.goreleaser.result == 'failure'
run: |
echo "::error title=Falha na release::O goreleaser falhou para a tag ${{ github.ref_name }}."
exit 1