Skip to content
Release

fix: simplify AUR key setup — fixed path, boolean output, no empty args #7

Sign in to view logs

fix: simplify AUR key setup — fixed path, boolean output, no empty args

fix: simplify AUR key setup — fixed path, boolean output, no empty args #7

Workflow file for this run

.github/workflows/release.yml at c818e92
# ==============================================================================
# .github/workflows/release.yml — cpp-gen
# ==============================================================================
# Release pipeline. Triggered automatically when a tag in the format
# vX.Y.Z is pushed to the repository (e.g.: via `make release` or scripts/release.sh).
#
# Full flow:
# git commit → scripts/release.sh → tag vX.Y.Z → this workflow → goreleaser
# ↓
# binários + archives + GitHub Release
# ↓
# (se AUR_KEY configurado) AUR push
# ==============================================================================
name: Release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+" # v1.2.3
- "v[0-9]+.[0-9]+.[0-9]+-*" # v1.2.3-beta.1 (pre-release)
# Minimum permissions required for goreleaser to create the release
permissions:
contents: write # create releases and upload assets
packages: write # publish packages (if needed in the future)
jobs:
# ── Goreleaser ───────────────────────────────────────────────────────────────
goreleaser:
name: Release ${{ github.ref_name }}
runs-on: ubuntu-latest
steps:
- name: Checkout (com histórico completo)
uses: actions/checkout@v4
with:
# fetch-depth 0 is required for goreleaser to generate the changelog
# correctly from the full commit and tag history.
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Verify dependencies
run: |
go mod verify
go mod tidy
git diff --exit-code go.mod go.sum
# Runs tests before publishing — failure here aborts the release
- name: Test
run: go test -race ./...
# goreleaser v2 requires private_key to be a FILE PATH, not inline content.
# Writes the secret to ~/.ssh/aur_key and sets has_key=true/false.
# If AUR_KEY is absent, the AUR publisher is skipped via --skip=aurs.
- name: Setup AUR key
id: aur
env:
AUR_KEY_CONTENT: ${{ secrets.AUR_KEY }}
run: |
if [ -n "$AUR_KEY_CONTENT" ]; then
mkdir -p ~/.ssh
echo "$AUR_KEY_CONTENT" > ~/.ssh/aur_key
chmod 600 ~/.ssh/aur_key
echo "has_key=true" >> "$GITHUB_OUTPUT"
else
echo "has_key=false" >> "$GITHUB_OUTPUT"
echo "::warning title=AUR_KEY ausente::Publicação no AUR ignorada. Configure o secret AUR_KEY para habilitar."
fi
- name: Run goreleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: "~> v2"
args: >-
release --clean
${{ steps.aur.outputs.has_key != 'true' && '--skip=aurs' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# goreleaser v2 expects a file path for private_key, not inline key content.
# Points to the file written by the "Setup AUR key" step above.
AUR_KEY: /home/runner/.ssh/aur_key
# ── Completion notification ───────────────────────────────────────────────────
notify:
name: Notify
runs-on: ubuntu-latest
needs: goreleaser
if: always()
steps:
- name: Release succeeded
if: needs.goreleaser.result == 'success'
run: |
echo "::notice title=Release publicada::cpp-gen ${{ github.ref_name }} foi publicada com sucesso!"
echo "URL: https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
- name: Release failed
if: needs.goreleaser.result == 'failure'
run: |
echo "::error title=Falha na release::O goreleaser falhou para a tag ${{ github.ref_name }}."
exit 1