terraform-provider-hashicups/.github/workflows/release.yml

# Terraform Provider release workflow.
name: Release

# This GitHub action creates a release when a tag that matches the pattern
# "v*" (e.g. v0.1.0) is created.
on:
  push:
    tags:
      - 'v*'

# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
permissions:
  contents: write

# Default values to simplify job configurations below.
env:
  # Go language version to use for building. This value should also be updated
  # in the testing workflow if changed.
  GO_VERSION: '1.17'

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          # Allow goreleaser to access older tag information.
          fetch-depth: 0
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}
      # This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your 
      # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
      # secret. If you would rather own your own GPG handling, please fork this action
      # or use an alternative one for key handling.
      - name: Import GPG key
        id: import_gpg
        uses: hashicorp/ghaction-import-gpg@v2.1.0
        env:
          # These secrets will need to be configured for the repository:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.PASSPHRASE }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2.8.1
        with:
          args: release --rm-dist
        env:
          # GitHub sets the GITHUB_TOKEN secret automatically.
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}