Setup release using goreleaser

Author: ringanta

.github/workflows/build.yml

@@ -22,7 +22,13 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version-file: "go.mod"
+          cache: true
       - name: Run tests
         run: make test
       - name: Run build
         run: make build
+      - name: Upload Artifact
+        uses: actions/upload-artifact@master
+        with:
+          name: tflint-ruleset-module-verification-${{ matrix.os }}
+          path: tflint-ruleset-module-verification

.github/workflows/release.yml

@@ -3,31 +3,25 @@ name: release
 on:
   push:
     branches:
-    - '!*'
+      - "!*"
     tags:
-    - v*.*.*
+      - v*.*.*
 
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Set up Go
-      uses: actions/setup-go@v3
-      with:
-        go-version-file: 'go.mod'
-    - name: Import GPG key
-      id: import_gpg
-      uses: crazy-max/ghaction-import-gpg@v5
-      with:
-        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-        passphrase: ${{ secrets.PASSPHRASE }}
-    - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v3
-      with:
-        version: latest
-        args: release --rm-dist
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: "go.mod"
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.goreleaser.yml

@@ -18,8 +18,20 @@ archives:
     format: zip
     files:
       - none*
+changelog:
+  skip: true
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
 signs:
-  - artifacts: checksum
-    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    signature: "${artifact}.keyless.sig"
+    certificate: "${artifact}.pem"
+    output: true
+    artifacts: checksum
+    args:
+      - sign-blob
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"