1010 - " bugbash-*"
1111
1212 workflow_dispatch :
13+ inputs :
14+ tag :
15+ description : " Tag to build (e.g. v1.2.3). Leave empty for a snapshot build of the current ref."
16+ type : string
17+ required : false
18+ publish :
19+ description : " Publish release artifacts to the GitHub release."
20+ type : boolean
21+ default : false
1322
1423jobs :
1524 cli :
@@ -22,17 +31,30 @@ jobs:
2231
2332 permissions :
2433 id-token : write
25- contents : read
34+ contents : write
2635
2736 steps :
2837 - name : Checkout repository
2938 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3039 with :
3140 fetch-depth : 0
3241 fetch-tags : true
42+ ref : ${{ inputs.tag || github.ref }}
43+
44+ # Check out the workflow's own ref into a side directory so local
45+ # composite actions (e.g. setup-jfrog) and the goreleaser config are
46+ # available even when the built ref is an older tag that predates them.
47+ - name : Checkout workflow ref for local actions
48+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
49+ with :
50+ ref : ${{ github.sha }}
51+ path : .workflow-actions
52+ sparse-checkout : |
53+ .github
54+ .goreleaser.yaml
3355
3456name : Setup JFrog
35- uses : ./.github/actions/setup-jfrog
57+ uses : ./.workflow-actions/. github/actions/setup-jfrog
3658
3759 - name : Setup Go
3860 uses : actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
@@ -73,12 +95,24 @@ jobs:
7395name : Hide snapshot tag to outsmart GoReleaser
7496 run : git tag -d snapshot || true
7597
98+ # Overlay scripts from the workflow ref so goreleaser hooks resolve
99+ # correctly even when building an older tag that predates them.
100+ # Register both injected paths in .git/info/exclude so goreleaser's
101+ # dirty-state check does not flag them as untracked files.
102+ - name : Sync workflow scripts to working directory
103+ run : |
104+ mkdir -p .github/scripts
105+ cp -r .workflow-actions/.github/scripts/. .github/scripts/
106+ printf '.workflow-actions/\n.github/scripts/\n' >> .git/info/exclude
107+
76108# Use --snapshot for branch builds (non-tag refs).
77109 - name : Run GoReleaser
78110 uses : goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
79111 with :
80112 version : v2.14.3
81- args : release --skip=publish ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }}
113+ args : release ${{ !inputs.publish && '--skip=publish' || '' }} --config .workflow-actions/.goreleaser.yaml --skip=docker ${{ (!startsWith(github.ref, 'refs/tags/') && !inputs.tag) && '--snapshot' || '' }}
114+ env :
115+ GITHUB_TOKEN : ${{ github.token }}
82116
83117 - name : Verify Windows binary signatures
84118 run : |
@@ -106,17 +140,30 @@ jobs:
106140
107141 permissions :
108142 id-token : write
109- contents : read
143+ contents : write
110144
111145 steps :
112146 - name : Checkout repository
113147 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
114148 with :
115149 fetch-depth : 0
116150 fetch-tags : true
151+ ref : ${{ inputs.tag || github.ref }}
152+
153+ # Check out the workflow's own ref into a side directory so local
154+ # composite actions (e.g. setup-jfrog) and the goreleaser config are
155+ # available even when the built ref is an older tag that predates them.
156+ - name : Checkout workflow ref for local actions
157+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
158+ with :
159+ ref : ${{ github.sha }}
160+ path : .workflow-actions
161+ sparse-checkout : |
162+ .github
163+ .goreleaser.yaml
117164
118165name : Setup JFrog
119- uses : ./.github/actions/setup-jfrog
166+ uses : ./.workflow-actions/. github/actions/setup-jfrog
120167
121168 - name : Install uv
122169 uses : astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
0 commit comments