chore: update GitHub Actions workflows for improved error handling and version validation

- Downgraded actions in both auto-tag.yml and release.yml to v3 and v4 respectively for compatibility.
- Enhanced error handling in the auto-tag workflow by adding checks for git fetch failures and validating version format.
- Introduced additional validation for version numbers to ensure they remain within acceptable ranges.
- Added a verification step in the release workflow to confirm Go installation, improving reliability.

.github/workflows/auto-tag.yml

@@ -15,18 +15,22 @@ permissions: write-all
 jobs:
   auto-tag:
     runs-on: ubuntu-22.04
+    timeout-minutes: 10
     outputs:
       version: ${{ steps.get_latest_tag.outputs.version }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: Get latest tag
         id: get_latest_tag
         run: |
-          set -e
+          set -euo pipefail
-          git fetch --tags || exit 1
+          git fetch --tags --force || {
+            echo "::error::Failed to fetch tags"
+            exit 1
+          }
           latest_tag=$(git tag -l 'v*' --sort=-v:refname | head -n 1)
           if [ -z "$latest_tag" ]; then
             new_version="v0.1.0"
@@ -42,12 +46,20 @@ jobs:
 
       - name: Validate version
         run: |
+          set -euo pipefail
           new_tag="${{ steps.get_latest_tag.outputs.version }}"
           echo "Validating version: $new_tag"
           if [[ ! $new_tag =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "::error::Invalid version format: $new_tag"
             exit 1
           fi
+          major=$(echo $new_tag | cut -d. -f1 | tr -d 'v')
+          minor=$(echo $new_tag | cut -d. -f2)
+          patch=$(echo $new_tag | cut -d. -f3)
+          if [[ $major -gt 99 || $minor -gt 99 || $patch -gt 999 ]]; then
+            echo "::error::Version numbers out of valid range"
+            exit 1
+          fi
           echo "Version validation passed"
 
       - name: Create new tag

.github/workflows/release.yml

@@ -27,23 +27,24 @@ jobs:
   goreleaser:
     environment: production
     runs-on: ubuntu-22.04
+    timeout-minutes: 15
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
           lfs: true
           submodules: recursive
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v4
         with:
           go-version: "1.21"
           cache: true
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@v5
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
@@ -52,8 +53,15 @@ jobs:
           git_commit_gpgsign: true
           git_tag_gpgsign: true
 
+      - name: Verify Go installation
+        run: |
+          go version || {
+            echo "::error::Go installation failed"
+            exit 1
+          }
+
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser
           version: latest
@@ -62,5 +70,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           VERSION: ${{ inputs.version }}
+        continue-on-error: false
 
     if: github.event_name == 'workflow_call' || startsWith(github.ref, 'refs/tags/v')