chore: downgrade action versions in GitHub workflows for compatibility

- Changed checkout action from v4 to v3 in both auto-tag.yml and release.yml for consistency.
- Downgraded setup-go action from v5 to v4 and goreleaser action from v5 to v4 to ensure compatibility with existing configurations.
- Removed explicit secrets definitions in auto-tag.yml, allowing the workflow to inherit secrets for improved security.

.github/workflows/auto-tag.yml

@@ -18,7 +18,7 @@ jobs:
     outputs:
       new_tag: ${{ steps.get_latest_tag.outputs.version }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
@@ -51,9 +51,6 @@ jobs:
     needs: auto-tag
     if: success()
     uses: ./.github/workflows/release.yml
+    secrets: inherit
     with:
       gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-    secrets:
-      RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-      PASSPHRASE: ${{ secrets.PASSPHRASE }}

.github/workflows/release.yml

@@ -25,28 +25,28 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
           lfs: true
           submodules: recursive
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v4
         with:
           go-version: "1.21"
           cache: true
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@v5
         if: inputs.gpg_private_key != ''
         with:
           gpg_private_key: ${{ inputs.gpg_private_key }}
           passphrase: ${{ secrets.PASSPHRASE }}
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser
           version: latest