From e0db041e936e82b69d9d09c7812461dcede82ca8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?=
 =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= <yuaotian1998@163.com>
Date: Mon, 30 Dec 2024 18:10:00 +0800
Subject: [PATCH] chore: enhance GoReleaser configuration and GitHub Actions
 workflows for GPG signing

- Added GPG signing configuration to .goreleaser.yml to support artifact signing.
- Updated auto-tag.yml and release.yml to include necessary secrets for GPG signing, enhancing security and functionality.
- Ensured that GPG keys and passphrase are conditionally utilized in the release process.
---
 .github/workflows/auto-tag.yml | 5 ++++-
 .github/workflows/release.yml  | 9 ++++++++-
 .goreleaser.yml                | 9 +++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml
index 2a2d2da..409c8ca 100644
--- a/.github/workflows/auto-tag.yml
+++ b/.github/workflows/auto-tag.yml
@@ -51,4 +51,7 @@ jobs:
     needs: auto-tag
     uses: ./.github/workflows/release.yml
     permissions: write-all
-    secrets: inherit
+    secrets:
+      RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      PASSPHRASE: ${{ secrets.PASSPHRASE }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4192cb1..a897c05 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,6 +2,13 @@ name: Release
 
 on:
   workflow_call:
+    secrets:
+      RELEASE_TOKEN:
+        required: true
+      GPG_PRIVATE_KEY:
+        required: false
+      PASSPHRASE:
+        required: false
   push:
     tags:
       - "v*"
@@ -38,7 +45,7 @@ jobs:
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
-        if: ${{ env.GPG_PRIVATE_KEY != '' }}
+        if: ${{ secrets.GPG_PRIVATE_KEY != '' }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 791cd44..690aaf4 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -95,3 +95,12 @@ release:
 
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
+
+signs:
+  - cmd: gpg
+    args:
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+    artifacts: checksum