Automated release creation workflow using GoReleaser. Builds multi-platform binaries, creates GitHub releases with changelogs, and optionally publishes Docker images and updates Homebrew formulas.
- GoReleaser integration (supports both OSS and Pro)
- Multi-platform binary builds (Linux, macOS, Windows, ARM)
- GitHub release creation with changelogs
- Optional Docker multi-arch image builds
- Optional Homebrew formula updates
- Configurable test execution before release
- Release notifications
- Support for custom GoReleaser configurations
name: Release
on:
push:
tags:
- 'v*.*.*'
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0name: Release
on:
push:
tags:
- 'v*.*.*'
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
enable_docker: true
docker_registry: 'ghcr.io'
docker_platforms: 'linux/amd64,linux/arm64'
secrets: inheritNote: Requires
DOCKER_USERNAMEandDOCKER_PASSWORDsecrets in repository.
name: Release
on:
push:
tags:
- 'v*.*.*'
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
enable_homebrew: true
homebrew_tap_repo: 'myorg/homebrew-tap'
secrets: inheritNote: Requires
TAP_GITHUB_TOKENsecret with write access to tap repository.
name: Release
on:
push:
tags:
- 'v*.*.*'
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
go_version: '1.23'
goreleaser_distribution: 'goreleaser'
goreleaser_version: 'latest'
run_tests_before_release: true
enable_docker: true
docker_registry: 'ghcr.io'
docker_platforms: 'linux/amd64,linux/arm64,linux/arm/v7'
enable_homebrew: true
homebrew_tap_repo: 'myorg/homebrew-tap'
enable_notifications: true
secrets: inherit| Input | Description | Required | Default |
|---|---|---|---|
runner_type |
GitHub runner type to use | No | ubuntu-latest |
go_version |
Go version for release builds | No | 1.23 |
goreleaser_distribution |
GoReleaser distribution (goreleaser or goreleaser-pro) | No | goreleaser |
goreleaser_version |
GoReleaser version | No | latest |
goreleaser_args |
Additional GoReleaser arguments | No | release --clean |
run_tests_before_release |
Run tests before release | No | true |
test_cmd |
Test command to execute | No | go test -v ./... |
enable_homebrew |
Enable Homebrew formula update | No | false |
homebrew_tap_repo |
Homebrew tap repository (owner/repo) | No | '' |
enable_docker |
Enable Docker image build and push | No | false |
docker_registry |
Docker registry URL | No | ghcr.io |
docker_platforms |
Docker platforms (comma-separated) | No | linux/amd64,linux/arm64 |
docker_tags |
Docker image tags configuration | No | Semver + latest |
enable_notifications |
Enable release notifications | No | false |
enable_cosign_sign |
Sign Docker images with cosign keyless (OIDC) signing. Requires id-token: write in caller |
No | true |
| Secret | Description | Required |
|---|---|---|
github_token |
GitHub token for releases | No (defaults to GITHUB_TOKEN) |
tap_github_token |
Token for Homebrew tap updates | No (required if enable_homebrew is true) |
docker_username |
Docker registry username | No (defaults to github.actor if using GHCR) |
docker_password |
Docker registry password/token | No (defaults to GITHUB_TOKEN if using GHCR) |
goreleaser_key |
GoReleaser Pro license key | No (only for goreleaser-pro) |
Main release job that runs GoReleaser.
Updates Homebrew formula in tap repository.
Builds and pushes multi-architecture Docker images.
Sends release notifications.
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
goreleaser_distribution: 'goreleaser-pro'
secrets: inheritNote: Requires
GORELEASER_KEYsecret with your GoReleaser Pro license.
jobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
run_tests_before_release: falseWhen Docker is enabled, container images are signed by default using Sigstore cosign with keyless (OIDC) signing.
Callers must grant id-token: write for signing to work:
permissions:
contents: write
packages: write
id-token: write # required for cosign keyless signingjobs:
release:
uses: LerianStudio/github-actions-shared-workflows/.github/workflows/go-release.yml@v1.0.0
with:
enable_docker: true
enable_cosign_sign: false
secrets: inheritcosign verify \
--certificate-identity-regexp="^https://github\.com/LerianStudio/.+/.github/workflows/.+@refs/(heads|tags)/.+$" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/myorg/my-app@sha256:abc123...- Create tag:
git tag v1.0.0 && git push --tags - Workflow triggers: On tag push matching
v*.*.* - Tests run: (if enabled) Verify everything works
- GoReleaser builds: Creates binaries for all platforms
- GitHub release: Created with changelog and downloads
- Docker images: (if enabled) Published to registry
- Homebrew formula: (if enabled) Updated in tap repo
- Notification: (if enabled) Summary of release status
- Test GoReleaser locally:
goreleaser release --snapshot --clean - Pin workflow version: Use
@v1.0.0instead of@v1.0.0 - CHANGELOG: GoReleaser generates from commits and PRs
- Draft releases: Use GoReleaser's
draft: truefor manual approval - Custom builds: Configure
.goreleaser.ymlfor your needs
- Go CI - Continuous integration testing
- Go Security - Security scanning
Last Updated: 2025-11-22 Version: 1.0.0