diff --git a/.github/workflows/publish-go-module.yml b/.github/workflows/publish-go-module.yml new file mode 100644 index 0000000000..dc1fafec3b --- /dev/null +++ b/.github/workflows/publish-go-module.yml @@ -0,0 +1,40 @@ +# Workflow to publish Fleet's go module github.com/fleetdm/fleet/v4 on every release. +# It follows the instructions defined in https://go.dev/doc/modules/publishing. +# +# The workflow will be triggered when tagging v4.XX.YY +# (which is performed on every release). +name: Publish go module + +on: + push: + tags: + - "v4.*" + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + +permissions: + contents: read + +jobs: + publish-go-module-list: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version-file: 'go.mod' + + - name: Publish go module + run: | + GOPROXY=proxy.golang.org go list -m github.com/fleetdm/fleet/v4@${{ github.ref_name }} \ No newline at end of file diff --git a/tools/release/publish_release.sh b/tools/release/publish_release.sh index 9933448818..691bd09f76 100755 --- a/tools/release/publish_release.sh +++ b/tools/release/publish_release.sh @@ -501,6 +501,10 @@ tag() { git tag $next_tag git push origin $next_tag + # The v4.XX.YY tag is used for publishing Fleet's Go module (https://go.dev/doc/modules/publishing). + git tag $next_ver + git push origin $next_ver + # This lets us wait for github actions to trigger # we are specifically waiting for goreleaser to start # off the `tag` branch ie: fleet-v4.47.2 to watch until it completes