1---
2name: "Release"
3on:
4 workflow_dispatch:
5 pull_request_target:
6 types: [closed]
7 branches:
8 - main
9jobs:
10 release:
11 permissions:
12 contents: write # Create release and push tags
13 pull-requests: read # Read PR labels for release-drafter
14 packages: write # Push container image to ghcr.io
15 id-token: write # Federate for artifact attestation
16 attestations: write # Generate build provenance attestations
17 discussions: write # Create release announcement discussion
18 uses: github-community-projects/ospo-reusable-workflows/.github/workflows/release.yaml@6d7a83e6fc8275128984b0ed3defa4b8cdc40f85 # v1.1.0
19 with:
20 publish: true
21 release-config-name: release-drafter.yml
22 secrets:
23 github-token: ${{ secrets.GITHUB_TOKEN }}
24 publish-cue:
25 needs: release
26 if: needs.release.outputs.full-tag != ''
27 runs-on: ubuntu-latest
28 permissions:
29 contents: read
30 steps:
31 - name: Checkout
32 uses: actions/checkout@v6.0.2
33 with:
34 fetch-depth: 0
35 persist-credentials: false
36 - name: Setup Cue
37 uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
38 with:
39 version: "v0.15.1"
40 - name: Login to Central Registry
41 run: cue login --token=${{ secrets.CUE_REG_TOKEN }}
42 - name: Publish the module
43 run: cue mod publish ${{ needs.release.outputs.full-tag }}