--- name: "Release" on: workflow_dispatch: pull_request_target: types: [closed] branches: - main jobs: release: permissions: contents: write # Create release and push tags pull-requests: read # Read PR labels for release-drafter packages: write # Push container image to ghcr.io id-token: write # Federate for artifact attestation attestations: write # Generate build provenance attestations discussions: write # Create release announcement discussion uses: github-community-projects/ospo-reusable-workflows/.github/workflows/release.yaml@6d7a83e6fc8275128984b0ed3defa4b8cdc40f85 # v1.1.0 with: publish: true release-config-name: release-drafter.yml secrets: github-token: ${{ secrets.GITHUB_TOKEN }} publish-cue: needs: release if: needs.release.outputs.full-tag != '' runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout uses: actions/checkout@v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Setup Cue uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1 with: version: "v0.15.1" - name: Login to Central Registry run: cue login --token=${{ secrets.CUE_REG_TOKEN }} - name: Publish the module run: cue mod publish ${{ needs.release.outputs.full-tag }}