chore(deps): bump semver from 7.5.0 to 7.5.1 (#417)

Bumps [semver](https://github.com/npm/node-semver) from 7.5.0 to 7.5.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.dockerignore

@@ -1,2 +1,12 @@
 /coverage
-/node_modules
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.gitattributes

@@ -1,2 +1,4 @@
+/.yarn/releases/** binary
+/.yarn/plugins/** binary
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true

.github/workflows/ci.yml

@@ -1,8 +1,13 @@
 name: ci
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
+  workflow_dispatch:
   push:
     branches:
       - 'master'
@@ -10,9 +15,6 @@ on:
     tags:
       - 'v*'
   pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'
 
 jobs:
   ci:
@@ -26,7 +28,7 @@ jobs:
           - windows-latest
         version:
           - latest
-          - '~> 0.182'
+          - '~> 1.15'
         distribution:
           - goreleaser
           - goreleaser-pro
@@ -38,7 +40,7 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.18
       -
@@ -57,7 +59,7 @@ jobs:
         with:
           distribution: ${{ matrix.distribution }}
           version: ${{ matrix.version }}
-          args: release --skip-publish --rm-dist
+          args: release --skip-publish --clean --snapshot
           workdir: ./test
 
   install-only:
@@ -79,7 +81,7 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.18
       -
@@ -114,13 +116,13 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.18
       -
         name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v4
+        uses: crazy-max/ghaction-import-gpg@v5
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
           passphrase: ${{ secrets.PASSPHRASE_TEST }}
@@ -138,7 +140,7 @@ jobs:
         uses: ./
         with:
           version: latest
-          args: -f .goreleaser-signing.yml release --skip-publish --rm-dist
+          args: -f .goreleaser-signing.yml release --skip-publish --clean --snapshot
           workdir: ./test
         env:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
@@ -153,7 +155,7 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.18
       -
@@ -166,7 +168,7 @@ jobs:
         name: GoReleaser
         uses: ./
         with:
-          args: release --skip-publish --rm-dist
+          args: release --skip-publish --clean --snapshot
           workdir: ./test
       -
         name: Upload assets
@@ -175,7 +177,7 @@ jobs:
           name: myapp
           path: ./test/dist/*
 
-  current-tag:
+  dist:
     runs-on: ubuntu-latest
     steps:
       -
@@ -185,14 +187,53 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.18
       -
         name: GoReleaser
         uses: ./
         with:
-          args: release --skip-publish --rm-dist
+          args: release --config .goreleaser-dist.yml --skip-publish --clean --snapshot
           workdir: ./test
-        env:
+      -
-          GORELEASER_CURRENT_TAG: v1.2.3
+        name: Check dist
+        run: |
+          tree -nh ./test/_output
+
+  nightly:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - macOS-latest
+          - windows-latest
+        distribution:
+          - goreleaser-pro
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      -
+        name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.18
+      -
+        name: GoReleaser
+        uses: ./
+        with:
+          install-only: true
+          distribution: ${{ matrix.distribution }}
+          version: nightly
+      -
+        name: Check
+        run: |
+          goreleaser check -f ./test/.goreleaser.yml
+          goreleaser --version
+          goreleaser --version | grep pro-nightly
+

.github/workflows/test.yml

@@ -1,14 +1,15 @@
 name: test
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
   pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'
 
 jobs:
   test:
@@ -19,14 +20,9 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      -
-        name: Validate
-        uses: docker/bake-action@v2
-        with:
-          targets: validate
       -
         name: Test
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v3
         with:
           targets: test
       -

.github/workflows/validate.yml

@@ -0,0 +1,45 @@
+name: validate
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+  pull_request:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.targets.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Targets matrix
+        id: targets
+        run: |
+          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Validate
+        uses: docker/bake-action@v3
+        with:
+          targets: ${{ matrix.target }}

.gitignore

@@ -1,12 +1,5 @@
-/.dev
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
-node_modules/
-lib
 
-# Jetbrains
-/.idea
-/*.iml
-
-# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
 # Dependency directories
+node_modules/
 jspm_packages/
 
-# TypeScript v1 declaration files
-typings/
-
 # TypeScript cache
 *.tsbuildinfo
 
@@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
 
-# parcel-bundler cache (https://parceljs.org/)
+# yarn v2
-.cache
+.yarn/cache
-
+.yarn/unplugged
-# next.js build output
+.yarn/build-state.yml
-.next
+.yarn/install-state.gz
-
+.pnp.*
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/

.prettierignore

@@ -0,0 +1,6 @@
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/

.yarnrc.yml

@@ -0,0 +1,13 @@
+logFilters:
+  - code: YN0013
+    level: discard
+  - code: YN0076
+    level: discard
+
+nodeLinker: node-modules
+
+plugins:
+  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+    spec: "@yarnpkg/plugin-interactive-tools"
+
+yarnPath: .yarn/releases/yarn-3.5.1.cjs

README.md

@@ -5,7 +5,7 @@
   <p align="center">
     <a href="https://github.com/goreleaser/goreleaser-action/releases/latest"><img alt="GitHub release" src="https://img.shields.io/github/release/goreleaser/goreleaser-action.svg?logo=github&style=flat-square"></a>
     <a href="https://github.com/marketplace/actions/goreleaser-action"><img alt="GitHub marketplace" src="https://img.shields.io/badge/marketplace-goreleaser--action-blue?logo=github&style=flat-square"></a>
-    <a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://img.shields.io/github/workflow/status/goreleaser/goreleaser-action/test?label=test&logo=github&style=flat-square"></a>
+    <a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://img.shields.io/github/actions/workflow/status/goreleaser/goreleaser-action/test.yml?label=test&branch=master&logo=github&style=flat-square"></a>
     <a href="https://codecov.io/gh/goreleaser/goreleaser-action"><img alt="Codecov" src="https://img.shields.io/codecov/c/github/goreleaser/goreleaser-action?logo=codecov&style=flat-square"></a>
   </p>
 </p>
@@ -30,6 +30,12 @@ ___
 
 ## Usage
 
+GoReleaser Action runs [goreleaser][], please follow its [docs][gdocs] for
+more information about how to customize what GoReleaser do.
+
+[goreleaser]: https://goreleaser.com/
+[gdocs]: https://goreleaser.com/customization
+
 ### Workflow
 
 ```yaml
@@ -39,26 +45,29 @@ on:
   pull_request:
   push:
 
+permissions:
+  contents: write
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
@@ -83,11 +92,11 @@ Or with a condition on GoReleaser step:
 ```yaml
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
@@ -103,16 +112,16 @@ the [Import GPG](https://github.com/crazy-max/ghaction-import-gpg) GitHub Action
       -
         name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v4
+        uses: crazy-max/ghaction-import-gpg@v5
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
@@ -134,18 +143,19 @@ purpose. You can do that with the [actions/upload-artifact](https://github.com/a
 ```yaml
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
+          workdir: myfolder
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Upload assets
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: myapp
-          path: dist/*
+          path: myfolder/dist/*
 ```
 
 ### Install Only
@@ -154,7 +164,7 @@ purpose. You can do that with the [actions/upload-artifact](https://github.com/a
 steps:
   -
     name: Install GoReleaser
-    uses: goreleaser/goreleaser-action@v2
+    uses: goreleaser/goreleaser-action@v4
     with:
       install-only: true
   -
@@ -182,18 +192,18 @@ Following inputs can be used as `step.with` keys
 
 Following outputs are available
 
-| Name              | Type    | Description                           |
+| Name        | Type | Description            |
-|-------------------|---------|---------------------------------------|
+|-------------|------|------------------------|
-| `artifacts`       | JSON    | Build result artifacts |
+| `artifacts` | JSON | Build result artifacts |
-| `metadata`        | JSON    | Build result metadata |
+| `metadata`  | JSON | Build result metadata  |
 
 ### environment variables
 
 Following environment variables can be used as `step.env` keys
 
-| Name             | Description                           |
+| Name             | Description                                                                                                                                         |
-|------------------|---------------------------------------|
+|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| `GITHUB_TOKEN`   | [GITHUB_TOKEN](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) as provided by `secrets` |
+| `GITHUB_TOKEN`   | [GITHUB_TOKEN](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) as provided by `secrets` and requires `contents:write` |
 | `GORELEASER_KEY` | Your [GoReleaser Pro](https://goreleaser.com/pro) License Key, in case you are using the `goreleaser-pro` distribution                              |
 
 ## Limitation
@@ -208,14 +218,18 @@ secret named `GH_PAT`, the step will look like this:
 ```yaml
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GH_PAT }}
 ```
 
+## Migrating from v3
+
+If you need the auto-snapshot feature, take a look at [this example repository](https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example): it's a minimal working example with all you need.
+
 ## Development
 
 ```

__tests__/context.test.ts

@@ -1,35 +0,0 @@
-import {beforeEach, describe, expect, it, jest} from '@jest/globals';
-import * as os from 'os';
-import * as context from '../src/context';
-
-describe('setOutput', () => {
-  beforeEach(() => {
-    process.stdout.write = jest.fn() as typeof process.stdout.write;
-  });
-
-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput produces the correct command', () => {
-    context.setOutput('some output', 'some value');
-    assertWriteCalls([`::set-output name=some output::some value${os.EOL}`]);
-  });
-
-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput handles bools', () => {
-    context.setOutput('some output', false);
-    assertWriteCalls([`::set-output name=some output::false${os.EOL}`]);
-  });
-
-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput handles numbers', () => {
-    context.setOutput('some output', 1.01);
-    assertWriteCalls([`::set-output name=some output::1.01${os.EOL}`]);
-  });
-});
-
-// Assert that process.stdout.write calls called only with the given arguments.
-function assertWriteCalls(calls: string[]): void {
-  expect(process.stdout.write).toHaveBeenCalledTimes(calls.length);
-  for (let i = 0; i < calls.length; i++) {
-    expect(process.stdout.write).toHaveBeenNthCalledWith(i + 1, calls[i]);
-  }
-}

__tests__/git.test.ts

@@ -1,31 +0,0 @@
-import {describe, expect, it} from '@jest/globals';
-import * as git from '../src/git';
-
-describe('git', () => {
-  it('returns git tag through describe', async () => {
-    process.env.GITHUB_SHA = '309312125ed7a32fcd48f3a1e24dcafe669c186a';
-    const tag: string = await git.getTag();
-    expect(tag).not.toEqual('');
-  });
-
-  it('returns git tag through GITHUB_SHA', async () => {
-    process.env.GITHUB_SHA = '6389ff5bd287fd6948a7ccda8af8da4f0bbc856a';
-    const tag: string = await git.getTag();
-    expect(tag).toEqual('v2.2.1');
-  });
-
-  it('returns git tag through GITHUB_REF', async () => {
-    process.env.GITHUB_REF = 'refs/tags/v2.2.1';
-    const tag: string = await git.getTag();
-    expect(tag).toEqual('v2.2.1');
-  });
-
-  it('checks if tag is dirty', async () => {
-    expect(await git.isTagDirty('v1.3.1')).toBe(true);
-  });
-
-  it('returns short commit', async () => {
-    const commit: string = await git.getShortCommit();
-    expect(commit).not.toEqual('');
-  });
-});

__tests__/github.test.ts

@@ -1,7 +1,7 @@
 import {describe, expect, it} from '@jest/globals';
 import * as github from '../src/github';
 
-describe('github', () => {
+describe('getRelease', () => {
   it('returns latest GoReleaser GitHub release', async () => {
     const release = await github.getRelease('goreleaser', 'latest');
     expect(release).not.toBeNull();
@@ -20,21 +20,39 @@ describe('github', () => {
     expect(release?.tag_name).toEqual('v0.182.1');
   });
 
+  it('unknown GoReleaser release', async () => {
+    await expect(github.getRelease('goreleaser', 'foo')).rejects.toThrow(
+      new Error('Cannot find GoReleaser release foo in https://goreleaser.com/static/releases.json')
+    );
+  });
+
   it('returns latest GoReleaser Pro GitHub release', async () => {
     const release = await github.getRelease('goreleaser-pro', 'latest');
     expect(release).not.toBeNull();
     expect(release?.tag_name).not.toEqual('');
   });
 
-  it('returns v0.182.0-pro GoReleaser Pro GitHub release', async () => {
+  it('returns nightly GoReleaser Pro GitHub release', async () => {
-    const release = await github.getRelease('goreleaser-pro', 'v0.182.0-pro');
+    const release = await github.getRelease('goreleaser-pro', 'nightly');
+    expect(release).not.toBeNull();
+    expect(release?.tag_name).not.toEqual('');
+  });
+
+  it('returns v0.182.0 GoReleaser Pro GitHub release', async () => {
+    const release = await github.getRelease('goreleaser-pro', 'v0.182.0');
     expect(release).not.toBeNull();
     expect(release?.tag_name).toEqual('v0.182.0-pro');
   });
 
-  it('returns v0.182.1-pro GoReleaser Pro GitHub release when using semver', async () => {
+  it('returns v0.182.1 GoReleaser Pro GitHub release', async () => {
     const release = await github.getRelease('goreleaser-pro', '~> 0.182');
     expect(release).not.toBeNull();
     expect(release?.tag_name).toEqual('v0.182.1-pro');
   });
+
+  it('unknown GoReleaser Pro release', async () => {
+    await expect(github.getRelease('goreleaser-pro', 'foo')).rejects.toThrow(
+      new Error('Cannot find GoReleaser release foo-pro in https://goreleaser.com/static/releases-pro.json')
+    );
+  });
 });

dev.Dockerfile

@@ -4,10 +4,12 @@ ARG NODE_VERSION=16
 
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
+RUN yarn config set --home enableTelemetry 0
 WORKDIR /src
 
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn install && mkdir /vendor && cp yarn.lock /vendor
 
@@ -16,18 +18,19 @@ COPY --from=deps /vendor /
 
 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
+  set -e
-git add -A
+  git add -A
-cp -rf /vendor/* .
+  cp -rf /vendor/* .
-if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
-  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
-  git status --porcelain -- yarn.lock
+    git status --porcelain -- yarn.lock
-  exit 1
+    exit 1
-fi
+  fi
 EOT
 
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run build && mkdir /out && cp -Rf dist /out/
 
@@ -36,27 +39,29 @@ COPY --from=build /out /
 
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
+  set -e
-git add -A
+  git add -A
-cp -rf /out/* .
+  cp -rf /out/* .
-if [ -n "$(git status --porcelain -- dist)" ]; then
+  if [ -n "$(git status --porcelain -- dist)" ]; then
-  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
-  git status --porcelain -- dist
+    git status --porcelain -- dist
-  exit 1
+    exit 1
-fi
+  fi
 EOT
 
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 
 FROM scratch AS format-update
 COPY --from=format /out /
 
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run lint
 
@@ -64,6 +69,7 @@ FROM deps AS test
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run test --coverageDirectory=/tmp/coverage
 

dist/licenses.txt

@@ -236,6 +236,25 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
+lru-cache
+ISC
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
 require-directory
 MIT
 The MIT License (MIT)
@@ -336,25 +355,13 @@ uuid
 MIT
 The MIT License (MIT)
 
-Copyright (c) 2010-2016 Robert Kieffer and other contributors
+Copyright (c) 2010-2020 Robert Kieffer and other contributors
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
 
 
 wrap-ansi
@@ -387,6 +394,25 @@ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 
 
+yallist
+ISC
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
 yargs
 MIT
 MIT License

docker-bake.hcl

@@ -3,7 +3,7 @@ group "default" {
 }
 
 group "pre-checkin" {
-  targets = ["vendor-update", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }
 
 group "validate" {
@@ -34,7 +34,7 @@ target "lint" {
   output = ["type=cacheonly"]
 }
 
-target "vendor-update" {
+target "vendor" {
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]

package.json

@@ -1,13 +1,12 @@
 {
   "name": "goreleaser-action",
   "description": "GitHub Action for GoReleaser, a release automation tool for Go projects",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
   "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
+    "build": "ncc build --source-map --minify --license licenses.txt",
     "lint": "eslint src/**/*.ts __tests__/**/*.ts",
     "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
-    "test": "jest --coverage",
+    "test": "jest --coverage"
-    "all": "yarn run build && yarn run format && yarn test"
   },
   "repository": {
     "type": "git",
@@ -20,29 +19,31 @@
   ],
   "author": "CrazyMax",
   "license": "MIT",
+  "packageManager": "yarn@3.5.1",
   "dependencies": {
-    "@actions/core": "^1.6.0",
+    "@actions/core": "^1.10.0",
     "@actions/exec": "^1.1.1",
-    "@actions/http-client": "^2.0.1",
+    "@actions/http-client": "^2.1.0",
     "@actions/tool-cache": "^2.0.1",
     "js-yaml": "^4.1.0",
-    "yargs": "^17.5.1"
+    "semver": "^7.5.1",
+    "yargs": "^17.7.2"
   },
   "devDependencies": {
-    "@types/node": "^16.11.26",
+    "@types/node": "^16.18.26",
-    "@typescript-eslint/eslint-plugin": "^5.14.0",
+    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^5.14.0",
+    "@typescript-eslint/parser": "^5.59.2",
-    "@vercel/ncc": "^0.33.3",
+    "@vercel/ncc": "^0.36.1",
-    "dotenv": "^16.0.0",
+    "dotenv": "^16.0.3",
-    "eslint": "^8.11.0",
+    "eslint": "^8.40.0",
-    "eslint-config-prettier": "^8.5.0",
+    "eslint-config-prettier": "^8.8.0",
-    "eslint-plugin-jest": "^26.1.1",
+    "eslint-plugin-jest": "^27.2.1",
-    "eslint-plugin-prettier": "^4.0.0",
+    "eslint-plugin-prettier": "^4.2.1",
-    "jest": "^27.2.5",
+    "jest": "^29.5.0",
-    "prettier": "^2.3.1",
+    "prettier": "^2.8.8",
     "tmp": "^0.2.1",
-    "ts-jest": "^27.1.2",
+    "ts-jest": "^29.1.0",
-    "ts-node": "^10.7.0",
+    "ts-node": "^10.9.1",
-    "typescript": "^4.4.4"
+    "typescript": "^4.9.5"
   }
 }

src/context.ts

@@ -1,6 +1,5 @@
 import * as os from 'os';
 import * as core from '@actions/core';
-import {issueCommand} from '@actions/core/lib/command';
 
 export const osPlat: string = os.platform();
 export const osArch: string = os.arch();
@@ -16,14 +15,9 @@ export interface Inputs {
 export async function getInputs(): Promise<Inputs> {
   return {
     distribution: core.getInput('distribution') || 'goreleaser',
-    version: core.getInput('version'),
+    version: core.getInput('version') || 'latest',
     args: core.getInput('args'),
     workdir: core.getInput('workdir') || '.',
     installOnly: core.getBooleanInput('install-only')
   };
 }
-
-// FIXME: Temp fix https://github.com/actions/toolkit/issues/777
-export function setOutput(name: string, value: unknown): void {
-  issueCommand('set-output', {name}, value);
-}

src/git.ts

@@ -1,49 +0,0 @@
-import * as exec from '@actions/exec';
-
-const git = async (args: string[] = []): Promise<string> => {
-  return await exec
-    .getExecOutput(`git`, args, {
-      ignoreReturnCode: true,
-      silent: true
-    })
-    .then(res => {
-      if (res.stderr.length > 0 && res.exitCode != 0) {
-        throw new Error(res.stderr);
-      }
-      return res.stdout.trim();
-    });
-};
-
-export async function getTag(): Promise<string> {
-  try {
-    if ((process.env.GITHUB_REF || '').startsWith('refs/tags')) {
-      const tag = (process.env.GITHUB_REF || '').split('/').pop();
-      if (tag !== '' && tag !== undefined) {
-        return tag;
-      }
-    }
-    return await git(['tag', '--points-at', `${process.env.GITHUB_SHA}`, '--sort', '-version:creatordate']).then(
-      tags => {
-        if (tags.length == 0) {
-          return git(['describe', '--tags', '--abbrev=0']);
-        }
-        return tags.split('\n')[0];
-      }
-    );
-  } catch (err) {
-    return '';
-  }
-}
-
-export async function isTagDirty(currentTag: string): Promise<boolean> {
-  try {
-    await git(['describe', '--exact-match', '--tags', '--match', currentTag]);
-  } catch (err) {
-    return true;
-  }
-  return false;
-}
-
-export async function getShortCommit(): Promise<string> {
-  return await git(['show', "--format='%h'", 'HEAD', '--quiet']);
-}

src/github.ts

@@ -4,28 +4,60 @@ import * as core from '@actions/core';
 import * as httpm from '@actions/http-client';
 
 export interface GitHubRelease {
-  id: number;
   tag_name: string;
 }
 
-export const getRelease = async (distribution: string, version: string): Promise<GitHubRelease | null> => {
+export const getRelease = async (distribution: string, version: string): Promise<GitHubRelease> => {
-  const resolvedVersion: string = (await resolveVersion(distribution, version)) || version;
+  if (version === 'latest') {
-  const url = `https://github.com/goreleaser/${distribution}/releases/${resolvedVersion}`;
+    return getLatestRelease(distribution);
+  }
+  return getReleaseTag(distribution, version);
+};
+
+export const getReleaseTag = async (distribution: string, version: string): Promise<GitHubRelease> => {
+  if (distribution === 'goreleaser-pro' && version === 'nightly') {
+    return {tag_name: version};
+  }
+  const tag: string = (await resolveVersion(distribution, version)) || version;
+  const suffix: string = goreleaser.distribSuffix(distribution);
+  const url = `https://goreleaser.com/static/releases${suffix}.json`;
   const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
-  return (await http.getJson<GitHubRelease>(url)).result;
+  const resp: httpm.HttpClientResponse = await http.get(url);
+  const body = await resp.readBody();
+  const statusCode = resp.message.statusCode || 500;
+  if (statusCode >= 400) {
+    throw new Error(
+      `Failed to get GoReleaser release ${version}${suffix} from ${url} with status code ${statusCode}: ${body}`
+    );
+  }
+  const releases = <Array<GitHubRelease>>JSON.parse(body);
+  const res = releases.filter(r => r.tag_name === tag).shift();
+  if (res) {
+    return res;
+  }
+  throw new Error(`Cannot find GoReleaser release ${version}${suffix} in ${url}`);
+};
+
+export const getLatestRelease = async (distribution: string): Promise<GitHubRelease> => {
+  const suffix: string = goreleaser.distribSuffix(distribution);
+  const url = `https://goreleaser.com/static/latest${suffix}`;
+  const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
+  const resp: httpm.HttpClientResponse = await http.get(url);
+  const body = await resp.readBody();
+  const statusCode = resp.message.statusCode || 500;
+  if (statusCode >= 400) {
+    throw new Error(`Failed to get GoReleaser release latest from ${url} with status code ${statusCode}: ${body}`);
+  }
+  return {tag_name: body};
 };
 
 const resolveVersion = async (distribution: string, version: string): Promise<string | null> => {
   const allTags: Array<string> | null = await getAllTags(distribution);
   if (!allTags) {
-    throw new Error(`Cannot find GoReleaser tags`);
+    throw new Error(`Cannot download ${distribution} tags`);
   }
   core.debug(`Found ${allTags.length} tags in total`);
 
-  if (version === 'latest' || !goreleaser.isPro(distribution)) {
-    return semver.maxSatisfying(allTags, version);
-  }
-
   const cleanTags: Array<string> = allTags.map(tag => cleanTag(tag));
   const cleanVersion: string = cleanTag(version);
   return semver.maxSatisfying(cleanTags, cleanVersion) + goreleaser.distribSuffix(distribution);
@@ -39,6 +71,7 @@ const getAllTags = async (distribution: string): Promise<Array<string>> => {
   const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
   const suffix: string = goreleaser.distribSuffix(distribution);
   const url = `https://goreleaser.com/static/releases${suffix}.json`;
+  core.debug(`Downloading ${url}`);
   const getTags = http.getJson<Array<GitHubTag>>(url);
   return getTags.then(response => {
     if (response.result == null) {

src/goreleaser.ts

@@ -8,11 +8,7 @@ import * as core from '@actions/core';
 import * as tc from '@actions/tool-cache';
 
 export async function install(distribution: string, version: string): Promise<string> {
-  const release: github.GitHubRelease | null = await github.getRelease(distribution, version);
+  const release: github.GitHubRelease = await github.getRelease(distribution, version);
-  if (!release) {
-    throw new Error(`Cannot find GoReleaser ${version} release`);
-  }
-
   const filename = getFilename(distribution);
   const downloadUrl = util.format(
     'https://github.com/goreleaser/%s/releases/download/%s/%s',
@@ -28,7 +24,13 @@ export async function install(distribution: string, version: string): Promise<st
   core.info('Extracting GoReleaser');
   let extPath: string;
   if (context.osPlat == 'win32') {
-    extPath = await tc.extractZip(downloadPath);
+    if (!downloadPath.endsWith('.zip')) {
+      const newPath = downloadPath + '.zip';
+      fs.renameSync(downloadPath, newPath);
+      extPath = await tc.extractZip(newPath);
+    } else {
+      extPath = await tc.extractZip(downloadPath);
+    }
   } else {
     extPath = await tc.extractTar(downloadPath);
   }
@@ -63,6 +65,7 @@ const getFilename = (distribution: string): string => {
       break;
     }
     case 'arm': {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       const arm_version = (process.config.variables as any).arm_version;
       arch = arm_version ? 'armv' + arm_version : 'arm';
       break;
@@ -82,7 +85,7 @@ const getFilename = (distribution: string): string => {
 };
 
 export async function getDistPath(yamlfile: string): Promise<string> {
-  const cfg = yaml.load(yamlfile);
+  const cfg = yaml.load(fs.readFileSync(yamlfile, 'utf8'));
   return cfg.dist || 'dist';
 }
 

src/main.ts

@@ -2,7 +2,6 @@ import * as fs from 'fs';
 import * as path from 'path';
 import yargs from 'yargs';
 import * as context from './context';
-import * as git from './git';
 import * as goreleaser from './goreleaser';
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
@@ -28,12 +27,8 @@ async function run(): Promise<void> {
       process.chdir(inputs.workdir);
     }
 
-    const commit = await git.getShortCommit();
-    const tag = await git.getTag();
-    const isTagDirty = await git.isTagDirty(tag);
-
     let yamlfile: string | unknown;
-    const argv = yargs.parse(inputs.args);
+    const argv: {config: string} = yargs.parse(inputs.args) as never;
     if (argv.config) {
       yamlfile = argv.config;
     } else {
@@ -44,39 +39,21 @@ async function run(): Promise<void> {
       });
     }
 
-    let snapshot = '';
+    await exec.exec(`${bin} ${inputs.args}`);
-    if (inputs.args.split(' ').indexOf('release') > -1) {
-      if (isTagDirty) {
-        if (!inputs.args.includes('--snapshot') && !inputs.args.includes('--nightly')) {
-          core.info(`No tag found for commit ${commit}. Snapshot forced`);
-          snapshot = ' --snapshot';
-        }
-      } else {
-        core.info(`${tag} tag found for commit ${commit}`);
-      }
-    }
-
-    await exec.exec(`${bin} ${inputs.args}${snapshot}`, undefined, {
-      env: Object.assign({}, process.env, {
-        GORELEASER_CURRENT_TAG: process.env.GORELEASER_CURRENT_TAG || tag || ''
-      }) as {
-        [key: string]: string;
-      }
-    });
 
     if (typeof yamlfile === 'string') {
       const artifacts = await goreleaser.getArtifacts(await goreleaser.getDistPath(yamlfile));
       if (artifacts) {
         await core.group(`Artifacts output`, async () => {
           core.info(artifacts);
-          context.setOutput('artifacts', artifacts);
+          core.setOutput('artifacts', artifacts);
         });
       }
       const metadata = await goreleaser.getMetadata(await goreleaser.getDistPath(yamlfile));
       if (metadata) {
         await core.group(`Metadata output`, async () => {
           core.info(metadata);
-          context.setOutput('metadata', metadata);
+          core.setOutput('metadata', metadata);
         });
       }
     }

test/.goreleaser-dist.yml

@@ -0,0 +1,18 @@
+env:
+  - GO111MODULE=on
+
+before:
+  hooks:
+    - go mod download
+
+builds:
+  -
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+    goarch:
+      - amd64
+
+dist: _output

test/.goreleaser-signing.yml

@@ -14,14 +14,11 @@ builds:
       - linux
       - windows
     goarch:
-      - 386
+      - "386"
-      - amd64
+      - "amd64"
 
 archives:
   -
-    replacements:
-      386: i386
-      amd64: x86_64
     format_overrides:
       - goos: windows
         format: zip

test/.goreleaser.yml

@@ -14,14 +14,11 @@ builds:
       - linux
       - windows
     goarch:
-      - 386
+      - "386"
-      - amd64
+      - "amd64"
 
 archives:
   -
-    replacements:
-      386: i386
-      amd64: x86_64
     format_overrides:
       - goos: windows
         format: zip