2026-05-17 08:00:33 +00:00
48 changed files with 35405 additions and 7612 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,12 +0,0 @@
 /coverage
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/cache
 .yarn/unplugged
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
--- a/.eslintignore
+++ b/.eslintignore
@ -1,3 +0,0 @@
 /dist/**
 /coverage/**
 /node_modules/**
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -1,24 +0,0 @@
 {
  "env": {
    "node": true,
    "es6": true,
    "jest": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/eslint-recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": "latest",
    "sourceType": "module"
  },
  "plugins": [
    "@typescript-eslint",
    "jest",
    "prettier"
  ]
 }
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +1,2 @@
-/dist/** linguist-generated=true -diff
+/dist/** linguist-generated=true
-/lib/** linguist-generated=true -diff
+/lib/** linguist-generated=true
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,3 +1,2 @@
-github: [crazy-max, caarlos0]
+github: crazy-max
-open_collective: goreleaser
+custom: https://www.paypal.me/crazyws
 custom: ["https://goreleaser.com/pro"]
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,30 +0,0 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: monthly
    labels:
      - "dependencies"
    commit-message:
      prefix: "ci"
      include: "scope"
    groups:
      actions:
        patterns:
          - "*"
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: monthly
    allow:
      - dependency-type: "production"
    labels:
      - "dependencies"
    commit-message:
      prefix: "chore"
      include: "scope"
    groups:
      npm:
        patterns:
          - "*"
--- a/.github/goreleaser-action.png
+++ b/.github/goreleaser-action.png
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -0,0 +1,49 @@
 name: ci
 on:
  pull_request:
    branches:
      - master
      - releases/*
  push:
    branches:
      - master
      - releases/*
 jobs:
  ci:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - macOS-latest
          - windows-latest
        version:
          - latest
          - v0.117.0
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Unshallow
        run: git fetch --prune --unshallow
      -
        name: Set up Go
        uses: actions/setup-go@v1
        with:
          go-version: 1.13.x
      -
        name: Check
        uses: ./
        with:
          version: ${{ matrix.version }}
          args: check --debug
      -
        name: GoReleaser
        uses: ./
        with:
          version: ${{ matrix.version }}
          args: release --skip-publish --rm-dist
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,225 +0,0 @@
 name: ci
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: read
 on:
  schedule:
    - cron: '0 10 * * *'
  workflow_dispatch:
  push:
    branches:
      - 'master'
      - 'releases/v*'
    tags:
      - 'v*'
  pull_request:
 jobs:
  ci:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - macos-latest
          - windows-latest
        version:
          - latest
          - '~> 2.13'
        distribution:
          - goreleaser
          - goreleaser-pro
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: stable
      - name: Check
        uses: ./
        with:
          version: ${{ matrix.version }}
          args: check --verbose
          workdir: ./test
      - name: GoReleaser
        if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
        uses: ./
        env:
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
        with:
          distribution: ${{ matrix.distribution }}
          version: ${{ matrix.version }}
          args: release --skip=publish --clean --snapshot
          workdir: ./test
  install-only:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        version:
          - latest
          - '~> 2.13'
        distribution:
          - goreleaser
          - goreleaser-pro
        cosign:
          - true
          - false
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.18
      - name: Install cosign
        if: matrix.cosign
        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
      - name: GoReleaser
        if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
        uses: ./
        with:
          distribution: ${{ matrix.distribution }}
          version: ${{ matrix.version }}
          install-only: true
      - name: Check
        if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
        run: |
          goreleaser check --verbose
  signing:
    runs-on: ${{ matrix.os }}
    if: github.event_name != 'pull_request'
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - macos-latest
          - windows-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.18
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
          passphrase: ${{ secrets.PASSPHRASE_TEST }}
      - name: Check
        uses: ./
        with:
          version: latest
          args: -f .goreleaser-signing.yml check --verbose
          workdir: ./test
        env:
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
      - name: GoReleaser
        uses: ./
        with:
          version: latest
          args: -f .goreleaser-signing.yml release --skip=publish --clean --snapshot
          workdir: ./test
        env:
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
  upload-artifact:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.18
      - name: Check
        uses: ./
        with:
          args: check --verbose
          workdir: ./test
      - name: GoReleaser
        uses: ./
        with:
          args: release --skip=publish --clean --snapshot
          workdir: ./test
      - name: Upload assets
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: myapp
          path: ./test/dist/*
  dist:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.18
      - name: GoReleaser
        uses: ./
        with:
          args: release --config .goreleaser-dist.yml --skip=publish --clean --snapshot
          workdir: ./test
      - name: Check dist
        run: |
          tree -nh ./test/_output
  nightly:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - macos-latest
          - windows-latest
        distribution:
          - goreleaser-pro
          - goreleaser
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: 1.18
      - name: GoReleaser
        uses: ./
        with:
          install-only: true
          distribution: ${{ matrix.distribution }}
          version: nightly
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Check
        run: |
          goreleaser check -f ./test/.goreleaser.yml
          goreleaser --version
          goreleaser --version | grep nightly
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -0,0 +1,22 @@
 name: lint
 on:
  pull_request:
    paths:
      - '.github/workflows/lint.yml'
      - 'src/*'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      -
        # https://github.com/actions/checkout
        name: Checkout
        uses: actions/checkout@v1
      -
        name: Setup TS
        run: npm install tslint typescript -g
      -
        name: Lint check
        run: tslint './src/*.ts'
--- a/.github/workflows/release-major-tag.yml
+++ b/.github/workflows/release-major-tag.yml
@ -1,42 +0,0 @@
 name: release major tag
 run-name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
 on:
  workflow_dispatch:
    inputs:
      target:
        description: The tag, branch, or SHA the major version should point to (e.g. v7.1.0)
        required: true
      major_version:
        type: choice
        description: The major version tag to move
        options:
          - v7
          - v6
          - v5
          - v4
          - v3
          - v2
          - v1
 # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: write
 jobs:
  tag:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      - name: Git config
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
      - name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
        run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
      - name: Push
        run: git push origin ${{ github.event.inputs.major_version }} --force
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,42 +1,34 @@
 name: test
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: read
 on:
  pull_request:
    branches:
      - master
      - releases/*
  push:
    branches:
-      - 'master'
+      - master
-      - 'releases/v*'
+      - releases/*
  pull_request:
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
+      -
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        # https://github.com/actions/checkout
-        with:
+        name: Checkout
-          fetch-depth: 0
+        uses: actions/checkout@v1
-      - name: Setup Node.js
+      -
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        name: Build
-        with:
+        run: |
-          node-version-file: '.node-version'
+          npm install
-          cache: npm
+          npm run build
-      - name: Install cosign
+      -
-        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+        name: Install
      - name: Install dependencies
        run: npm ci
-      - name: Test
+      -
-        run: npm test
+        name: Build
-        env:
+        run: npm run build
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      -
-      - name: Upload coverage
+        name: Test
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
+        run: npm run test
        with:
          files: ./coverage/clover.xml
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -1,83 +0,0 @@
 name: validate
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: read
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
  pull_request:
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version-file: '.node-version'
          cache: npm
      - name: Install dependencies
        run: npm ci
      - name: Format check
        run: npm run format-check
      - name: Lint
        run: npm run lint
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
        with:
          node-version-file: '.node-version'
          cache: npm
      - name: Install dependencies
        run: npm ci --ignore-scripts
      - name: Rebuild dist
        run: npm run build
      - name: Compare dist
        id: diff
        run: |
          if [ "$(git diff --ignore-space-at-eol dist | wc -l)" -gt "0" ]; then
            echo "Detected uncommitted changes after build. Run 'npm run build' and commit dist/." >&2
            git diff dist
            exit 1
          fi
      - name: Upload built dist on failure
        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: dist
          path: dist
  vendor:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
        with:
          node-version-file: '.node-version'
          cache: npm
      - name: Refresh package-lock.json
        run: npm install --package-lock-only
      - name: Compare package-lock.json
        run: |
          if [ -n "$(git status --porcelain -- package-lock.json)" ]; then
            echo "package-lock.json is out of sync with package.json. Run 'npm install' and commit." >&2
            git diff package-lock.json
            exit 1
          fi
--- a/.gitignore
+++ b/.gitignore
@ -1,11 +1,19 @@
-# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
+/.dev
 node_modules/
 lib
 # Jetbrains
 /.idea
 /*.iml
 # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -16,14 +24,34 @@ pids
 *.seed
 *.pid.lock
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 # nyc test coverage
 .nyc_output
 # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 # Bower dependency directory (https://bower.io/)
 bower_components
 # node-waf configuration
 .lock-wscript
 # Compiled binary addons (https://nodejs.org/api/addons.html)
 build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
 # TypeScript v1 declaration files
 typings/
 # TypeScript cache
 *.tsbuildinfo
@ -33,11 +61,36 @@ jspm_packages/
 # Optional eslint cache
 .eslintcache
 # Optional REPL history
 .node_repl_history
-# dotenv environment variable files
+# Output of 'npm pack'
 *.tgz
 # Yarn Integrity file
 .yarn-integrity
 # dotenv environment variables file
 .env
-.env.development.local
+.env.test
-.env.test.local
+
-.env.production.local
+# parcel-bundler cache (https://parceljs.org/)
-.env.local
+.cache
-provenance.json
+
 # next.js build output
 .next
 # nuxt.js build output
 .nuxt
 # vuepress build output
 .vuepress/dist
 # Serverless directories
 .serverless/
 # FuseBox cache
 .fusebox/
 # DynamoDB Local files
 .dynamodb/
--- a/.node-version
+++ b/.node-version
@ -1 +0,0 @@
 24
--- a/.prettierignore
+++ b/.prettierignore
@ -1,6 +0,0 @@
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,89 +0,0 @@
 # Contributing
 Thanks for your interest in contributing!
 ## Prerequisites
 - [Node.js](https://nodejs.org/) — version pinned in [`.node-version`](./.node-version).
  Tools like [`nvm`](https://github.com/nvm-sh/nvm), [`fnm`](https://github.com/Schniz/fnm),
  [`asdf`](https://asdf-vm.com/), or [`mise`](https://mise.jdx.dev/) read this file
  automatically.
 - [`cosign`](https://docs.sigstore.dev/cosign/installation/) — only required if you
  want to run the signature-verification integration tests locally.
 ## Setup
 ```sh
 npm ci
 ```
 ## Pre-commit checklist
 Before committing changes to `src/`, `__tests__/`, `package.json`,
 `package-lock.json`, or `action.yml`:
 ```sh
 npm run pre-checkin
 ```
 That runs `format` + `build` + `test` — the same checks CI runs.
 Then commit `dist/` along with your source changes; the action runtime loads
 `dist/index.js` directly, so it must stay in sync.
 If CI's `validate / build` job fails because `dist/` differs from a fresh
 build, just download the `dist` artifact from the failed run and commit it —
 or rerun `npm run build` locally with the Node version in `.node-version`.
 ## npm scripts
 | Script              | Purpose                                          |
 | ------------------- | ------------------------------------------------ |
 | `npm run build`     | Bundle `src/` to `dist/index.js` via `ncc`       |
 | `npm run format`    | Run Prettier (write)                             |
 | `npm run format-check` | Run Prettier (check only, used in CI)         |
 | `npm run lint`      | Run ESLint (check only, used in CI)              |
 | `npm run lint:fix`  | Run ESLint with `--fix`                          |
 | `npm test`          | Run Jest with coverage                           |
 | `npm run pre-checkin` | `format` + `lint:fix` + `build` + `test`       |
 ## Tests
 `npm test` runs the full Jest suite, including integration tests that:
 - Download real GoReleaser releases from GitHub
 - Verify `checksums.txt` against the downloaded archive
 - Verify the cosign sigstore bundle (skipped if `cosign` isn't on `PATH`,
  but the CI image always has it installed)
 These need outbound network access. Offline / restrictive-proxy runs will
 have those tests fail — that's expected.
 ## Commit messages
 Use [Conventional Commits](https://www.conventionalcommits.org/) (`feat:`,
 `fix:`, `test:`, `docs:`, `chore:`, `ci:`, …). Keep the subject ≤72 chars.
 ## Pull requests
 - Target `master`.
 - Make sure `npm run pre-checkin` passes.
 - One logical change per PR is easier to review.
 - The `signing` CI job and `goreleaser-pro` matrix entries are skipped on PRs
  from forks because they need repository secrets — that's expected and not
  something you need to fix.
 ## Releasing (maintainers)
 1. Create a new GitHub Release with a semver tag (e.g. `v7.1.0`) — either
   through the UI or `gh release create v7.1.0 --generate-notes`.
 2. Once the release exists, run the [**release major tag**](./.github/workflows/release-major-tag.yml)
   workflow from the Actions tab:
   - `target`: the new tag (e.g. `v7.1.0`)
   - `major_version`: the major version to repoint (e.g. `v7`)
   This force-pushes the major tag to the new release so consumers using
   `goreleaser/goreleaser-action@v7` pick up the change.
   The same workflow doubles as a rollback tool — pass an older tag as
   `target` to revert the major.
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2019-2022 CrazyMax
+Copyright (c) 2019 CrazyMax
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -5,39 +5,17 @@
  <p align="center">
    <a href="https://github.com/goreleaser/goreleaser-action/releases/latest"><img alt="GitHub release" src="https://img.shields.io/github/release/goreleaser/goreleaser-action.svg?logo=github&style=flat-square"></a>
    <a href="https://github.com/marketplace/actions/goreleaser-action"><img alt="GitHub marketplace" src="https://img.shields.io/badge/marketplace-goreleaser--action-blue?logo=github&style=flat-square"></a>
-    <a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://img.shields.io/github/actions/workflow/status/goreleaser/goreleaser-action/test.yml?label=test&branch=master&logo=github&style=flat-square"></a>
+    <a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=release"><img alt="Release workflow" src="https://github.com/goreleaser/goreleaser-action/workflows/release/badge.svg"></a>
-    <a href="https://codecov.io/gh/goreleaser/goreleaser-action"><img alt="Codecov" src="https://img.shields.io/codecov/c/github/goreleaser/goreleaser-action?logo=codecov&style=flat-square"></a>
+    <a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://github.com/goreleaser/goreleaser-action/workflows/test/badge.svg"></a>
    <a href="https://github.com/sponsors/crazy-max"><img src="https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github&style=flat-square" alt="Become a sponsor"></a>
  </p>
 </p>
-___
+---
 ![GoRelease Action](.github/goreleaser-action.png)
 * [Usage](#usage)
  * [Workflow](#workflow)
  * [Verification](#verification)
  * [Run on new tag](#run-on-new-tag)
  * [Signing](#signing)
  * [Upload artifacts](#upload-artifacts)
  * [Install Only](#install-only)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
  * [environment variables](#environment-variables)
 * [Limitation](#limitation)
 * [Development](#development)
 * [License](#license)
 ## Usage
-GoReleaser Action runs [goreleaser][], please follow its [docs][gdocs] for
+Below is a simple snippet to use this action. A [live example](https://github.com/goreleaser/goreleaser-action/actions) is also available for this repository.
 more information about how to customize what GoReleaser does.
 [goreleaser]: https://goreleaser.com/
 [gdocs]: https://goreleaser.com/customization
 ### Workflow
 ```yaml
 name: goreleaser
@ -46,82 +24,33 @@ on:
  pull_request:
  push:
 permissions:
  contents: write
 jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v2
-        with:
+      -
-          fetch-depth: 0
+        name: Unshallow
        run: git fetch --prune --unshallow
      -
        name: Set up Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@v1
        with:
          go-version: 1.13.x
      -
        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v1
        with:
-          # either 'goreleaser' (default) or 'goreleaser-pro'
+          version: latest
-          distribution: goreleaser
+          args: release --rm-dist
-          # 'latest', 'nightly', or a semver
+          key: ${{ secrets.YOUR_PRIVATE_KEY }}
          version: '~> v2'
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
          # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
 ```
 > **IMPORTANT**: note the `fetch-depth: 0` input in `Checkout` step. It is required  for the changelog to work correctly.
 ### Verification
 The action verifies the integrity of the downloaded GoReleaser archive
 against the published `checksums.txt` automatically — no configuration
 required.
 If [`cosign`](https://docs.sigstore.dev/cosign/) is available on `PATH`, the
 action will additionally verify the cosign sigstore signature of the
 checksums file against the GoReleaser release workflow's OIDC identity. If
 `cosign` isn't installed, this step is silently skipped.
 > **Note**: cosign signature verification requires GoReleaser **v2.13.0 or
 > newer** (and the matching `nightly`). Earlier releases ship a `.sig`
 > detached signature signed with cosign v2, which is not compatible with
 > the cosign v3 sigstore-bundle format the action verifies. For older
 > versions the cosign step is silently skipped — only the `checksums.txt`
 > SHA-256 verification runs.
 > **Note**: when `version: nightly` is used, the action resolves the
 > latest immutable `vX.Y.Z-<sha>-nightly` release from the GitHub
 > Releases API. Pass `GITHUB_TOKEN` to the action step (as in the example
 > above) to avoid unauthenticated API rate limits.
 To enable signature verification, install cosign before running the action:
 ```yaml
      -
        name: Install cosign
        uses: sigstore/cosign-installer@v3
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          distribution: goreleaser
          version: '~> v2'
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
-Both checksum and signature verification work for tagged releases (≥ v2.13.0)
+> **IMPORTANT**: note the `Unshallow` step. It is required for the changelog to work correctly.
 and the `nightly` channel.
 ### Run on new tag
 If you want to run GoReleaser only on new tag, you can use this event:
@ -137,174 +66,43 @@ Or with a condition on GoReleaser step:
 ```yaml
      -
        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v7
+        uses: goreleaser/goreleaser-action@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
-          version: '~> v2'
+          version: latest
-          args: release --clean
+          args: release --rm-dist
          key: ${{ secrets.YOUR_PRIVATE_KEY }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 > For detailed instructions please follow GitHub Actions [workflow syntax](https://help.github.com/en/articles/workflow-syntax-for-github-actions#About-yaml-syntax-for-workflows).
 ## Customizing
 ### Inputs
 Following inputs can be used as `step.with` keys
 | Name          | Type    | Default   | Description                               |
 |---------------|---------|-----------|-------------------------------------------|
 | `version`     | String  | `latest`  | GoReleaser version. Example: `v0.117.0`   |
 | `args`        | String  |           | Arguments to pass to GoReleaser           |
 | `key`         | String  |           | Private key to import                     |
 | `workdir`     | String  | `.`       | Working directory (below repository root) |
 ### Signing
-If [signing is enabled](https://goreleaser.com/customization/#Signing) in your GoReleaser configuration, you can use
+If signing is enabled in your GoReleaser configuration, populate the `key` input with your private key
-the [Import GPG](https://github.com/crazy-max/ghaction-import-gpg) GitHub Action along with this one:
+and reference the key in your signing configuration, e.g.
 ```yaml
      -
        name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v7
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          version: '~> v2'
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
 ```
 And reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` environment variable:
 ```yaml
 signs:
  - artifacts: checksum
-    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
 ```
-### Upload artifacts
+This feature is currently only compatible when using the default `gpg` command and a private key without a passphrase.
 For some events like pull request or schedule you might want to store the artifacts somewhere for testing
 purposes. You can do that with the [actions/upload-artifact](https://github.com/actions/upload-artifact) action:
 ```yaml
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          version: '~> v2'
          args: release --clean
          workdir: myfolder
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Upload assets
        uses: actions/upload-artifact@v6
        with:
          name: myapp
          path: myfolder/dist/*
 ```
 ### Install Only
 ```yaml
 steps:
  -
    name: Install GoReleaser
    uses: goreleaser/goreleaser-action@v7
    with:
      install-only: true
  -
    name: Show GoReleaser version
    run: goreleaser -v
 ```
 ## Customizing
 ### inputs
 Following inputs can be used as `step.with` keys
 | Name             | Type    | Default      | Description                                                      |
 |------------------|---------|--------------|------------------------------------------------------------------|
 | `distribution`   | String  | `goreleaser` | GoReleaser distribution, either `goreleaser` or `goreleaser-pro` |
 | `version`**¹**   | String  | `~> v2`      | GoReleaser version                                               |
 | `version-file`**²** | String  |              | Read the GoReleaser version from a file (see below)              |
 | `args`           | String  |              | Arguments to pass to GoReleaser                                  |
 | `workdir`        | String  | `.`          | Working directory (below repository root)                        |
 | `install-only`   | Bool    | `false`      | Just install GoReleaser                                          |
 > **¹** Can be a fixed version like `v0.117.0` or a max satisfying semver one like `~> 0.132`. In this case this will return `v0.132.1`.
 >
 > **²** Path to a file containing the GoReleaser version. Resolved relative
 > to `workdir`. Currently only [`.tool-versions`](https://asdf-vm.com/manage/configuration.html#tool-versions)
 > (asdf/mise) format is supported. When set, this takes precedence over `version`.
 >
 > ```yaml
 > # .tool-versions
 > goreleaser 2.13.0
 > ```
 >
 > ```yaml
 > - uses: goreleaser/goreleaser-action@v7
 >   with:
 >     version-file: .tool-versions
 >     args: release --clean
 > ```
 ### outputs
 Following outputs are available
 | Name        | Type | Description            |
 |-------------|------|------------------------|
 | `artifacts` | JSON | Build result artifacts |
 | `metadata`  | JSON | Build result metadata  |
 ### environment variables
 Following environment variables can be used as `step.env` keys
 | Name             | Description                                                                                                                                         |
 |------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
 | `GITHUB_TOKEN`   | [GITHUB_TOKEN](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) as provided by `secrets` and requires `contents:write` |
 | `GORELEASER_KEY` | Your [GoReleaser Pro](https://goreleaser.com/pro) License Key, in case you are using the `goreleaser-pro` distribution                              |
 ## Limitation
 `GITHUB_TOKEN` permissions [are limited to the repository](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#about-the-github_token-secret)
 that contains your workflow.
 If you need to push the homebrew tap to another repository, you must therefore create a custom [Personal Access Token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/)
 with `repo` permissions and [add it as a secret in the repository](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets). If you create a
 secret named `GH_PAT`, the step will look like this:
 ```yaml
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v7
        with:
          version: '~> v2'
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
 ```
 ## Migrating from v3
 If you need the auto-snapshot feature, take a look at [this example repository](https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example): it's a minimal working example with all you need.
 ## Development
 See [CONTRIBUTING.md](./CONTRIBUTING.md) for the full development workflow.
 Quick reference:
 ```
 # install dependencies
 npm ci
 # format, build dist/, and run tests
 npm run pre-checkin
 ```
 ## License
--- a/tests/github.test.ts
+++ b/tests/github.test.ts
@ -1,106 +0,0 @@
 import {describe, expect, it} from '@jest/globals';
 import * as github from '../src/github';
 describe('getRelease', () => {
  it('returns latest GoReleaser GitHub release', async () => {
    const release = await github.getRelease('goreleaser', 'latest');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('returns v0.182.0 GoReleaser GitHub release', async () => {
    const release = await github.getRelease('goreleaser', 'v0.182.0');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v0.182.0');
  });
  it('returns v0.182.1 GoReleaser GitHub release', async () => {
    const release = await github.getRelease('goreleaser', '~> 0.182');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v0.182.1');
  });
  it('unknown GoReleaser release', async () => {
    await expect(github.getRelease('goreleaser', 'foo')).rejects.toThrow(
      new Error('Cannot find GoReleaser release foo in https://goreleaser.com/releases.json')
    );
  });
  it('returns latest GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', 'latest');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('returns latest v1 GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', '~> v1');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('returns latest v1 GoReleaser GitHub release', async () => {
    const release = await github.getRelease('goreleaser', '~> v1');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('returns latest v2 GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', '~> v2');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('returns latest v2 GoReleaser GitHub release', async () => {
    const release = await github.getRelease('goreleaser', '~> v2');
    expect(release).not.toBeNull();
    expect(release?.tag_name).not.toEqual('');
  });
  it('resolves nightly to a <version>-<sha>-nightly release for OSS GoReleaser', async () => {
    const release = await github.getRelease('goreleaser', 'nightly');
    expect(release).not.toBeNull();
    expect(release.tag_name).toMatch(github.nightlyTagRegex);
  });
  it('resolves nightly to a <version>-<sha>-nightly release for GoReleaser Pro', async () => {
    const release = await github.getRelease('goreleaser-pro', 'nightly');
    expect(release).not.toBeNull();
    expect(release.tag_name).toMatch(github.nightlyTagRegex);
  });
  it('returns v0.182.0 GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', 'v0.182.0');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v0.182.0-pro');
  });
  it('returns v0.182.1 GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', '~> 0.182');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v0.182.1-pro');
  });
  it('returns v2.7.0 GoReleaser Pro GitHub release', async () => {
    const release = await github.getRelease('goreleaser-pro', '~> v2.7');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v2.7.0');
  });
  it('skips JSON check for specific version v2.8.1', async () => {
    const release = await github.getRelease('goreleaser', 'v2.8.1');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v2.8.1');
  });
  it('skips JSON check for specific version without v prefix', async () => {
    const release = await github.getRelease('goreleaser', '2.8.1');
    expect(release).not.toBeNull();
    expect(release?.tag_name).toEqual('v2.8.1');
  });
  it('unknown GoReleaser Pro release', async () => {
    await expect(github.getRelease('goreleaser-pro', 'foo')).rejects.toThrow(
      new Error('Cannot find GoReleaser release foo in https://goreleaser.com/releases-pro.json')
    );
  });
 });
--- a/tests/goreleaser.test.ts
+++ b/tests/goreleaser.test.ts
@ -1,167 +0,0 @@
 import {describe, expect, it} from '@jest/globals';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import * as io from '@actions/io';
 import * as goreleaser from '../src/goreleaser';
 describe('install', () => {
  it('acquires latest version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'latest');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires latest v2 version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', '~> v2');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  // The following pinned versions exercise install across release eras to
  // guard against regressions in checksum handling and the cosign skip path:
  //   - v0.182.0  : pre-checksums-signing era
  //   - v1.26.2   : cosign v2 detached `.sig` only
  //   - v2.12.4   : last release before sigstore bundles (cosign skipped)
  //   - v2.13.0   : first release with cosign v3 sigstore bundle
  //   - v2.15.3   : recent release with sigstore bundle
  it('acquires v0.182.0 (pre-signing) version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'v0.182.0');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires v1.26.2 (cosign v2 .sig) version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'v1.26.2');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires v2.12.4 (last pre-sigstore-bundle) version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'v2.12.4');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires v2.13.0 (minimum cosign-verifiable) version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'v2.13.0');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires v2.15.3 (recent sigstore-bundle) version of GoReleaser', async () => {
    const bin = await goreleaser.install('goreleaser', 'v2.15.3');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires latest v2 version of GoReleaser Pro', async () => {
    const bin = await goreleaser.install('goreleaser-pro', '~> v2');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
  it('acquires latest version of GoReleaser Pro', async () => {
    const bin = await goreleaser.install('goreleaser-pro', 'latest');
    expect(fs.existsSync(bin)).toBe(true);
  }, 100000);
 });
 describe('distribSuffix', () => {
  it('suffixes pro distribution', async () => {
    expect(goreleaser.distribSuffix('goreleaser-pro')).toEqual('-pro');
  });
  it('does not suffix oss distribution', async () => {
    expect(goreleaser.distribSuffix('goreleaser')).toEqual('');
  });
 });
 describe('findChecksum', () => {
  const sample = [
    '*malformed-line',
    '',
    'abc123  goreleaser_Linux_x86_64.tar.gz',
    'def456 *goreleaser_Darwin_all.tar.gz',
    '789xyz  checksums.txt'
  ].join('\n');
  it('finds a checksum by filename', () => {
    expect(goreleaser.findChecksum(sample, 'goreleaser_Linux_x86_64.tar.gz')).toEqual('abc123');
  });
  it('strips a leading asterisk on the filename (binary mode)', () => {
    expect(goreleaser.findChecksum(sample, 'goreleaser_Darwin_all.tar.gz')).toEqual('def456');
  });
  it('returns undefined when not present', () => {
    expect(goreleaser.findChecksum(sample, 'missing.tar.gz')).toBeUndefined();
  });
 });
 describe('getCertificateIdentity', () => {
  it('returns the OSS workflow identity for tagged releases', () => {
    expect(goreleaser.getCertificateIdentity('goreleaser', 'v2.15.3')).toEqual(
      'https://github.com/goreleaser/goreleaser/.github/workflows/release.yml@refs/tags/v2.15.3'
    );
  });
  it('returns the Pro internal workflow identity for tagged releases', () => {
    expect(goreleaser.getCertificateIdentity('goreleaser-pro', 'v2.15.3')).toEqual(
      'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/v2.15.3'
    );
  });
  it('uses nightly-oss.yml@refs/heads/main for OSS nightly tag', () => {
    expect(goreleaser.getCertificateIdentity('goreleaser', 'v2.16.0-abc1234-nightly')).toEqual(
      'https://github.com/goreleaser/goreleaser/.github/workflows/nightly-oss.yml@refs/heads/main'
    );
  });
  it('uses nightly-pro.yml@refs/heads/main for Pro nightly tag', () => {
    expect(goreleaser.getCertificateIdentity('goreleaser-pro', 'v2.16.0-eaeb08c50-nightly')).toEqual(
      'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/nightly-pro.yml@refs/heads/main'
    );
  });
 });
 describe('verifyChecksum', () => {
  const requireCosign = async (): Promise<void> => {
    const cosign = await io.which('cosign', false);
    if (!cosign) {
      throw new Error(
        'cosign must be installed in PATH to run this integration test (apk add cosign / sigstore/cosign-installer)'
      );
    }
  };
  it('verifies a tagged OSS release end-to-end with cosign', async () => {
    await requireCosign();
    const bin = await goreleaser.install('goreleaser', 'v2.15.3');
    expect(fs.existsSync(bin)).toBe(true);
  }, 120000);
  it('verifies the OSS nightly release end-to-end with cosign', async () => {
    await requireCosign();
    const bin = await goreleaser.install('goreleaser', 'nightly');
    expect(fs.existsSync(bin)).toBe(true);
  }, 120000);
  it('installs a pre-v2.13 release (no sigstore bundle) without failing when cosign is present', async () => {
    // v2.12.x is the last release that did NOT publish checksums.txt.sigstore.json.
    // The action must still install it cleanly: checksum verified, cosign step skipped.
    await requireCosign();
    const bin = await goreleaser.install('goreleaser', 'v2.12.4');
    expect(fs.existsSync(bin)).toBe(true);
  }, 120000);
  it('throws on checksum mismatch', async () => {
    const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gha-'));
    const archive = path.join(dir, 'fake.tar.gz');
    fs.writeFileSync(archive, 'tampered content');
    await expect(
      goreleaser.verifyChecksum('goreleaser', 'v2.15.3', archive, 'goreleaser_Linux_x86_64.tar.gz')
    ).rejects.toThrow(/Checksum mismatch/);
  }, 60000);
  it('throws when the filename is not in checksums.txt', async () => {
    const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gha-'));
    const archive = path.join(dir, 'whatever.tar.gz');
    fs.writeFileSync(archive, '');
    await expect(
      goreleaser.verifyChecksum('goreleaser', 'v2.15.3', archive, 'not-a-real-asset.tar.gz')
    ).rejects.toThrow(/Could not find not-a-real-asset.tar.gz in checksums.txt/);
  }, 60000);
 });
--- a/tests/installer.test.ts
+++ b/tests/installer.test.ts
@ -0,0 +1,14 @@
 import fs = require('fs');
 import * as installer from '../src/installer';
 describe('installer', () => {
  it('acquires v0.117.0 version of GoReleaser', async () => {
    const goreleaser = await installer.getGoReleaser('v0.117.0');
    expect(fs.existsSync(goreleaser)).toBe(true);
  }, 100000);
  it('acquires latest version of GoReleaser', async () => {
    const goreleaser = await installer.getGoReleaser('latest');
    expect(fs.existsSync(goreleaser)).toBe(true);
  }, 100000);
 });
--- a/tests/version.test.ts
+++ b/tests/version.test.ts
@ -1,117 +0,0 @@
 import {describe, expect, it, beforeEach, afterEach} from '@jest/globals';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import {getRequestedVersion} from '../src/version';
 import {Inputs} from '../src/context';
 const baseInputs = (overrides: Partial<Inputs>): Inputs => ({
  distribution: 'goreleaser',
  version: '~> v2',
  versionFile: '',
  args: '',
  workdir: '.',
  installOnly: false,
  ...overrides
 });
 describe('getRequestedVersion', () => {
  let tmpDir: string;
  beforeEach(() => {
    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'goreleaser-version-'));
  });
  afterEach(() => {
    fs.rmSync(tmpDir, {recursive: true, force: true});
  });
  const writeToolVersions = (content: string, name = '.tool-versions'): void => {
    fs.writeFileSync(path.join(tmpDir, name), content);
  };
  describe('without version-file', () => {
    it('returns the version input as-is', () => {
      expect(getRequestedVersion(baseInputs({version: 'v1.2.3'}))).toBe('v1.2.3');
    });
    it('returns the default version when none is provided', () => {
      expect(getRequestedVersion(baseInputs({version: '~> v2'}))).toBe('~> v2');
    });
  });
  describe('with .tool-versions', () => {
    it('parses an unprefixed version and adds the v prefix', () => {
      writeToolVersions('goreleaser 1.2.3\n');
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v1.2.3');
    });
    it('keeps an existing v prefix without doubling it', () => {
      writeToolVersions('goreleaser v1.2.3\n');
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v1.2.3');
    });
    it('takes precedence over the version input', () => {
      writeToolVersions('goreleaser 1.2.3\n');
      expect(getRequestedVersion(baseInputs({version: 'v9.9.9', versionFile: '.tool-versions', workdir: tmpDir}))).toBe(
        'v1.2.3'
      );
    });
    it('ignores other tools and picks goreleaser', () => {
      writeToolVersions(['nodejs 20.10.0', 'goreleaser 2.13.0', 'python 3.12.1', ''].join('\n'));
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
    });
    it('skips full-line and inline comments', () => {
      writeToolVersions(['# pinned for CI', 'goreleaser 2.13.0 # minimum cosign-verifiable', ''].join('\n'));
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
    });
    it('preserves "latest"', () => {
      writeToolVersions('goreleaser latest\n');
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('latest');
    });
    it('uses only the first version when multiple fallbacks are listed', () => {
      // asdf supports listing fallback versions; we install the first match.
      writeToolVersions('goreleaser 2.13.0 2.12.4\n');
      expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
    });
    it('accepts an absolute path and ignores workdir', () => {
      const abs = path.join(tmpDir, '.tool-versions');
      fs.writeFileSync(abs, 'goreleaser 2.13.0\n');
      expect(getRequestedVersion(baseInputs({versionFile: abs, workdir: '/nonexistent'}))).toBe('v2.13.0');
    });
    it('throws when the file does not exist', () => {
      expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
        /version-file not found/
      );
    });
    it('throws when the file has no goreleaser entry', () => {
      writeToolVersions(['nodejs 20.10.0', 'python 3.12.1', ''].join('\n'));
      expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
        /No goreleaser entry/
      );
    });
    it('throws when the goreleaser entry has no version', () => {
      writeToolVersions('goreleaser\n');
      expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
        /No version specified for goreleaser/
      );
    });
  });
  describe('with an unsupported file', () => {
    it('throws a clear error', () => {
      fs.writeFileSync(path.join(tmpDir, '.go-version'), '1.2.3\n');
      expect(() => getRequestedVersion(baseInputs({versionFile: '.go-version', workdir: tmpDir}))).toThrow(
        /Unsupported version-file/
      );
    });
  });
 });
--- a/action.yml
+++ b/action.yml
@ -1,44 +1,23 @@
 # https://help.github.com/en/articles/metadata-syntax-for-github-actions
 name: 'GoReleaser Action'
 description: 'GitHub Action for GoReleaser, a release automation tool for Go projects'
-author: 'goreleaser'
+author: 'crazy-max'
 branding:
  color: 'green'
  icon: 'package'
 inputs:
  distribution:
    description: 'GoReleaser Distribution (goreleaser or goreleaser-pro)'
    default: 'goreleaser'
    required: false
  version:
-    description: 'GoReleaser version'
+    description: 'GoReleaser version. Example: v0.118.0'
-    default: '~> v2'
+    default: 'latest'
    required: false
  version-file:
    description: |
      Read the GoReleaser version from a file. Path is resolved relative to
      `workdir`. Currently only `.tool-versions` (asdf/mise) is supported.
      When set, takes precedence over `version`.
    required: false
  args:
    description: 'Arguments to pass to GoReleaser'
-    required: false
+  key:
    description: 'Private key to import'
  workdir:
    description: 'Working directory (below repository root)'
    default: '.'
    required: false
  install-only:
    description: 'Just install GoReleaser'
    default: 'false'
    required: false
 outputs:
  artifacts:
    description: 'Build result artifacts'
  metadata:
    description: 'Build result metadata'
 runs:
-  using: 'node24'
+  using: 'node12'
  main: 'dist/index.js'
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
@ -1,368 +0,0 @@
@actions/core
 MIT
 The MIT License (MIT)
 Copyright 2019 GitHub
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/exec
 MIT
 The MIT License (MIT)
 Copyright 2019 GitHub
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/http-client
 MIT
 Actions Http Client for Node.js
 Copyright (c) GitHub, Inc.
 All rights reserved.
 MIT License
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
 associated documentation files (the "Software"), to deal in the Software without restriction,
 including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
 and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
 subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
 NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/io
 MIT
 The MIT License (MIT)
 Copyright 2019 GitHub
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/tool-cache
 MIT
 The MIT License (MIT)
 Copyright 2019 GitHub
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ansi-regex
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ansi-styles
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 cliui
 ISC
 Copyright (c) 2015, Contributors
 Permission to use, copy, modify, and/or distribute this software
 for any purpose with or without fee is hereby granted, provided
 that the above copyright notice and this permission notice
 appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
 LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
 OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
 WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
 ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 emoji-regex
 MIT
 Copyright Mathias Bynens <https://mathiasbynens.be/>
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
 "Software"), to deal in the Software without restriction, including
 without limitation the rights to use, copy, modify, merge, publish,
 distribute, sublicense, and/or sell copies of the Software, and to
 permit persons to whom the Software is furnished to do so, subject to
 the following conditions:
 The above copyright notice and this permission notice shall be
 included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 escalade
 MIT
 MIT License
 Copyright (c) Luke Edwards <luke.edwards05@gmail.com> (lukeed.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 get-caller-file
 ISC
 ISC License (ISC)
 Copyright 2018 Stefan Penner
 Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 get-east-asian-width
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 js-yaml
 MIT
 (The MIT License)
 Copyright (C) 2011-2015 by Vitaly Puzrin
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 semver
 ISC
 The ISC License
 Copyright (c) Isaac Z. Schlueter and Contributors
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 string-width
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 strip-ansi
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 tunnel
 MIT
 The MIT License (MIT)
 Copyright (c) 2012 Koichi Kobayashi
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 undici
 MIT
 MIT License
 Copyright (c) Matteo Collina and Undici contributors
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 wrap-ansi
 MIT
 MIT License
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 y18n
 ISC
 Copyright (c) 2015, Contributors
 Permission to use, copy, modify, and/or distribute this software for any purpose
 with or without fee is hereby granted, provided that the above copyright notice
 and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
 REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
 FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
 INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
 OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
 TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 yargs
 MIT
 MIT License
 Copyright 2010 James Halliday (mail@substack.net); Modified work Copyright 2014 Contributors (ben@npmjs.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 yargs-parser
 ISC
 Copyright (c) 2016, Contributors
 Permission to use, copy, modify, and/or distribute this software
 for any purpose with or without fee is hereby granted, provided
 that the above copyright notice and this permission notice
 appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
 LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
 OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
 WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
 ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/dist/package.json
+++ b/dist/package.json
@ -1,3 +0,0 @@
 {
  "type": "module"
 }
--- a/test/go.mod
+++ b/test/go.mod
@ -1,3 +1,3 @@
 module github.com/goreleaser/goreleaser-action
-go 1.18
+go 1.12
--- a/jest.config.js
+++ b/jest.config.js
@ -0,0 +1,11 @@
 module.exports = {
  clearMocks: true,
  moduleFileExtensions: ['js', 'ts'],
  testEnvironment: 'node',
  testMatch: ['**/*.test.ts'],
  testRunner: 'jest-circus/runner',
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
  verbose: true
 }
--- a/jest.config.ts
+++ b/jest.config.ts
@ -1,24 +0,0 @@
 import type {Config} from 'jest';
 const config: Config = {
  clearMocks: true,
  moduleFileExtensions: ['js', 'ts'],
  setupFiles: ['dotenv/config', '<rootDir>/src/test_setup.ts'],
  testMatch: ['**/*.test.ts'],
  testTimeout: 30000,
  transform: {
    '^.+\\.ts$': [
      'ts-jest',
      {
        useESM: true
      }
    ]
  },
  extensionsToTreatAsEsm: ['.ts'],
  moduleNameMapper: {
    '^(\\.{1,2}/.*)\\.js$': '$1'
  },
  verbose: true
 };
 export default config;
--- a/lib/git.js
+++ b/lib/git.js
@ -0,0 +1,54 @@
 "use strict";
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
 };
 var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
    result["default"] = mod;
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const child_process = __importStar(require("child_process"));
 const git = (args = []) => __awaiter(void 0, void 0, void 0, function* () {
    const stdout = child_process.execSync(`git ${args.join(' ')}`, {
        encoding: 'utf8'
    });
    return stdout.trim();
 });
 function isTagDirty(currentTag) {
    return __awaiter(this, void 0, void 0, function* () {
        try {
            yield git(['describe', '--exact-match', '--tags', '--match', currentTag]);
        }
        catch (err) {
            return true;
        }
        return false;
    });
 }
 exports.isTagDirty = isTagDirty;
 function getTag() {
    return __awaiter(this, void 0, void 0, function* () {
        try {
            return yield git(['describe', '--tags', '--abbrev=0']);
        }
        catch (err) {
            return '';
        }
    });
 }
 exports.getTag = getTag;
 function getShortCommit() {
    return __awaiter(this, void 0, void 0, function* () {
        return yield git(['show', "--format='%h'", 'HEAD', '--quiet']);
    });
 }
 exports.getShortCommit = getShortCommit;
--- a/lib/installer.js
+++ b/lib/installer.js
@ -0,0 +1,72 @@
 "use strict";
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
 };
 var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
    result["default"] = mod;
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const tc = __importStar(require("@actions/tool-cache"));
 const download = __importStar(require("download"));
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const util = __importStar(require("util"));
 const restm = __importStar(require("typed-rest-client/RestClient"));
 let osPlat = os.platform();
 let osArch = os.arch();
 function getGoReleaser(version) {
    return __awaiter(this, void 0, void 0, function* () {
        const selected = yield determineVersion(version);
        if (selected) {
            version = selected;
        }
        core.info(`✅ GoReleaser version found: ${version}`);
        const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'goreleaser-'));
        const fileName = getFileName();
        const downloadUrl = util.format('https://github.com/goreleaser/goreleaser/releases/download/%s/%s', version, fileName);
        core.info(`⬇️ Downloading ${downloadUrl}...`);
        yield download.default(downloadUrl, tmpdir, { filename: fileName });
        core.info('📦 Extracting GoReleaser...');
        let extPath = tmpdir;
        if (osPlat == 'win32') {
            extPath = yield tc.extractZip(`${tmpdir}/${fileName}`);
        }
        else {
            extPath = yield tc.extractTar(`${tmpdir}/${fileName}`);
        }
        return path.join(extPath, osPlat == 'win32' ? 'goreleaser.exe' : 'goreleaser');
    });
 }
 exports.getGoReleaser = getGoReleaser;
 function getFileName() {
    const platform = osPlat == 'win32' ? 'Windows' : osPlat == 'darwin' ? 'Darwin' : 'Linux';
    const arch = osArch == 'x64' ? 'x86_64' : 'i386';
    const ext = osPlat == 'win32' ? 'zip' : 'tar.gz';
    return util.format('goreleaser_%s_%s.%s', platform, arch, ext);
 }
 function determineVersion(version) {
    return __awaiter(this, void 0, void 0, function* () {
        let rest = new restm.RestClient('goreleaser-action', 'https://github.com', undefined, {
            headers: {
                Accept: 'application/json'
            }
        });
        let res = yield rest.get(`/goreleaser/goreleaser/releases/${version}`);
        if (res.statusCode != 200 || res.result === null) {
            throw new Error(`Cannot find GoReleaser ${version} release (http ${res.statusCode})`);
        }
        return res.result.tag_name;
    });
 }
--- a/lib/main.js
+++ b/lib/main.js
@ -0,0 +1,70 @@
 "use strict";
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
 };
 var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
    result["default"] = mod;
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const git = __importStar(require("./git"));
 const installer = __importStar(require("./installer"));
 const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
 const fs = __importStar(require("fs"));
 function run(silent) {
    return __awaiter(this, void 0, void 0, function* () {
        try {
            const version = core.getInput('version') || 'latest';
            const args = core.getInput('args');
            const key = core.getInput('key');
            const workdir = core.getInput('workdir') || '.';
            const goreleaser = yield installer.getGoReleaser(version);
            const commit = yield git.getShortCommit();
            const tag = yield git.getTag();
            const isTagDirty = yield git.isTagDirty(tag);
            if (workdir && workdir !== '.') {
                core.info(`📂 Using ${workdir} as working directory...`);
                process.chdir(workdir);
            }
            let snapshot = '';
            if (args.split(' ').indexOf('release') > -1) {
                if (isTagDirty) {
                    core.info(`⚠️ No tag found for commit ${commit}. Snapshot forced`);
                    if (!args.includes('--snapshot')) {
                        snapshot = ' --snapshot';
                    }
                }
                else {
                    core.info(`✅ ${tag} tag found for commit ${commit}`);
                }
            }
            if (key) {
                core.info('🔑 Importing signing key...');
                let path = `${process.env.HOME}/key.asc`;
                fs.writeFileSync(path, key, { mode: 0o600 });
                yield exec.exec('gpg', ['--import', path], {
                    silent: silent
                });
            }
            core.info('🏃 Running GoReleaser...');
            yield exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, {
                silent: silent
            });
        }
        catch (error) {
            core.setFailed(error.message);
        }
    });
 }
 exports.run = run;
 run();
--- a/test/main.go
+++ b/test/main.go
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,16 +1,17 @@
 {
  "name": "goreleaser-action",
  "private": true,
  "description": "GitHub Action for GoReleaser, a release automation tool for Go projects",
-  "main": "src/main.ts",
+  "main": "lib/main.js",
-  "type": "module",
+  "directories": {
    "lib": "lib"
  },
  "scripts": {
-    "build": "ncc build src/main.ts --minify --license licenses.txt",
+    "build": "tsc && ncc build",
-    "format": "prettier --write \"**/*.ts\"",
+    "test": "jest",
-    "format-check": "prettier --check \"**/*.ts\"",
+    "format": "prettier --write **/*.ts",
-    "lint": "eslint --max-warnings=0 \"**/*.ts\"",
+    "format-check": "prettier --check **/*.ts",
-    "lint:fix": "eslint --fix \"**/*.ts\"",
+    "pre-checkin": "npm run format && npm run build"
    "test": "NODE_OPTIONS='--experimental-vm-modules' jest --coverage",
    "pre-checkin": "npm run format && npm run lint:fix && npm run build && npm test"
  },
  "repository": {
    "type": "git",
@ -23,31 +24,24 @@
  ],
  "author": "CrazyMax",
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^3.0.0",
+    "@actions/core": "^1.2.3",
-    "@actions/exec": "^3.0.0",
+    "@actions/exec": "^1.0.3",
-    "@actions/http-client": "^4.0.0",
+    "@actions/tool-cache": "^1.3.3",
-    "@actions/tool-cache": "^4.0.0",
+    "download": "^8.0.0",
-    "js-yaml": "^4.1.1",
+    "typed-rest-client": "^1.7.3"
    "semver": "^7.7.4",
    "yargs": "^18.0.0"
  },
  "devDependencies": {
-    "@types/node": "^24.0.0",
+    "@types/download": "^6.2.4",
-    "@typescript-eslint/eslint-plugin": "^6.6.0",
+    "@types/jest": "^25.2.1",
-    "@typescript-eslint/parser": "^6.6.0",
+    "@types/node": "^13.11.0",
-    "@vercel/ncc": "^0.38.0",
+    "@zeit/ncc": "^0.22.1",
-    "dotenv": "^16.3.1",
+    "jest": "^25.2.7",
-    "eslint": "^8.49.0",
+    "jest-circus": "^25.2.7",
-    "eslint-config-prettier": "^9.0.0",
+    "jest-runtime": "^25.2.7",
-    "eslint-plugin-jest": "^27.2.3",
+    "prettier": "^2.0.4",
-    "eslint-plugin-prettier": "^5.0.0",
+    "ts-jest": "^25.3.1",
-    "jest": "^29.6.4",
+    "typescript": "^3.8.3",
-    "prettier": "^3.0.3",
+    "typescript-formatter": "^7.2.2"
    "tmp": "^0.2.1",
    "ts-jest": "^29.1.1",
    "ts-node": "^10.9.1",
    "typescript": "^5.2.2"
  }
 }
--- a/src/context.ts
+++ b/src/context.ts
@ -1,25 +0,0 @@
 import * as os from 'os';
 import * as core from '@actions/core';
 export const osPlat: string = os.platform();
 export const osArch: string = os.arch();
 export interface Inputs {
  distribution: string;
  version: string;
  versionFile: string;
  args: string;
  workdir: string;
  installOnly: boolean;
 }
 export async function getInputs(): Promise<Inputs> {
  return {
    distribution: core.getInput('distribution') || 'goreleaser',
    version: core.getInput('version') || '~> v2',
    versionFile: core.getInput('version-file'),
    args: core.getInput('args'),
    workdir: core.getInput('workdir') || '.',
    installOnly: core.getBooleanInput('install-only')
  };
 }
--- a/src/git.ts
+++ b/src/git.ts
@ -0,0 +1,29 @@
 import * as child_process from 'child_process';
 const git = async (args: string[] = []) => {
  const stdout = child_process.execSync(`git ${args.join(' ')}`, {
    encoding: 'utf8'
  });
  return stdout.trim();
 };
 export async function isTagDirty(currentTag: string): Promise<boolean> {
  try {
    await git(['describe', '--exact-match', '--tags', '--match', currentTag]);
  } catch (err) {
    return true;
  }
  return false;
 }
 export async function getTag(): Promise<string> {
  try {
    return await git(['describe', '--tags', '--abbrev=0']);
  } catch (err) {
    return '';
  }
 }
 export async function getShortCommit(): Promise<string> {
  return await git(['show', "--format='%h'", 'HEAD', '--quiet']);
 }
--- a/src/github.ts
+++ b/src/github.ts
@ -1,166 +0,0 @@
 import * as goreleaser from './goreleaser';
 import * as semver from 'semver';
 import * as core from '@actions/core';
 import * as httpm from '@actions/http-client';
 const maxRetries = 10;
 const timeoutMs = 1000;
 const withRetry = async <T>(operation: () => Promise<T>): Promise<T> => {
  let lastError: Error;
  for (let attempt = 0; attempt <= maxRetries; attempt++) {
    try {
      return await operation();
    } catch (error) {
      lastError = error as Error;
      if (attempt === maxRetries) {
        break;
      }
      core.debug(`Attempt ${attempt + 1} failed, retrying in ${timeoutMs}: ${lastError.message}`);
      await new Promise(resolve => setTimeout(resolve, timeoutMs));
    }
  }
  throw lastError;
 };
 export interface GitHubRelease {
  tag_name: string;
 }
 // Matches the new-style nightly release tag pattern: vX.Y.Z-<sha>-nightly
 export const nightlyTagRegex = /^v\d+\.\d+\.\d+-[0-9a-f]+-nightly$/i;
 export const isNightlyTag = (tag: string): boolean => {
  return nightlyTagRegex.test(tag);
 };
 export const getRelease = async (distribution: string, version: string): Promise<GitHubRelease> => {
  if (version === 'latest') {
    core.warning("You are using 'latest' as default version. Will lock to '~> v2'.");
    return getReleaseTag(distribution, '~> v2');
  }
  return getReleaseTag(distribution, version);
 };
 export const getReleaseTag = async (distribution: string, version: string): Promise<GitHubRelease> => {
  if (version === 'nightly') {
    return resolveNightly(distribution);
  }
  // If version is a specific version (not a range), skip the JSON check
  const cleanVersion: string = cleanTag(version);
  if (semver.valid(cleanVersion)) {
    let tag = version.startsWith('v') ? version : `v${version}`;
    // Handle GoReleaser Pro suffix for versions < 2.7.0, but only if not already present
    // TODO: remove all this `-pro` thing at some point.
    if (goreleaser.isPro(distribution) && semver.lt(cleanVersion, '2.7.0') && !tag.endsWith('-pro')) {
      tag = tag + goreleaser.distribSuffix(distribution);
    }
    return {tag_name: tag};
  }
  const tag: string = (await resolveVersion(distribution, version)) || version;
  const suffix: string = goreleaser.distribSuffix(distribution);
  const url = `https://goreleaser.com/releases${suffix}.json`;
  const releases = await withRetry(async () => {
    const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
    const resp: httpm.HttpClientResponse = await http.get(url);
    const body = await resp.readBody();
    const statusCode = resp.message.statusCode || 500;
    if (statusCode >= 400) {
      throw new Error(
        `Failed to get GoReleaser release ${version} from ${url} with status code ${statusCode}: ${body}`
      );
    }
    return <Array<GitHubRelease>>JSON.parse(body);
  });
  const res = releases.filter(r => r.tag_name === tag).shift();
  if (res) {
    return res;
  }
  throw new Error(`Cannot find GoReleaser release ${version} in ${url}`);
 };
 // resolveNightly looks up the latest immutable nightly release of the form
 // `vX.Y.Z-<sha>-nightly` on the GitHub releases of the given distribution.
 const resolveNightly = async (distribution: string): Promise<GitHubRelease> => {
  const url = `https://api.github.com/repos/goreleaser/${distribution}/releases?per_page=100`;
  core.debug(`Resolving latest nightly release from ${url}`);
  const releases = await withRetry(async () => {
    const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
    const headers: {[name: string]: string} = {
      Accept: 'application/vnd.github+json',
      'X-GitHub-Api-Version': '2022-11-28'
    };
    const token = process.env.GITHUB_TOKEN;
    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }
    const resp: httpm.HttpClientResponse = await http.get(url, headers);
    const body = await resp.readBody();
    const statusCode = resp.message.statusCode || 500;
    if (statusCode >= 400) {
      throw new Error(`Failed to list releases from ${url} with status code ${statusCode}: ${body}`);
    }
    return <Array<GitHubRelease>>JSON.parse(body);
  });
  const match = releases.find(r => nightlyTagRegex.test(r.tag_name));
  if (!match) {
    throw new Error(`No '<version>-<sha>-nightly' release found in ${url}`);
  }
  core.info(`Resolved nightly to ${match.tag_name}`);
  return match;
 };
 const resolveVersion = async (distribution: string, version: string): Promise<string | null> => {
  const allTags: Array<string> | null = await getAllTags(distribution);
  if (!allTags) {
    throw new Error(`Cannot download ${distribution} tags`);
  }
  core.debug(`Found ${allTags.length} tags in total`);
  const cleanTags: Array<string> = allTags.map(tag => cleanTag(tag));
  const cleanVersion: string = cleanTag(version);
  if (!semver.valid(cleanVersion) && !semver.validRange(cleanVersion)) {
    // if the given version is invalid, return whatever we got.
    return version;
  }
  const v = semver.maxSatisfying(cleanTags, cleanVersion);
  if (semver.lt(v, '2.7.0')) {
    // if its a version older than 2.7.0, append the suffix.
    return v + goreleaser.distribSuffix(distribution);
  }
  return v;
 };
 interface GitHubTag {
  tag_name: string;
 }
 const getAllTags = async (distribution: string): Promise<Array<string>> => {
  const suffix: string = goreleaser.distribSuffix(distribution);
  const url = `https://goreleaser.com/releases${suffix}.json`;
  core.debug(`Downloading ${url}`);
  return withRetry(async () => {
    const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
    const response = await http.getJson<Array<GitHubTag>>(url);
    if (response.result == null) {
      return [];
    }
    return response.result.map(obj => obj.tag_name);
  });
 };
 const cleanTag = (tag: string): string => {
  return tag.replace(/-pro$/, '');
 };
--- a/src/goreleaser.ts
+++ b/src/goreleaser.ts
@ -1,200 +0,0 @@
 import * as crypto from 'crypto';
 import * as fs from 'fs';
 import * as path from 'path';
 import yaml from 'js-yaml';
 import * as context from './context';
 import * as github from './github';
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
 import * as io from '@actions/io';
 import * as tc from '@actions/tool-cache';
 export async function install(distribution: string, version: string): Promise<string> {
  const release: github.GitHubRelease = await github.getRelease(distribution, version);
  const filename = getFilename(distribution);
  const baseUrl = `https://github.com/goreleaser/${distribution}/releases/download/${release.tag_name}`;
  const downloadUrl = `${baseUrl}/${filename}`;
  core.info(`Downloading ${downloadUrl}`);
  const downloadPath: string = await tc.downloadTool(downloadUrl);
  core.debug(`Downloaded to ${downloadPath}`);
  await verifyChecksum(distribution, release.tag_name, downloadPath, filename);
  core.info('Extracting GoReleaser');
  let extPath: string;
  if (context.osPlat == 'win32') {
    if (!downloadPath.endsWith('.zip')) {
      const newPath = downloadPath + '.zip';
      fs.renameSync(downloadPath, newPath);
      extPath = await tc.extractZip(newPath);
    } else {
      extPath = await tc.extractZip(downloadPath);
    }
  } else {
    extPath = await tc.extractTar(downloadPath);
  }
  core.debug(`Extracted to ${extPath}`);
  const cachePath: string = await tc.cacheDir(extPath, 'goreleaser-action', release.tag_name.replace(/^v/, ''));
  core.debug(`Cached to ${cachePath}`);
  const exePath: string = path.join(cachePath, context.osPlat == 'win32' ? 'goreleaser.exe' : 'goreleaser');
  core.debug(`Exe path is ${exePath}`);
  return exePath;
 }
 export async function verifyChecksum(
  distribution: string,
  tag: string,
  archivePath: string,
  filename: string
 ): Promise<void> {
  const baseUrl = `https://github.com/goreleaser/${distribution}/releases/download/${tag}`;
  let checksumsPath: string;
  try {
    core.info(`Downloading ${baseUrl}/checksums.txt`);
    checksumsPath = await tc.downloadTool(`${baseUrl}/checksums.txt`);
  } catch (e) {
    core.warning(`Skipping checksum verification: unable to download checksums.txt: ${e.message}`);
    return;
  }
  const sha256 = crypto.createHash('sha256').update(fs.readFileSync(archivePath)).digest('hex');
  const expected = findChecksum(fs.readFileSync(checksumsPath, 'utf8'), filename);
  if (!expected) {
    throw new Error(`Could not find ${filename} in checksums.txt`);
  }
  if (expected.toLowerCase() !== sha256.toLowerCase()) {
    throw new Error(`Checksum mismatch for ${filename}: expected ${expected}, got ${sha256}`);
  }
  core.info(`Checksum verified for ${filename}`);
  await verifyCosignSignature(distribution, tag, baseUrl, checksumsPath);
 }
 export const findChecksum = (checksumsContent: string, filename: string): string | undefined => {
  const match = checksumsContent
    .split('\n')
    .map(line => line.trim().split(/\s+/))
    .find(parts => parts.length >= 2 && parts[1].replace(/^[*]/, '') === filename);
  return match ? match[0] : undefined;
 };
 async function verifyCosignSignature(
  distribution: string,
  tag: string,
  baseUrl: string,
  checksumsPath: string
 ): Promise<void> {
  const cosign = await io.which('cosign', false);
  if (!cosign) {
    core.info('cosign not found in PATH, skipping signature verification');
    return;
  }
  let bundlePath: string;
  try {
    core.info(`Downloading ${baseUrl}/checksums.txt.sigstore.json`);
    bundlePath = await tc.downloadTool(`${baseUrl}/checksums.txt.sigstore.json`);
  } catch (e) {
    core.warning(`Skipping cosign signature verification: unable to download sigstore bundle: ${e.message}`);
    return;
  }
  const certificateIdentity = getCertificateIdentity(distribution, tag);
  core.info(`Verifying checksums.txt signature with cosign (identity: ${certificateIdentity})`);
  await exec.exec(cosign, [
    'verify-blob',
    '--certificate-identity',
    certificateIdentity,
    '--certificate-oidc-issuer',
    'https://token.actions.githubusercontent.com',
    '--bundle',
    bundlePath,
    checksumsPath
  ]);
  core.info('cosign signature verified');
 }
 export const getCertificateIdentity = (distribution: string, tag: string): string => {
  const pro = isPro(distribution);
  if (github.isNightlyTag(tag)) {
    const workflow = pro ? 'nightly-pro.yml' : 'nightly-oss.yml';
    const repo = pro ? 'goreleaser-pro-internal' : 'goreleaser';
    return `https://github.com/goreleaser/${repo}/.github/workflows/${workflow}@refs/heads/main`;
  }
  if (pro) {
    return `https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/${tag}`;
  }
  return `https://github.com/goreleaser/goreleaser/.github/workflows/release.yml@refs/tags/${tag}`;
 };
 export const distribSuffix = (distribution: string): string => {
  return isPro(distribution) ? '-pro' : '';
 };
 export const isPro = (distribution: string): boolean => {
  return distribution === 'goreleaser-pro';
 };
 const getFilename = (distribution: string): string => {
  let arch: string;
  switch (context.osArch) {
    case 'x64': {
      arch = 'x86_64';
      break;
    }
    case 'x32': {
      arch = 'i386';
      break;
    }
    case 'arm': {
      // eslint-disable-next-line @typescript-eslint/no-explicit-any
      const arm_version = (process.config.variables as any).arm_version;
      arch = arm_version ? 'armv' + arm_version : 'arm';
      break;
    }
    default: {
      arch = context.osArch;
      break;
    }
  }
  if (context.osPlat == 'darwin') {
    arch = 'all';
  }
  const platform: string = context.osPlat == 'win32' ? 'Windows' : context.osPlat == 'darwin' ? 'Darwin' : 'Linux';
  const ext: string = context.osPlat == 'win32' ? 'zip' : 'tar.gz';
  const suffix: string = distribSuffix(distribution);
  return `goreleaser${suffix}_${platform}_${arch}.${ext}`;
 };
 export async function getDistPath(yamlfile: string): Promise<string> {
  const cfg = yaml.load(fs.readFileSync(yamlfile, 'utf8'));
  return cfg.dist || 'dist';
 }
 export async function getArtifacts(distpath: string): Promise<string | undefined> {
  const artifactsFile = path.join(distpath, 'artifacts.json');
  if (!fs.existsSync(artifactsFile)) {
    return undefined;
  }
  const content = fs.readFileSync(artifactsFile, {encoding: 'utf-8'}).trim();
  if (content === 'null') {
    return undefined;
  }
  return content;
 }
 export async function getMetadata(distpath: string): Promise<string | undefined> {
  const metadataFile = path.join(distpath, 'metadata.json');
  if (!fs.existsSync(metadataFile)) {
    return undefined;
  }
  const content = fs.readFileSync(metadataFile, {encoding: 'utf-8'}).trim();
  if (content === 'null') {
    return undefined;
  }
  return content;
 }
--- a/src/installer.ts
+++ b/src/installer.ts
@ -0,0 +1,68 @@
 import * as core from '@actions/core';
 import * as tc from '@actions/tool-cache';
 import * as download from 'download';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import * as util from 'util';
 import * as restm from 'typed-rest-client/RestClient';
 let osPlat: string = os.platform();
 let osArch: string = os.arch();
 export async function getGoReleaser(version: string): Promise<string> {
  const selected = await determineVersion(version);
  if (selected) {
    version = selected;
  }
  core.info(`✅ GoReleaser version found: ${version}`);
  const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'goreleaser-'));
  const fileName = getFileName();
  const downloadUrl = util.format(
    'https://github.com/goreleaser/goreleaser/releases/download/%s/%s',
    version,
    fileName
  );
  core.info(`⬇️ Downloading ${downloadUrl}...`);
  await download.default(downloadUrl, tmpdir, {filename: fileName});
  core.info('📦 Extracting GoReleaser...');
  let extPath: string = tmpdir;
  if (osPlat == 'win32') {
    extPath = await tc.extractZip(`${tmpdir}/${fileName}`);
  } else {
    extPath = await tc.extractTar(`${tmpdir}/${fileName}`);
  }
  return path.join(extPath, osPlat == 'win32' ? 'goreleaser.exe' : 'goreleaser');
 }
 function getFileName(): string {
  const platform: string = osPlat == 'win32' ? 'Windows' : osPlat == 'darwin' ? 'Darwin' : 'Linux';
  const arch: string = osArch == 'x64' ? 'x86_64' : 'i386';
  const ext: string = osPlat == 'win32' ? 'zip' : 'tar.gz';
  return util.format('goreleaser_%s_%s.%s', platform, arch, ext);
 }
 interface GitHubRelease {
  tag_name: string;
 }
 async function determineVersion(version: string): Promise<string> {
  let rest: restm.RestClient = new restm.RestClient('goreleaser-action', 'https://github.com', undefined, {
    headers: {
      Accept: 'application/json'
    }
  });
  let res: restm.IRestResponse<GitHubRelease> = await rest.get<GitHubRelease>(
    `/goreleaser/goreleaser/releases/${version}`
  );
  if (res.statusCode != 200 || res.result === null) {
    throw new Error(`Cannot find GoReleaser ${version} release (http ${res.statusCode})`);
  }
  return res.result.tag_name;
 }
--- a/src/main.ts
+++ b/src/main.ts
@ -1,74 +1,51 @@
-import * as fs from 'fs';
+import * as git from './git';
-import * as path from 'path';
+import * as installer from './installer';
 import yargs from 'yargs';
 import type {Arguments} from 'yargs';
 import * as context from './context';
 import * as goreleaser from './goreleaser';
 import {getRequestedVersion} from './version';
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
 import * as fs from 'fs';
-async function run(): Promise<void> {
+export async function run(silent?: boolean) {
  try {
-    const inputs: context.Inputs = await context.getInputs();
+    const version = core.getInput('version') || 'latest';
-    const version = getRequestedVersion(inputs);
+    const args = core.getInput('args');
-    const bin = await goreleaser.install(inputs.distribution, version);
+    const key = core.getInput('key');
-    core.info(`GoReleaser ${version} installed successfully`);
+    const workdir = core.getInput('workdir') || '.';
    const goreleaser = await installer.getGoReleaser(version);
-    if (inputs.installOnly) {
+    const commit = await git.getShortCommit();
-      const goreleaserDir = path.dirname(bin);
+    const tag = await git.getTag();
-      core.addPath(goreleaserDir);
+    const isTagDirty = await git.isTagDirty(tag);
-      core.debug(`Added ${goreleaserDir} to PATH`);
+
-      return;
+    if (workdir && workdir !== '.') {
-    } else if (!inputs.args) {
+      core.info(`📂 Using ${workdir} as working directory...`);
-      core.setFailed('args input required');
+      process.chdir(workdir);
      return;
    }
-    if (inputs.workdir && inputs.workdir !== '.') {
+    let snapshot = '';
-      core.info(`Using ${inputs.workdir} as working directory`);
+    if (args.split(' ').indexOf('release') > -1) {
-      process.chdir(inputs.workdir);
+      if (isTagDirty) {
-    }
+        core.info(`⚠️ No tag found for commit ${commit}. Snapshot forced`);
-
+        if (!args.includes('--snapshot')) {
-    let yamlfile: string | unknown;
+          snapshot = ' --snapshot';
    const argv: Arguments<{config?: string}> = yargs(inputs.args).parseSync() as Arguments<{
      config?: string;
    }>;
    if (argv.config) {
      yamlfile = argv.config;
    } else {
      [
        '.config/goreleaser.yaml',
        '.config/goreleaser.yml',
        '.goreleaser.yaml',
        '.goreleaser.yml',
        'goreleaser.yaml',
        'goreleaser.yml'
      ].forEach(f => {
        if (fs.existsSync(f)) {
          yamlfile = f;
        }
      } else {
        core.info(`✅ ${tag} tag found for commit ${commit}`);
      }
    }
    if (key) {
      core.info('🔑 Importing signing key...');
      let path = `${process.env.HOME}/key.asc`;
      fs.writeFileSync(path, key, {mode: 0o600});
      await exec.exec('gpg', ['--import', path], {
        silent: silent
      });
    }
-    await exec.exec(`${bin} ${inputs.args}`);
+    core.info('🏃 Running GoReleaser...');
-
+    await exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, {
-    if (typeof yamlfile === 'string') {
+      silent: silent
-      const artifacts = await goreleaser.getArtifacts(await goreleaser.getDistPath(yamlfile));
+    });
      if (artifacts) {
        await core.group(`Artifacts output`, async () => {
          core.info(artifacts);
          core.setOutput('artifacts', artifacts);
        });
      }
      const metadata = await goreleaser.getMetadata(await goreleaser.getDistPath(yamlfile));
      if (metadata) {
        await core.group(`Metadata output`, async () => {
          core.info(metadata);
          core.setOutput('metadata', metadata);
        });
      }
    }
  } catch (error) {
    core.setFailed(error.message);
  }
--- a/src/test_setup.ts
+++ b/src/test_setup.ts
@ -1,9 +0,0 @@
 import * as tmp from 'tmp';
 tmp.setGracefulCleanup();
 const tmpdir = tmp.dirSync({template: 'goreleaser-XXXXXX'});
 process.env = Object.assign(process.env, {
  RUNNER_TEMP: tmpdir.name,
  RUNNER_TOOL_CACHE: tmpdir.name,
  GITHUB_ACTION: '1'
 });
--- a/src/version.ts
+++ b/src/version.ts
@ -1,56 +0,0 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import {Inputs} from './context';
 // Resolves the GoReleaser version to install.
 //
 // When `version-file` is set, it is read from disk and parsed; the resolved
 // value takes precedence over the `version` input. Otherwise, `version` is
 // returned as-is (it always has a default — see context.getInputs).
 export function getRequestedVersion(inputs: Inputs): string {
  if (!inputs.versionFile) {
    return inputs.version;
  }
  const filePath = path.isAbsolute(inputs.versionFile)
    ? inputs.versionFile
    : path.join(inputs.workdir || '.', inputs.versionFile);
  if (!fs.existsSync(filePath)) {
    throw new Error(`version-file not found: ${filePath}`);
  }
  const basename = path.basename(filePath);
  const content = fs.readFileSync(filePath, 'utf-8');
  switch (basename) {
    case '.tool-versions':
      return parseToolVersions(content, filePath);
    default:
      throw new Error(`Unsupported version-file: ${filePath} (only .tool-versions is supported)`);
  }
 }
 // Parses a single `goreleaser <version>` entry out of a `.tool-versions` file
 // (asdf/mise format). Full-line `#` comments and inline `# ...` suffixes are
 // stripped. When a tool lists multiple fallback versions only the first is
 // used. Bare semvers are returned with a leading `v`; constraint expressions
 // (`~> v2`, `latest`, ...) are returned as-is.
 function parseToolVersions(content: string, filePath: string): string {
  for (const rawLine of content.split('\n')) {
    const line = rawLine.replace(/#.*$/, '').trim();
    if (!line) {
      continue;
    }
    const tokens = line.split(/\s+/);
    if (tokens[0] !== 'goreleaser') {
      continue;
    }
    const version = tokens[1];
    if (!version) {
      throw new Error(`No version specified for goreleaser in ${filePath}`);
    }
    return /^\d/.test(version) ? `v${version}` : version;
  }
  throw new Error(`No goreleaser entry found in ${filePath}`);
 }
--- a/test/.goreleaser-dist.yml
+++ b/test/.goreleaser-dist.yml
@ -1,18 +0,0 @@
 env:
  - GO111MODULE=on
 before:
  hooks:
    - go mod download
 builds:
  -
    env:
      - CGO_ENABLED=0
    goos:
      - darwin
      - linux
    goarch:
      - amd64
 dist: _output
--- a/test/.goreleaser-signing.yml
+++ b/test/.goreleaser-signing.yml
@ -1,26 +0,0 @@
 env:
  - GO111MODULE=on
 before:
  hooks:
    - go mod download
 builds:
  -
    env:
      - CGO_ENABLED=0
    goos:
      - darwin
      - linux
      - windows
    goarch:
      - "386"
      - "amd64"
 checksum:
  name_template: 'checksums.txt'
 signs:
  -
    artifacts: checksum
    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
--- a/test/.goreleaser.yml
+++ b/test/.goreleaser.yml
@ -1,21 +0,0 @@
 env:
  - GO111MODULE=on
 before:
  hooks:
    - go mod download
 builds:
  -
    env:
      - CGO_ENABLED=0
    goos:
      - darwin
      - linux
      - windows
    goarch:
      - "386"
      - "amd64"
 checksum:
  name_template: 'checksums.txt'
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,22 +1,16 @@
 {
  "compilerOptions": {
-    "esModuleInterop": true,
+    "target": "es6",
-    "target": "ES2024",
+    "module": "commonjs",
-    "module": "ESNext",
+    "lib": [
      "es6"
    ],
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
-    "forceConsistentCasingInFileNames": true,
+    "strict": true,
    "noImplicitAny": false,
-    "resolveJsonModule": true,
+    "esModuleInterop": true
    "useUnknownInCatchVariables": false,
    "moduleResolution": "node",
    "strict": false,
    "skipLibCheck": true
  },
-  "exclude": [
+  "exclude": ["node_modules", "**/*.test.ts"]
    "node_modules",
    "**/*.test.ts",
    "jest.config.ts"
  ]
 }
`@ -1,2 +1,2 @@`
	`/dist/** linguist-generated=true -diff`	`/dist/** linguist-generated=true`
	`/lib/** linguist-generated=true -diff`	`/lib/** linguist-generated=true`
`@ -1,3 +1,3 @@`
	`module github.com/goreleaser/goreleaser-action`	`module github.com/goreleaser/goreleaser-action`

	`go 1.18`	`go 1.12`