goreleaser/.github/workflows/nightly-oss.yml

name: nightly-oss

on:
  workflow_dispatch:
  schedule:
    - cron: 0 0 * * 4

permissions:
  contents: write
  id-token: write
  packages: write

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    env:
      DOCKER_CLI_EXPERIMENTAL: "enabled"
    steps:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v3
        with:
          fetch-depth: 0
      - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
        with:
          version: 3.x
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
      - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v2
      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
        with:
          go-version: stable
      - uses: sigstore/cosign-installer@v3.1.2
      - uses: anchore/sbom-action/download-syft@v0.14.3
      - uses: crazy-max/ghaction-upx@v3
        with:
          install-only: true
      - uses: cachix/install-nix-action@v23
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - name: dockerhub-login
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: ghcr-login
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser-pro
          version: nightly
          args: release --clean --nightly -f .goreleaser-nightly.yaml --timeout 60m
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}