Go Build and Release Action

Complete Go release pipeline with linting, multi-platform builds, PGP signing, and automated GitHub releases using GoReleaser.

The Problem

Properly releasing Go applications requires orchestrating multiple tools. You need golangci-lint for code quality, GoReleaser for cross-compilation and packaging, PGP for signing, and GitVersion for semantic versioning. Each tool has its own configuration and setup requirements.

I was setting this up repeatedly across Go projects. The workflow was always the same - install Go, run linters, configure GoReleaser, manage signing keys, publish releases. 200+ lines of YAML that I'd copy-paste and tweak for each new project.

When GoReleaser released a new version or I needed to update linting rules, I had to hunt through every repository to make the change.

The Solution

This action bundles the entire Go release pipeline into a single reusable component. It handles tool installation, linting, signing key management, multi-platform compilation, and GitHub release creation.

You provide your code and a signing key. The action does the rest.

The bigger win is maintenance. One action across all Go projects means one place to fix bugs, upgrade dependencies, or add features. Every project benefits immediately without touching their workflow files.

Key Capabilities

• Automated linting: Runs golangci-lint with your config or sensible defaults
• Cross-compilation: Builds for multiple OS/architecture combinations via GoReleaser
• Artifact signing: PGP signs release checksums for verification
• GitVersion integration: Semantic versioning based on Git history
• GitHub Releases: Automatically creates releases with binaries and checksums

Quick Example

- name: Build and release
  uses: michielvha/goreleaser-action@v1
  with:
    github-token: ${{ github.token }}
    pgp-private-key: ${{ secrets.PGP_PRIVATE_KEY }}

That's it. The action handles Go setup, linting, cross-compilation, signing, and release creation.

Why This Matters

A Developer shouldn't need to know the intricacies of GoReleaser configuration or PGP key management. Developers should focus on their application code, not the CI/CD plumbing.

This is platform engineering in practice. Provide high-quality, reusable components that abstract away complexity. Lower the cognitive load, reduce duplication, and improve consistency across projects.

The security aspect matters too. Centralized signing and release processes make it easier to maintain security standards. If you need to rotate signing keys or update security practices, you do it once the source code repo rather than coordinating across dozens of repositories.

For detailed usage, PGP key generation instructions, and advanced configuration, see the GitHub repository.