Merge pull request #90 from DelineaXPM/fix.vulnerability.crypto #21

	# This GitHub action can publish assets for release when a tag is created.
	# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
	#
	# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
	# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
	# secret. If you would rather own your own GPG handling, please fork this action
	# or use an alternative one for key handling.
	#
	# You will need to pass the `--batch` flag to `gpg` in your signing step
	# in `goreleaser` to indicate this is being used in a non-interactive mode.
	#
	name: release
	on:
	push:
	tags:
	- 'v*'
	jobs:
	goreleaser:
	runs-on: ubuntu-latest
	steps:
	-
	name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
	-
	name: Unshallow
	run: git fetch --prune --unshallow
	-
	name: Set up Go
	uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
	with:
	go-version: 1.21.0
	-
	name: Import GPG key
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5
	with:
	gpg_private_key: ${{ secrets.TERRAFORM_REGISTRY_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.TERRAFORM_REGISTRY_PASSPHRASE }}
	-
	name: Run GoReleaser
	uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
	with:
	version: latest
	args: release --clean
	env:
	GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
	# GitHub sets this automatically
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback