From d1f628c1967a91c163d6eac661b49bdde7a606f8 Mon Sep 17 00:00:00 2001 From: Lukasz Raczylo Date: Sun, 19 Apr 2026 23:33:20 +0100 Subject: [PATCH] fix(go-release-cgo): add ghcr login + buildx to build step goreleaser Pro's --split mode pushes Docker images during the per-target build job (see 'pushing docker images from partial release' in goreleaser output). The shared workflow previously only logged in to ghcr.io during the merge job, so the build-phase push failed with 'unauthorized: unauthenticated: User cannot be authenticated with the token provided'. Added docker/login-action + docker/setup-buildx-action to the build step, gated on matrix.goos == 'linux' since Docker images are Linux-only in every consumer of this workflow. Uses the default GITHUB_TOKEN, which has packages:write per the existing permissions block. --- .github/workflows/go-release-cgo.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/go-release-cgo.yaml b/.github/workflows/go-release-cgo.yaml index 6c52e03..6b295b4 100644 --- a/.github/workflows/go-release-cgo.yaml +++ b/.github/workflows/go-release-cgo.yaml @@ -201,6 +201,24 @@ jobs: name: frontend-dist path: ${{ inputs.node-embed-path }} + # goreleaser Pro --split pushes Docker images during the + # per-target build job (not just the merge job), so we need + # ghcr auth here too. Only on Linux runners — Docker builds + # are Linux-only in the projects that consume this workflow. + - name: Login to GitHub Container Registry + if: matrix.goos == 'linux' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + if: matrix.goos == 'linux' + uses: docker/setup-buildx-action@v3 + with: + driver-opts: image=moby/buildkit:latest + - name: Run GoReleaser (split) uses: lukaszraczylo/shared-actions/.github/actions/goreleaser@main with: