From 21f0e841711dd8400a0117c5c7c203ecbf735b26 Mon Sep 17 00:00:00 2001
From: Kyle Colantonio <k@yle.sh>
Date: Fri, 30 Aug 2024 22:20:18 -0400
Subject: [PATCH] feat: Updating main workflow

---
 .github/workflows/main.yml | 25 +++++++++++++++++++------
 README.md                  | 19 +++++++++++++++----
 2 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5bc03c3..c0687bd 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,14 +1,20 @@
-name: Main
+name: Action Test & Release
 
 on:
   push:
     branches: [main]
+    paths:
+      - .github/workflows/main.yml
+      - action.yml
   pull_request:
     branches: [main]
+    paths:
+      - .github/workflows/main.yml
+      - action.yml
 
 jobs:
   test:
-    name: Test crane-installer Action
+    name: Test action
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: true
@@ -18,10 +24,10 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Install SLSA verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@v2.6.0
+        uses: slsa-framework/slsa-verifier/actions/installer@3714a2a4684014deb874a0e737dffa0ee02dd647 # v2.6.0
         if: matrix.slsa && runner.os == 'Linux' # doesn't work on Windows or macOS
 
       - name: Install crane
@@ -39,11 +45,11 @@ jobs:
     needs: [test]
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Bump version tag
         id: tag
-        uses: mathieudutour/github-tag-action@v6.2
+        uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
@@ -55,3 +61,10 @@ jobs:
           git tag -f v$MAJOR.$MINOR
           git push -f -u origin v$MAJOR
           git push -f -u origin v$MAJOR.$MINOR
+
+      - name: Create GitHub release
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        with:
+          tag_name: v${{ steps.tag.outputs.new_version }}
+          make_latest: true
+          generate_release_notes: true
diff --git a/README.md b/README.md
index ac4e78d..51739ca 100644
--- a/README.md
+++ b/README.md
@@ -4,10 +4,16 @@
 [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/IAreKyleW00t/crane-installer?label=version)](https://github.com/IAreKyleW00t/crane-installer/tags)
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/IAreKyleW00t/crane-installer/main.yml)](https://github.com/IAreKyleW00t/crane-installer/actions/workflows/main.yml)
 [![License](https://img.shields.io/github/license/IAreKyleW00t/crane-installer)](https://github.com/IAreKyleW00t/crane-installer/blob/main/LICENSE)
+![Dependabot](https://img.shields.io/badge/dependabot-025E8C?style=flat&logo=dependabot&logoColor=white)
 
-This GitHub Action enables you to interacting with remote images and registries using [`crane`](https://github.com/google/go-containerregistry/tree/main/cmd/crane). This action will verify the integrity of the `crane` release during installation if you setup [SLSA 3 provenance](https://slsa.dev/) (see notes and examples below).
+This GitHub Action enables you to interacting with remote images and registries
+using [`crane`](https://github.com/google/go-containerregistry/tree/main/cmd/crane).
+This action will verify the integrity of the `crane` release during installation
+if you setup [SLSA 3 provenance](https://slsa.dev/) (see notes and examples below).
 
-For a quick start guide on the usage of `crane`, please refer to https://github.com/google/go-containerregistry/blob/main/cmd/crane/recipes.md. For available crane releases, see https://github.com/google/go-containerregistry/releases.
+For a quick start guide on the usage of `crane`, please refer to
+https://github.com/google/go-containerregistry/blob/main/cmd/crane/recipes.md.
+For available crane releases, see https://github.com/google/go-containerregistry/releases.
 
 ---
 
@@ -29,7 +35,10 @@ The following tags are available for the `iarekylew00t/crane-installer` action.
 
 ## Usage
 
-This action currently supports GitHub-provided Linux, macOS and Windows runners (self-hosted runners may not work). MacOS and Windows runners do not work with the [slsa-verifier](https://github.com/slsa-framework/slsa-verifier/tree/main/actions/installer) action, so integrity validation is skipped for those.
+This action currently supports GitHub-provided Linux, macOS and Windows runners
+(self-hosted runners may not work). MacOS and Windows runners do not work with the
+[slsa-verifier](https://github.com/slsa-framework/slsa-verifier/tree/main/actions/installer)
+action, so integrity validation is skipped for those.
 
 Add the following entry to your Github workflow YAML file:
 
@@ -111,7 +120,9 @@ jobs:
 
 ## Contributing
 
-Feel free to contribute and make things better by opening an [Issue](https://github.com/IAreKyleW00t/crane-installer/issues) or [Pull Request](https://github.com/IAreKyleW00t/crane-installer/pulls).
+Feel free to contribute and make things better by opening an
+[Issue](https://github.com/IAreKyleW00t/crane-installer/issues) or
+[Pull Request](https://github.com/IAreKyleW00t/crane-installer/pulls).
 
 ## License