name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  build-publish:
    name: "Build image and publish"
    timeout-minutes: 15
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      packages: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v5
      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.9.2
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: arm64
      - name: Set up docker buildx
        uses: docker/setup-buildx-action@v3

      - name: Github registry login
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        run: make images
        env:
          PUSH: "true"
      - name: Sign images
        run: make images-cosign