name: Release

on:
  push:
    tags:
      - '*'
    branches:
      - release

permissions:
  contents: write

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      ## Not needed on ubuntu-latest
      # Must come before Checkout, otherwise goreleaser fails
      # - name: Provide GPG and Git
      #   run: sudo apt update && sudo apt -qq -y install gnupg git curl zip unzip tar bzip2 make

      # Must come after git executable is provided
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: stable

      - name: Setup Syft
        uses: anchore/sbom-action/download-syft@1ca97d9028b51809cf6d3c934c3e160716e1b605 # v0.17.5

      # Necessary to run these outside of goreleaser, otherwise
      # /home/runner/_work/holos/holos/internal/frontend/node_modules/.bin/protoc-gen-connect-query is not in PATH
      - name: Install Tools
        run: |
          set -x
          make tools

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_CODE_SIGNING_SECRETKEY }}
          passphrase: ${{ secrets.GPG_CODE_SIGNING_PASSPHRASE }}

      - name: List keys
        run: gpg -K

      - name: Git diff
        run: git diff

      - uses: actions/create-github-app-token@v1
        id: app-token
        with:
          owner: ${{ github.repository_owner }}
          app-id: ${{ vars.GORELEASER_APP_ID }}
          private-key: ${{ secrets.GORELEASER_APP_PRIVATE_KEY }}

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: '~> v2'
          args: release --clean
        env:
          HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}