#
# Releaser workflow setup
# https://goreleaser.com/ci/actions/
#
name: release

# run only on tags
on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write # needed to write releases
  id-token: write # needed for keyless signing
  packages: write # needed for ghcr access

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags)
      - uses: actions/setup-go@v5
        with:
          go-version: 1.24
          cache: true
      - uses: sigstore/cosign-installer@v3.9.2         # installs cosign
      - uses: anchore/sbom-action/download-syft@v0.20.4 # installs syft
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - uses: docker/login-action@v3                   # login to ghcr
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: goreleaser/goreleaser-action@v6          # run goreleaser
        with:
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}