.github/workflows/release.yml

---
name: "Release"

on:
  push:
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+*"

jobs:
  goreleaser:
    name: "Build and release packages"
    runs-on: ubuntu-latest
    permissions:
      id-token: write # For cosign
      packages: write # For GHCR
      contents: read # Not required for public repositories, but for clarity
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.21

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.6.0

      - name: Import GPG key
        id: gpg
        run: |
          echo "${GPG_PRIVATE_KEY}" | gpg --import --passphrase "${GPG_PASSPHRASE}" --batch --allow-secret-key-import

          GPG_KEY_FILE=/tmp/signing-key.gpg
          echo "${GPG_PRIVATE_KEY}" > "${GPG_KEY_FILE}"
          echo "GPG_KEY_FILE=${GPG_KEY_FILE}" >> "${GITHUB_ENV}"
        env:
          GPG_TTY: /dev/ttys000 # Set the GPG_TTY to avoid issues with pinentry
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

      - name: Setup snapcraft
        run: |
          sudo snap install snapcraft --classic --channel=7.x/stable

          # See https://github.com/goreleaser/goreleaser/issues/1715
          mkdir -p "$HOME/.cache/snapcraft/download"
          mkdir -p "$HOME/.cache/snapcraft/stage-packages"
        env:
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_TOKEN }}

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: "~> v2"
          args: release --clean -f ${{ vars.GORELEASER_CONFIG_PATH }}
        env:
          AUR_KEY: ${{ secrets.AUR_KEY }}
          GITHUB_TOKEN: ${{ secrets.TENV_GITHUB_TOKEN }}
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_TOKEN }}
          GPG_KEY_FILE: ${{ steps.gpg.outputs.GPG_KEY_FILE }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Push docker image to GitHub Container Registry
        env:
          docker_registry: "ghcr.io"
        run: |
          version=${GITHUB_REF#refs/*/v}
          IFS='.' read -ra version_arr <<< "${version}"

          architectures=("amd64" "arm64" "arm" "386")
          versions=("latest" "${version_arr[0]}.${version_arr[1]}" "${version}")

          for version in "${versions[@]}"; do
            manifest="${docker_registry}/tofuutils/tenv:${version}"
            images=""

            for arch in "${architectures[@]}"; do
              image="${docker_registry}/tofuutils/tenv:${version}-${arch}"
              echo "Pushing image ${image} ..."
              docker push ${image}
              if [ ${?} -ne 0 ]; then
                echo "Failed to push image ${image}"
                exit 1
              fi
              images="${image} ${images}"
            done

            docker manifest create "${manifest}" ${images}
            docker manifest push "${manifest}"

          done

          echo "All images and manifests pushed successfully to ${docker_registry}!"

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: registry.hub.docker.com
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Push docker image to DockerHub
        env:
          docker_registry: "registry.hub.docker.com"
        run: |
          version=${GITHUB_REF#refs/*/v}
          IFS='.' read -ra version_arr <<< "${version}"

          architectures=("amd64" "arm64" "arm" "386")
          versions=("latest" "${version_arr[0]}.${version_arr[1]}" "${version}")

          for version in "${versions[@]}"; do
            manifest="${docker_registry}/tofuutils/tenv:${version}"
            images=""

            for arch in "${architectures[@]}"; do
              image="${docker_registry}/tofuutils/tenv:${version}-${arch}"
              echo "Pushing image ${image} ..."
              docker push ${image}
              if [ ${?} -ne 0 ]; then
                echo "Failed to push image ${image}"
                exit 1
              fi
              images="${image} ${images}"
            done

            docker manifest create "${manifest}" ${images}
            docker manifest push "${manifest}"

          done

          echo "All images and manifests pushed successfully to ${docker_registry}!"