chart-testing/.github/workflows/release.yaml

name: release
on:
  workflow_dispatch:
    inputs:
      version:
        description: Version
        required: true

permissions: {}

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      id-token: write
      contents: write

    steps:

      - name: checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - name: shellcheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0

      - name: Setup go
        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: '1.25'
          check-latest: true
          cache: false

      - name: Install GoReleaser
        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
        with:
          install-only: true

      - name: Install cosign
        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0

      - name: Install syft
        uses: anchore/sbom-action/download-syft@62ad5284b8ced813296287a0b63906cb364b73ee # v0.22.0

      - name: Install tools
        run: |
          ./setup.sh

      - name: Lint
        run: |
          go vet -v ./...
          goimports -w -l .
          go mod tidy
          git diff --exit-code

      - name: Set up QEMU
        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Login to registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: quay.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Tag
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

          tag='${{ github.event.inputs.version }}'
          git tag --annotate --message "Tag for release $tag" "$tag"
          git push origin "refs/tags/$tag"

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -o nounset
          set -o pipefail

          echo "Building release ${{ github.event.inputs.version }}"
          ./build.sh --release