chart-testing/.github/workflows/release.yaml

name: release
on:
  workflow_dispatch:
    inputs:
      version:
        description: Version
        required: true

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      id-token: write
      contents: write

    steps:

      - name: checkout
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.1
        with:
          fetch-depth: 0

      - name: shellcheck
        uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9 # v1.1.0

      - name: Setup go
        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.3.0
        with:
          go-version-file: './go.mod'
          check-latest: true

      - name: Install GoReleaser
        uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.1.0
        with:
          install-only: true

      - name: Install cosign
        uses: sigstore/cosign-installer@7cc35d7fdbe70d4278a0c96779081e6fac665f88 # v2.6.0

      - name: Install syft
        uses: anchore/sbom-action/download-syft@b5042e9d19d8b32849779bfe17673ff84aec702d # v0.12.0

      - name: Install tools
        run: |
          ./setup.sh

      - name: Lint
        run: |
          go vet -v ./...
          goimports -w -l .
          go mod tidy
          git diff --exit-code

      - name: Set up QEMU
        uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # v2.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0

      - name: Login to registry
        uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v2.0.0
        with:
          registry: quay.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Tag
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

          tag='${{ github.event.inputs.version }}'
          git tag --annotate --message "Tag for release $tag" "$tag"
          git push origin "refs/tags/$tag"

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -o nounset
          set -o pipefail

          echo "Building release ${{ github.event.inputs.version }}"
          ./build.sh --release