chart-testing/.github/workflows/release.yaml

name: release
on:
  workflow_dispatch:
    inputs:
      version:
        description: Version
        required: true

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      id-token: write
      contents: write

    steps:

      - name: checkout
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
        with:
          fetch-depth: 0

      - name: shellcheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0

      - name: Setup go
        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version-file: './go.mod'
          check-latest: true

      - name: Install GoReleaser
        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
        with:
          install-only: true

      - name: Install cosign
        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2

      - name: Install syft
        uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.0

      - name: Install tools
        run: |
          ./setup.sh

      - name: Lint
        run: |
          go vet -v ./...
          goimports -w -l .
          go mod tidy
          git diff --exit-code

      - name: Set up QEMU
        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0

      - name: Login to registry
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          registry: quay.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Tag
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

          tag='${{ github.event.inputs.version }}'
          git tag --annotate --message "Tag for release $tag" "$tag"
          git push origin "refs/tags/$tag"

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -o nounset
          set -o pipefail

          echo "Building release ${{ github.event.inputs.version }}"
          ./build.sh --release