.github/workflows/release.yml

name: Release Pipeline
on:
  push:
    tags:
      - "v*.*.*"
jobs:
  openapi:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Generate Swagger UI
        uses: Legion2/swagger-ui-action@v1
        with:
          output: swagger-ui
          spec-file: pkg/docs/swagger.json
      - name: Deploy
        uses: peaceiris/actions-gh-pages@v3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_branch: swagger-ui-pages  # default: gh-pages
          publish_dir: swagger-ui

  goreleaser:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
      packages: write
    env:
      KO_DOCKER_REPO: "ghcr.io/${{ github.repository_owner }}"
      KO_DATA_PATH: "/usr/share/doc/${{ github.repository }}/"
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Install tools
        run: make install-ci-tools

      - name: Install cosign
        uses: sigstore/cosign-installer@v3.2.0

      - name: Setup ko
        uses: ko-build/setup-ko@v0.6

#      - name: Install Crane
#        uses: imjasonh/setup-crane@v0.3

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.21.x
          cache: true

      - name: Licenses
        run: make licenses

      - name: Login to ghcr.io
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ github.token }}

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v4
        id: run-goreleaser
        with:
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

#      - name: sign image
#        run: |
#          digest=$(crane digest ghcr.io/${{ github.repository }}:${{ github.sha }})
#          cosign sign --yes --force "ghcr.io/${{ github.repository }}@${digest}"
#        env:
#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  helm:
    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install tools
        run: make install-ci-tools

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.21.x
          cache: true

      - name: Generate helm docs
        run: make generate

      - name: Install Helm
        uses: azure/setup-helm@v3

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Packaging
        run: |
          VERSION=${{github.ref_name}}
          rm -rf .cr-release-packages
          mkdir -p .cr-release-packages
          helm package deploy/charts/auth0-exporter --app-version=${VERSION:1} --version=${VERSION:1} --destination=.cr-release-packages

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.5.0
        with:
          skip_packaging: true
          mark_as_latest: false
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"