.github/workflows/release.yaml

name: release

on:
  push:
    branches:
      - main
      - '[0-9]+.[0-9]+.x'
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  release-please:
    permissions:
      contents: write  # for google-github-actions/release-please-action to create release commit
      pull-requests: write  # for google-github-actions/release-please-action to create release PR
    runs-on: ubuntu-latest
    outputs:
      releases_created: ${{ steps.release.outputs.releases_created }}
      tag_name: ${{ steps.release.outputs.tag_name }}
    # Release-please creates a PR that tracks all changes
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     
      - uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4.1.1
        id: release
        with:
          command: manifest
          token: ${{secrets.GITHUB_TOKEN}}
          default-branch: main

  goreleaser:
    if: needs.release-please.outputs.releases_created == 'true'
    permissions:
      contents: write
    needs:
      - release-please
    runs-on: ubuntu-latest
    steps:
      - name: Free Disk Space (Ubuntu)
        uses: jlumbroso/free-disk-space@main
        with:
          # this might remove tools that are actually needed,
          # if set to "true" but frees about 6 GB
          tool-cache: false
          # all of these default to true, but feel free to set to
          # "false" if necessary for your workflow
          android: false
          dotnet: false
          haskell: false
          large-packages: true
          docker-images: true
          swap-storage: true
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
        with:
          go-version: '1.22'
      - name: Download Syft
        uses: anchore/sbom-action/download-syft@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.K8SGPT_BOT_SECRET }}
      - name: Update new version in krew-index
        uses: rajatjindal/krew-release-bot@3d9faef30a82761d610544f62afddca00993eef9 # v0.0.47

  build-container:
    if: needs.release-please.outputs.releases_created == 'true'
    needs:
      - release-please
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write
      id-token: write
    env:
      IMAGE_TAG: ghcr.io/k8sgpt-ai/k8sgpt:${{ needs.release-please.outputs.tag_name }}
      IMAGE_NAME: k8sgpt
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          submodules: recursive

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3

      - name: Login to GitHub Container Registry
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
        with:
          registry: "ghcr.io"
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Docker Image
        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
        with:
          context: .
          file: ./container/Dockerfile
          platforms: linux/amd64,linux/arm64
          target: production
          tags: |
            ${{ env.IMAGE_TAG }}
          builder: ${{ steps.buildx.outputs.name }}
          push: true
          cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
          cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}

      - name: Generate SBOM
        uses: anchore/sbom-action@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7
        with:
          image: ${{ env.IMAGE_TAG }}
          artifact-name: sbom-${{ env.IMAGE_NAME }}
          output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json

      - name: Attach SBOM to release
        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2
        with:
          tag_name: ${{ needs.release-please.outputs.tag_name }}
          files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json