name: release

on:
  push:
    branches:
      - main
      - '[0-9]+.[0-9]+.x'
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  release-please:
    permissions:
      contents: write  # for google-github-actions/release-please-action to create release commit
      pull-requests: write  # for google-github-actions/release-please-action to create release PR
    runs-on: ubuntu-latest
    outputs:
      releases_created: ${{ steps.release.outputs.releases_created }}
      tag_name: ${{ steps.release.outputs.tag_name }}
    # Release-please creates a PR that tracks all changes
    steps:
      - name: Checkout
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
     
      - uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4.1.1
        id: release
        with:
          command: manifest
          token: ${{secrets.GITHUB_TOKEN}}
          default-branch: main

  goreleaser:
    if: needs.release-please.outputs.releases_created == 'true'
    permissions:
      contents: write
    needs:
      - release-please
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
        with:
          go-version: '1.22'
      - name: Download Syft
        uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6 # v5
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro'
          distribution: goreleaser
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.K8SGPT_BOT_SECRET }}
      - name: Update new version in krew-index
        uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46

  build-container:
    if: needs.release-please.outputs.releases_created == 'true'
    needs:
      - release-please
    runs-on: ubuntu-22.04
    permissions:
      contents: write
      packages: write
      id-token: write
    env:
      IMAGE_TAG: ghcr.io/k8sgpt-ai/k8sgpt:${{ needs.release-please.outputs.tag_name }}
      IMAGE_NAME: k8sgpt
    steps:
      - name: Checkout
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
        with:
          submodules: recursive

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3

      - name: Login to GitHub Container Registry
        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
        with:
          registry: "ghcr.io"
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Docker Image
        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
        with:
          context: .
          file: ./container/Dockerfile
          platforms: linux/amd64,linux/arm64
          target: production
          tags: |
            ${{ env.IMAGE_TAG }}
          builder: ${{ steps.buildx.outputs.name }}
          push: true
          cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
          cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}

      - name: Generate SBOM
        uses: anchore/sbom-action@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
        with:
          image: ${{ env.IMAGE_TAG }}
          artifact-name: sbom-${{ env.IMAGE_NAME }}
          output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json

      - name: Attach SBOM to release
        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          tag_name: ${{ needs.release-please.outputs.tag_name }}
          files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json