name: Release with goreleaser

on:
  workflow_dispatch:
  push:
    tags:
      - v*

permissions: write-all # Necessary for the generate-build-provenance action with containers

jobs:

  build:


    runs-on: ubuntu-latest

    steps:
      - name: Set up Go 1.21
        uses: actions/setup-go@v5
        with:
          go-version: 1.21
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-tags: 1
          fetch-depth: 0
      - name: Release with goreleaser
        uses: goreleaser/goreleaser-action@v6
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          version: latest
          args: release --clean
        id: goreleaser
      - name: Process goreleaser output
        id: process_goreleaser_output
        run: |
          echo "const fs = require('fs');" > process.js
          echo 'const artifacts = ${{ steps.goreleaser.outputs.artifacts }}' >> process.js
          echo "const firstNonNullDigest = artifacts.find(artifact => artifact.extra && artifact.extra.Digest != null)?.extra.Digest;" >> process.js
          echo "console.log(firstNonNullDigest);" >> process.js
          echo "fs.writeFileSync('digest.txt', firstNonNullDigest);" >> process.js
          node process.js
          echo "digest=$(cat digest.txt)" >> $GITHUB_OUTPUT
      - name: Attest Binaries
        uses: actions/attest-build-provenance@v1
        with:
          subject-path: magellan