name: Release

on:
  workflow_call:
    inputs:
      version:
        description: "Version to release"
        required: true
        type: string
    secrets:
      RELEASE_TOKEN:
        required: true
      GPG_PRIVATE_KEY:
        required: true
      PASSPHRASE:
        required: true
  push:
    tags:
      - "v*"

permissions: write-all

jobs:
  goreleaser:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
          lfs: true
          submodules: recursive

      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version: "1.21"
          cache: true

      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          git_config_global: true
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v4
        with:
          distribution: goreleaser
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
          VERSION: ${{ inputs.version }}