From a85ebc38aaacec1c33ae3690f104fafb296ecaa4 Mon Sep 17 00:00:00 2001
From: Alex Lovell-Troy <alovelltroy@lanl.gov>
Date: Mon, 29 Jan 2024 17:37:15 -0500
Subject: [PATCH] Allow tags and releases in a single step

---
 .github/workflows/auto-tag.yml | 56 ++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml
index 69af348..c5a0116 100644
--- a/.github/workflows/auto-tag.yml
+++ b/.github/workflows/auto-tag.yml
@@ -1,7 +1,7 @@
 # This workflow will build a golang project
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
 
-name: Automatically Tag on PR to main
+name: Automatically Tag and Release on PR to main
 
 on:
   pull_request:
@@ -29,4 +29,56 @@ jobs:
         WITH_V: true
         DEFAULT_BRANCH: main
         DEFAULT_BUMP: patch
-        PRERELEASE: true
\ No newline at end of file
+        PRERELEASE: false
+        PRERELEASE_ID: rc
+
+  build:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - name: Set up Go 1.21
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+          fetch-tags: 1
+          fetch-depth: 1
+      - name: Release with goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          version: latest
+          args: release --clean
+        id: goreleaser
+      - name: Process goreleaser output
+        id: process_goreleaser_output
+        run: |
+          echo "const fs = require('fs');" > process.js
+          echo 'const artifacts = ${{ steps.goreleaser.outputs.artifacts }}' >> process.js
+          echo "const firstNonNullDigest = artifacts.find(artifact => artifact.extra && artifact.extra.Digest != null)?.extra.Digest;" >> process.js
+          echo "console.log(firstNonNullDigest);" >> process.js
+          echo "fs.writeFileSync('digest.txt', firstNonNullDigest);" >> process.js
+          node process.js
+          echo "digest=$(cat digest.txt)" >> $GITHUB_OUTPUT
+      - name: Attest Binaries
+        uses: github-early-access/generate-build-provenance@main
+        with:
+          subject-path: dist/ochami-init
+      - name: generate build provenance
+        uses: github-early-access/generate-build-provenance@main
+        with:
+          subject-name: ghcr.io/openchami/ochami-init
+          subject-digest: ${{ steps.process_goreleaser_output.outputs.digest }}
+          push-to-registry: true