.github/workflows/post-tag.yaml

name: Post Tag

on:
  push:
    tags:
      - '*'

jobs:
  generate:
    name: Generate Code
    runs-on: ubuntu-18.04
    steps:
      - name: Check out code
        uses: actions/checkout@v3
        with:
          token: ${{ secrets.GH_PUSH_TOKEN }}

      - name: Generate
        run: make clean generate

  release-build:
    name: Release Build (linux, windows)
    runs-on: ubuntu-18.04
    needs: generate
    steps:
      - name: Check out code
        uses: actions/checkout@v3

      - name: Build Linux and Windows
        run: make ci-go-ci-build-linux ci-go-ci-build-linux-static ci-go-ci-build-windows
        timeout-minutes: 30
        env:
          TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}

      - name: Build Linux arm64
        run: make ci-go-ci-build-linux-static
        timeout-minutes: 30
        env:
          GOARCH: arm64
          TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}

      - name: Upload binaries
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: binaries
          path: _release

  release-build-darwin:
    name: Release Build (darwin)
    runs-on: macos-latest
    needs: generate
    steps:
      - name: Check out code
        uses: actions/checkout@v3

      - id: go_version
        name: Read go version
        run: echo "::set-output name=go_version::$(cat .go-version)"

      - name: Install Go (${{ steps.go_version.outputs.go_version }})
        uses: actions/setup-go@v3
        with:
          go-version: ${{ steps.go_version.outputs.go_version }}

      - name: Build Darwin
        run: make ci-build-darwin ci-build-darwin-arm64-static
        timeout-minutes: 30
        env:
          TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}

      - name: Upload binaries (darwin)
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: binaries
          path: _release

  build:
    name: Push Latest Release
    needs: [release-build, release-build-darwin]
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v3

      - name: Set TAG_NAME in Environment
        # Subsequent jobs will be have the computed tag name
        run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV

      - name: Download release binaries
        uses: actions/download-artifact@v3
        with:
          name: binaries
          path: _release

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

      - name: Build and Deploy OPA Docker Images
        id: build-and-deploy
        env:
          DOCKER_USER: ${{ secrets.DOCKER_USER }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
        # Only run if required secrets are provided
        if: ${{ env.DOCKER_USER && env.DOCKER_PASSWORD }}
        run: make release-ci

      - name: Create or Update Release
        env:
          # Required for the `hub` CLI
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./build/github-release.sh --asset-dir=$(make release-dir) --tag=${TAG_NAME}