release.yaml

# Terraform Provider release workflow.
name: Release

# This GitHub action creates a release when manually run with signer details
on:
  workflow_dispatch:
    inputs:
      CS_ID:
        description: "Code Signing ID"
        required: true
        type: string
      CS_API_TOKEN:
        description: "Code Signing API Token"
        required: true
        type: string

# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
permissions:
  contents: write

jobs:
  acceptance-tests:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Setup Just
        uses: extractions/setup-just@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Inject Env File
        run: echo "${{ secrets.ACCEPTANCE_ENV_FILE }}" > acceptance.env

      - name: Run Acceptance Tests
        run: just acceptance-tests acceptance.env

  goreleaser:
    runs-on: Signer
    needs: acceptance-tests
    steps:
      - uses: actions/checkout@v4.2.2
        with:
          # Allow goreleaser to access older tag information.
          fetch-depth: 0

      - name: Setup Just
        uses: extractions/setup-just@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/setup-go@v5.1.0
        with:
          go-version-file: 'go.mod'
          cache: true

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6.0.0
        with:
          args: release --clean
        env:
          # GitHub sets the GITHUB_TOKEN secret automatically.
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CS_ID: ${{ inputs.CS_ID }}
          CS_API_TOKEN:  ${{ inputs.CS_API_TOKEN }}