orchard/.github/workflows/release.yml

name: Release

on:
  push:
    tags:
      - "*"
  workflow_dispatch:

permissions:
  contents: write
  packages: write

jobs:
  release:
    name: ${{ github.ref_type == 'tag' && 'Release Binaries' || 'Release Binaries (Dry Run)' }}
    runs-on: ubuntu-latest
    timeout-minutes: 60
    env:
      GITHUB_TOKEN: ${{ secrets.GH_PAT }}
      GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
      MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
      MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
      MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
      MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
      MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
          cache: true
      - name: Release
        if: github.ref_type == 'tag'
        uses: goreleaser/goreleaser-action@v7
        with:
          distribution: goreleaser-pro
          version: "~> v2"
          args: release --clean
      - name: Release dry run
        if: github.ref_type != 'tag'
        uses: goreleaser/goreleaser-action@v7
        with:
          distribution: goreleaser-pro
          version: "~> v2"
          args: release --skip=publish --snapshot --clean
      - name: Upload dry-run artifacts
        if: github.ref_type != 'tag'
        uses: actions/upload-artifact@v6
        with:
          name: orchard-snapshot
          path: dist/**

  docker:
    name: Release Docker Image
    if: github.ref_type == 'tag'
    needs: release
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v6
      - uses: docker/setup-qemu-action@v4
      - uses: docker/setup-buildx-action@v4
      - uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ github.token }}
      - name: Build and push
        uses: docker/build-push-action@v7
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ghcr.io/openai/orchard:${{ github.ref_name }}
            ghcr.io/openai/orchard:latest            
          build-args: |
            VERSION=${{ github.ref_name }}
            COMMIT=${{ github.sha }}