gogitlabber/.github/workflows/release.yml

---
name: "release"

on:
  push:
    tags:
      - "*"

jobs:
  release:
    name: "release"
    runs-on: "ubuntu-latest"
    steps:

      # checkout repo
      - name: "checkout"
        uses: "actions/checkout@v6"
        with:
          fetch-depth: 0

      # setup go
      - name: "set up go"
        uses: "actions/setup-go@v6"
        with:
          go-version: "stable"

      # install syft
      - name: "install syft"
        uses: "anchore/sbom-action/download-syft@v0"

      # run goreleaser
      - name: "run goreleaser"
        uses: "goreleaser/goreleaser-action@v7"
        with:
          version: "v2.8.2"
          args: "release --clean --config ./.github/.goreleaser.yaml"
        env:
          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}

      # generate sbom
      - name: "generate sbom"
        run: |
          APP_NAME="gogitlabber"
          VERSION=${GITHUB_REF#refs/tags/}
          syft go.mod -o spdx-json=${APP_NAME}-${VERSION}-sbom.spdx.json
          syft go.mod -o cyclonedx-json=${APP_NAME}-${VERSION}-sbom.cyclonedx.json

      # upload sbom to release
      - name: "upload sbom to release"
        uses: "softprops/action-gh-release@v3"
        with:
          files: |
            gogitlabber-*-sbom.spdx.json
            gogitlabber-*-sbom.cyclonedx.json
        env:
          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}