name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  release:
    name: Create release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup go
        uses: https://github.com/actions/setup-go@v5
        with:
          go-version: '>=1.23.0'

      - name: Install Nix
        uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
        with:
          # explicitly enable sandbox
          install_options: --daemon
          extra_nix_config: |
            sandbox = true
            system-features = nixos-test benchmark big-parallel kvm
          enable_kvm: true

      - name: Ensure environment
        run: >-
          apt-get update && apt-get install -y sqlite3
        if: ${{ runner.os == 'Linux' }}

      - name: Restore Nix store
        uses: nix-community/cache-nix-action@v5
        with:
          primary-key: nix-small-${{ runner.os }}-${{ hashFiles('**/*.nix') }}
          restore-prefixes-first-match: nix-small-${{ runner.os }}-

      - name: Build for release
        id: build-test
        run: nix build --print-out-paths --print-build-logs .#dist

      - name: Release
        id: use-go-action
        uses: https://gitea.com/actions/release-action@main
        with:
          files: |-
            result/fortify-**
          api_key: '${{secrets.RELEASE_TOKEN}}'