name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: write
    steps:

    - name: Check Out Repo
      uses: actions/checkout@v4

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: ${{ vars.RP_AWS_CRED_REGION }}
        role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}

    - name: Get secrets from AWS Secrets Manager
      uses: aws-actions/aws-secretsmanager-get-secrets@v2
      with:
        secret-ids: |
          ,sdlc/prod/github/cloudsmith
        parse-json-secrets: true

    - name: Free up some disk space on ubuntu
      if: ${{ runner.os == 'Linux' }}
      run: |
        # Workaround to provide additional free space for testing.
        #   https://github.com/actions/virtual-environments/issues/2840
        sudo rm -rf /usr/share/dotnet
        sudo rm -rf /opt/ghc
        sudo rm -rf "/usr/local/share/boost"
        sudo rm -rf "$AGENT_TOOLSDIRECTORY"

    - name: Install Go
      uses: actions/setup-go@v5
      with:
        go-version: 1.22.x
        check-latest: true

    - name: Release Notes
      run: ./resources/scripts/release_notes.sh > ./release_notes.md

    - name: Write telemetry private key
      env:
        CONNECT_TELEMETRY_PRIV_KEY: ${{ secrets.TELEMETRY_PRIVATE_KEY }}
      run: |
        git update-index --skip-worktree ./internal/telemetry/key.pem
        echo "$CONNECT_TELEMETRY_PRIV_KEY" > ./internal/telemetry/key.pem

    - uses: actions/setup-python@v5
      with:
        python-version: '3.12'

    - name: Install cloudsmith CLI (for publishing Linux packages)
      run: pip install cloudsmith-cli

    - name: GoReleaser
      uses: goreleaser/goreleaser-action@v6
      with:
        args: release --release-notes=./release_notes.md --timeout 120m
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        CLOUDSMITH_API_KEY: ${{ env.CLOUDSMITH_API_KEY }}

  docker:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - flavor: default
            latest: auto
            suffix: ""
            platform: linux/amd64,linux/arm64
            file: ./resources/docker/Dockerfile
          - flavor: cgo
            latest: false
            suffix: -cgo
            platform: linux/amd64
            file: ./resources/docker/Dockerfile.cgo
          - flavor: cloud
            latest: false
            suffix: -cloud
            platform: linux/amd64,linux/arm64
            file: ./resources/docker/Dockerfile.cloud
          - flavor: ai
            latest: false
            suffix: -ai
            platform: linux/amd64,linux/arm64
            file: ./resources/docker/Dockerfile.ai
    permissions:
      id-token: write
      packages: write
      contents: read
    steps:

    - name: Check Out Repo
      uses: actions/checkout@v4

    - name: Free up some disk space on ubuntu
      if: ${{ runner.os == 'Linux' }}
      run: |
        # Workaround to provide additional free space for testing.
        #   https://github.com/actions/virtual-environments/issues/2840
        sudo rm -rf /usr/share/dotnet
        sudo rm -rf /opt/ghc
        sudo rm -rf "/usr/local/share/boost"
        sudo rm -rf "$AGENT_TOOLSDIRECTORY"

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: ${{ vars.RP_AWS_CRED_REGION }}
        role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}

    - name: Get secrets from AWS Secrets Manager
      uses: aws-actions/aws-secretsmanager-get-secrets@v2
      with:
        secret-ids: |
          ,sdlc/prod/github/dockerhub
        parse-json-secrets: true

    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
        username: ${{ env.DOCKERHUB_USER }}
        password: ${{ env.DOCKERHUB_TOKEN }}

    - name: Install Buildx
      id: buildx
      uses: docker/setup-buildx-action@v3

    - name: Write telemetry private key
      if: ${{ matrix.suffix == '' || matrix.suffix == '-cgo' }}
      env:
        CONNECT_TELEMETRY_PRIV_KEY: ${{ secrets.TELEMETRY_PRIVATE_KEY }}
      run: |
        echo "Adding telemetry key"
        git update-index --skip-worktree ./internal/telemetry/key.pem
        echo "$CONNECT_TELEMETRY_PRIV_KEY" > ./internal/telemetry/key.pem

    - name: Docker meta
      id: docker_meta
      uses: docker/metadata-action@v5
      with:
        images: |
          redpandadata/connect
        flavor: |
          latest=${{ matrix.latest }}
          suffix=${{ matrix.suffix }}
        tags: |
          type=semver,suffix=${{ matrix.suffix }},pattern={{version}}
          type=semver,suffix=${{ matrix.suffix }},pattern={{major}}.{{minor}}
          type=semver,suffix=${{ matrix.suffix }},pattern={{major}}

    - name: Build and push
      uses: docker/build-push-action@v6
      with:
        context: ./
        file: ${{ matrix.file }}
        platforms: ${{ matrix.platform }}
        push: true
        tags: ${{ steps.docker_meta.outputs.tags }}