name: release
on:
  release:
    types: [published]
env:
  IMAGE_NAME: docker/attest-provider
jobs:
  dockerhub:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: dockerpublicbot
          password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.IMAGE_NAME }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: lab:latest
          driver: cloud
          endpoint: docker/default
          install: true
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          push: true
          target: production
          build-args: |
            VERSION=v${{ steps.meta.outputs.version }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64 # todo figure out additional platforms for release
          attests: type=sbom,generator=docker/scout-sbom-indexer:1
          provenance: mode=max