name: Release

on:
  workflow_run:
    workflows:
      - "Golang"
    types: [ "completed" ]
    branches:
      - main
      - rc

permissions:
  contents: read # for checkout
  attestations: read #  for artifacts download

jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: "lts/*"

      - name: Install dependencies
        run: npm clean-install

      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
        run: npm audit signatures

      - name: Download build artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: build-*
          path: build/
          merge-multiple: true
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npx semantic-release