name: Create Release

on:
  push:
    tags:
      - '*'
    tags-ignore:
      - v0
      - v1
jobs:
  build:
    runs-on: ubuntu-go-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Import Secrets
        id: import-secrets
        uses: https://git.mthie.com/mthie/vault-action@v0
        with:
          url: ${{ env.VAULT_ADDR }}
          method: ${{ env.VAULT_AUTH_TYPE}}
          roleId: ${{ env.VAULT_APPROLE_ID }}
          secretId: ${{ env.VAULT_APPROLE_SECRET }}
          secrets: |
            passwords/data/ssh id_ecdsa | DEPLOY_KEY;
            passwords/data/ssh ssh_config | SSH_CONFIG;
            passwords/data/git.mthie.com gitconfig | GITCONFIG;
            passwords/data/git.mthie.com api_key | API_TOKEN

      - uses: actions/checkout@v3

      - name: init system
        run: |
          mkdir -p ~/.ssh && chmod 700 ~/.ssh
          git config --global user.email "github@mthie.com"
          git config --global user.name "Gitea Cron"
          git config pull.rebase true
          echo "${{ env.DEPLOY_KEY }}" > ~/.ssh/id_ecdsa
          echo "${{ env.SSH_CONFIG }}" > ~/.ssh/config
          echo '${{ env.GITCONFIG }}' > ~/.gitconfig
          cat ~/.gitconfig
          ssh-keyscan -t rsa git.mthie.com >> ~/.ssh/known_hosts
          chmod 400 ~/.ssh/id_ecdsa ~/.ssh/config

      - name: Build binary
        run: |
          go get ./...
          go build -o bin/vault *.go

      - name: Create Release
        uses: https://gitea.com/actions/release-action@main
        with:
          files: |-
            bin/**            
          api_key: '${{ env.API_TOKEN }}'