From fc088998c862c2aec5e0a720ae1f8ba92ea53f2b Mon Sep 17 00:00:00 2001
From: Nicolas FAUGEROUX <nicolas.faugeroux@protonmail.com>
Date: Mon, 23 Dec 2024 11:14:28 +0100
Subject: [PATCH] ci: add automatic release

---
 .github/workflows/release.yaml | 52 ++++++++++++++++++++++++++++++++++
 .gitignore                     |  3 +-
 .goreleaser.yaml               | 33 +++++++++++++++++++++
 3 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .goreleaser.yaml

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..c07a885
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,52 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*' # Trigger on version tags
+
+permissions:
+  contents: read
+
+jobs:
+  goreleaser:
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    permissions:
+      contents: write  # for goreleaser/goreleaser-action to create a GitHub release
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Run GoReleaser
+      id: run-goreleaser
+      uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
+      with:
+        version: latest
+        args: release --clean
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Generate subject
+      id: hash
+      env:
+        ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+      run: |
+        set -euo pipefail
+
+        checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
+        echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+  provenance:
+    needs: [goreleaser]
+    permissions:
+      actions: read # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 # not pinned to avoid breaking it, use it to target refs/tags/vX.Y.Z
+    with:
+      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
+      upload-assets: true # upload to a new release
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index d94cf1a..379f043 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ node_modules/
 hack/config/Pulumi.*.yaml
 hack/.env
 
-test/test_bruteforce.py
\ No newline at end of file
+test/test_bruteforce.py
+dist/
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
new file mode 100644
index 0000000..547c246
--- /dev/null
+++ b/.goreleaser.yaml
@@ -0,0 +1,33 @@
+version: 2
+
+builds: 
+  - skip: true
+
+archives:
+  - format: tar.gz
+    name_template: "{{ .ProjectName }}_{{ .Version }}"
+    files:
+      - LICENCE
+      - assets/**
+      - templates/**
+      - utils/**
+      - __init__.py
+      - api.py
+      - config.json
+      - decorators.py
+      - models.py
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+
+source:
+  enabled: true
+
+checksum: {}
+
+sboms:
+  - artifacts: source
\ No newline at end of file