name: release

on:
  push:
    tags: ["v*"]
  workflow_dispatch:

concurrency:
  group: release

permissions:
  contents: read
  id-token: write
  packages: write

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        name: Checkout
        uses: spotdemo4/nix-init@5fe5a93e1ff2a6a4cfba1ae7d3f30d0dfed9d1a9 # v1.34.1
        with:
          app_id: ${{ vars.CLIENT_ID }}
          app_key: ${{ secrets.PRIVATE_KEY }}
          fetch_depth: 0
          shell: release

      - name: Release
        run: flake-release
        env:
          GITHUB_TOKEN: ${{ steps.checkout.outputs.token }}
          REGISTRY: ghcr.io
          REGISTRY_USERNAME: ${{ github.actor }}
          REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}