name: nightly-oss

on:
  workflow_dispatch:
  schedule:
    - cron: 0 0 * * 4

permissions:
  contents: write
  id-token: write
  packages: write

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    env:
      DOCKER_CLI_EXPERIMENTAL: "enabled"
    steps:
      - run: df -h
      - name: "node-cleanup"
        # this should increase free space from ~21gb to ~38gb
        run: |
          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
          sudo docker image prune --all --force
          sudo docker builder prune -a
      - run: df -h
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          fetch-depth: 1000 # never anything near had that many commits in a release anyway.
          fetch-tags: true
      - uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v1
        with:
          version: 3.x
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v2
      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v4
        with:
          go-version: stable
      - uses: sigstore/cosign-installer@v3.7.0
      - uses: anchore/sbom-action/download-syft@v0.17.7
      - uses: crazy-max/ghaction-upx@v3
        with:
          install-only: true
      - uses: cachix/install-nix-action@v30
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - name: dockerhub-login
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: ghcr-login
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser-pro
          version: "~> v2"
          args: release --clean --nightly -f .goreleaser-nightly.yaml --timeout 60m
        env:
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
          MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
          MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
          MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
          MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
          MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
      - run: df -h
        if: ${{ always() }}
  notify:
    runs-on: ubuntu-latest
    needs:
      - goreleaser
    if: ${{ always() }}
    steps:
      - name: Notify
        uses: nobrayner/discord-webhook@v1
        with:
          github-token: ${{ secrets.github_token }}
          title: "nightly"
          description: "goreleaser build finished with status {{STATUS}}"
          discord-webhook: ${{ secrets.NIGHTLY_DISCORD_WEBHOOK }}
          username: GoReleaser
          avatar-url: https://avatars.githubusercontent.com/u/24697112?v=4
          include-details: false