.github/workflows/release.yml

name: release

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      version:
        description: 'Version'
        required: true

permissions:
  contents: write

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Get version
        run: |
          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
          if [ -n "$VERSION" ]; then
            echo "RELEASE_VERSION=${{ inputs.version }}" >> $GITHUB_ENV
          fi
        env:
          VERSION: ${{ inputs.version }}

      - name: Build phar
        run: php -d phar.readonly=0 bin/build -v"$RELEASE_VERSION"

      - name: Sign phar
        run: |
          mkdir -p ~/.gnupg/
          chmod 0700 ~/.gnupg/
          echo "$GPG_SIGNING_KEY" > ~/.gnupg/private.key
          gpg --import --no-tty --batch --yes ~/.gnupg/private.key
          gpg -u anton@deployer.org --batch --pinentry-mode loopback --passphrase "${GPG_PASSPHRASE}" --detach-sign --output deployer.phar.asc deployer.phar
        env:
          GPG_SIGNING_KEY: |
            ${{ secrets.GPG_SIGNING_KEY }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

      - name: Upload phar
        run: gh release upload v"${RELEASE_VERSION}" deployer.phar
        env:
          GH_TOKEN: ${{ github.token }}

      - name: Upload signature
        run: gh release upload v"${RELEASE_VERSION}" deployer.phar.asc
        env:
          GH_TOKEN: ${{ github.token }}