name: Release
# This workflow is triggered when publishing a GitHub release
on:
  release:
    types:
    - published

jobs:
  release:
    permissions:
      id-token: write
      contents: write
    uses: SonarSource/gh-action_release/.github/workflows/main.yaml@28c15313f2bb2ee0cb67ba48cc008c2391851b81 # 5.0.1
    with:
      publishToBinaries: true
      mavenCentralSync: true
      slackChannel: team-sonarqube-build
  release_docker:
    permissions:
      id-token: write
    runs-on: ubuntu-latest
    name: Start Docker release process
    needs: release
    timeout-minutes: 60
    steps:
    - name: get secrets
      id: secrets
      uses: SonarSource/vault-action-wrapper@8e22afd670393ed80f489f5dbd517d09ea21d75b # 2.4.3-1
      with:
        secrets: |
          development/github/token/SonarSource-sonar-scanner-cli-release token | GITHUB_TOKEN_RELEASE;
          development/kv/data/slack token | SLACK_BOT_TOKEN;
    - name: Notify failures on Slack
      uses: slackapi/slack-github-action@v1.23.0
      if: failure()
      with:
        channel-id: team-sonarqube-build
        slack-message: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}"
      env:
        SLACK_BOT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}