.github/workflows/release.yaml

name: Release

on:
    push:
        branches: [ main ]
    pull_request:
    release:
        types: [ created ]

jobs:
    build-phar:
        runs-on: ubuntu-latest
        name: Build PHAR
        steps:
            -   name: Checkout
                uses: actions/checkout@v3
                with:
                    fetch-depth: 0

            -   name: Setup PHP
                uses: shivammathur/setup-php@v2
                with:
                    php-version: '8.1'
                    ini-values: phar.readonly=0
                    tools: composer
                    coverage: none

            # https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable
            -   name: Configure composer root version
                run: |
                    source .composer-root-version
                    echo "COMPOSER_ROOT_VERSION=${COMPOSER_ROOT_VERSION}" >> $GITHUB_ENV

            -   name: Install Composer dependencies
                uses: ramsey/composer-install@v2

            -   name: Configure the PHP platform
                run: composer config platform.php $(php -r 'echo phpversion();') && composer update --lock

            -   name: Build PHAR
                run: make build

            # Smoke test
            -   name: Ensure the PHAR works
                run: bin/php-scoper.phar --version

            -   name: Import GPG key
                if: github.event_name == 'release'
                uses: crazy-max/ghaction-import-gpg@v5
                with:
                    gpg_private_key: ${{ secrets.GPG_KEY_74A754C9778AA03AA451D1C1A000F927D67184EE }}
                    passphrase: ${{ secrets.GPG_KEY_74A754C9778AA03AA451D1C1A000F927D67184EE_PASSPHRASE }}

            -   name: Sign the PHAR
                if: github.event_name == 'release'
                run: |
                   gpg --local-user theo.fidry+phpscoper@gmail.com \
                       --batch \
                       --yes \
                       --passphrase="${{ secrets.GPG_KEY_74A754C9778AA03AA451D1C1A000F927D67184EE_PASSPHRASE }}" \
                       --detach-sign \
                       --output bin/php-scoper.phar.asc \
                       bin/php-scoper.phar

            -   name: Upload the PHAR artifact
                if: github.event_name == 'release'
                uses: actions/upload-artifact@v3
                with:
                    name: php-scoper-phar
                    path: |
                        bin/php-scoper.phar
                        bin/php-scoper.phar.asc

    publish-phar:
        runs-on: ubuntu-latest
        name: Publish PHAR
        needs:
            - 'build-phar'
        if: github.event_name == 'release'
        steps:
            -   uses: actions/download-artifact@v3
                with:
                    name: php-scoper-phar
                    path: .

            -   name: Upload php-scoper.phar
                uses: softprops/action-gh-release@v1
                with:
                    token: ${{ secrets.PHP_SCOPER_GITHUB_TOKEN }}
                    files: |
                        php-scoper.phar
                        php-scoper.phar.asc