caddy-waf/.github/workflows/release.yml

name: Release Caddy Middleware

on:
  push:
    tags:
      - 'v*' # Trigger when a tag matching v* is pushed (e.g., v1.0.0)
  workflow_dispatch:  # Allow manual triggering from the GitHub UI

permissions:
  contents: write # Grant write permission for release creation

jobs:
  build-and-release:
    runs-on: ubuntu-latest # Base build platform for cross-compilation
    strategy:
      matrix:
        goos: [linux, windows, darwin]
        goarch: [amd64, arm64]
        exclude:
          - goos: windows
            goarch: arm64 # Windows on arm64 is not common, remove it.
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.25' # Use your desired go version

      - name: Extract Tag Name
        id: extract_tag
        if: startsWith(github.ref, 'refs/tags/')
        run: echo "TAG_NAME=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT

      - name: Build Binary
        env:
          GOOS: ${{ matrix.goos }}
          GOARCH: ${{ matrix.goarch }}
        run: |
          GOOS=${GOOS} GOARCH=${GOARCH} go build -ldflags "-X 'github.com/fabriziosalmi/caddy-waf/middleware.ModuleVersion=${{ steps.extract_tag.outputs.TAG_NAME }}'" -o caddy-waf-${GOOS}-${GOARCH}
          tar czf caddy-waf-${GOOS}-${GOARCH}.tar.gz caddy-waf-${GOOS}-${GOARCH}

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: caddy-waf-${{ matrix.goos }}-${{ matrix.goarch }}
          path: caddy-waf-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz

  create-release:
    runs-on: ubuntu-latest
    needs: build-and-release # Ensure all builds complete before creating release
    permissions:
      contents: write
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Extract Tag Name
        id: extract_tag
        if: startsWith(github.ref, 'refs/tags/')
        run: echo "TAG_NAME=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT

      - name: Download all artifacts
        uses: actions/download-artifact@v4

      - name: Release via GH CLI
        if: startsWith(github.ref, 'refs/tags/')
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAG_NAME: ${{ steps.extract_tag.outputs.TAG_NAME }}
        run: |
          # Flatten artifacts structure (download-artifact puts them in subdirs matches artifact name)
          # But we want all .tar.gz in current dir
          find . -name "*.tar.gz" -exec mv {} . \;
          
          echo "Creating or updating release for $TAG_NAME..."
          # Try to create release with assets. If it fails (exists), upload assets.
          gh release create "$TAG_NAME" *.tar.gz --title "$TAG_NAME" --generate-notes || \
          gh release upload "$TAG_NAME" *.tar.gz --clobber