name: Release
on:
  push:
    # Only release on supported semantic version tagging e.g. v0.0.1-rc.0
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'
      - 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
      - 'v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+'
      - 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+'
jobs:
  release:
    permissions:
      id-token: write # aws-actions/configure-aws-credentials@v4.0.1
      contents: write # marvinpinto/action-automatic-releases@v1.2.1
      pull-requests: write # name: Create PR
    if: github.repository == 'aws/karpenter-provider-aws'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          fetch-depth: 0
      - name: Create GitHub Release
        uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
        with:
          repo_token: '${{ secrets.GITHUB_TOKEN }}'
          prerelease: false
      - uses: ./.github/actions/install-deps
      - uses: ./.github/actions/e2e/install-helm
        with:
          version: v3.12.3 # Pinned to this version since v3.13.0 has issues with pushing to public ECR: https://github.com/helm/helm/issues/12442
      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: 'arn:aws:iam::${{ vars.RELEASE_ACCOUNT_ID }}:role/${{ vars.RELEASE_ROLE_NAME }}'
          aws-region: ${{ vars.RELEASE_REGION }}
      - run: make release
      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: 'arn:aws:iam::${{ vars.READONLY_ACCOUNT_ID }}:role/${{ vars.READONLY_ROLE_NAME }}'
          aws-region: ${{ vars.READONLY_REGION }}
      - run: make docgen
      - run: make prepare-website
      - run: make stable-release-pr
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_REPO: ${{ github.repository }}
      - name: Create PR
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const { repo, owner } = context.repo;
            const tag = context.ref.replace("refs/tags/", '');
            const result = await github.rest.pulls.create({
              title: `chore: Release ${tag}`,
              owner,
              repo,
              head: `release-${tag}`,
              base: 'main',
              body: [
                `Stable Release Changes for ${tag}.`,
                'Please disregard this PR if it is for a patch release.',
                'Please remove the branch after merging.',
                'This PR is generated by [StableRelease](https://github.com/aws/karpenter-provider-aws/actions/workflows/stable-release.yml).'
              ].join('\n')
            });
            github.rest.issues.addLabels({
              owner,
              repo,
              issue_number: result.data.number,
              labels: ['stable-release','website','helm-charts']
            });