# depends_on:
#   - test

when:
  # - event: [tag]
  - event: push
    branch: ${CI_DEFAULT_BRANCH}

variables:
  - &buildx-plugin "woodpeckerci/plugin-docker-buildx:6.0.2"
  - &repo "registry.mareshq.com/woodpecker-plugins/cosign-sign"
  - &platforms "linux/arm64/v8,linux/amd64"

steps:
  publish-next:
    image: *buildx-plugin
    settings:
      repo: *repo
      platforms: *platforms
      tag: next
      logins:
        - registry: https://registry.mareshq.com
          username:
            from_secret: registry_username
          password:
            from_secret: registry_password
    when:
      branch: main
      event: push

  publish-tag:
    image: *buildx-plugin
    settings:
      repo: *repo
      platforms: *platforms
      tag: [latest, "${CI_COMMIT_TAG}"]
      logins:
        - registry: https://registry.mareshq.com
          username:
            from_secret: registry_username
          password:
            from_secret: registry_password
    when:
      event: tag

  setup-cosign-key:
    image: alpine
    environment:
      COSIGN_KEY:
        from_secret: cosign_key
    commands:
      - echo $COSIGN_KEY > ./cosign.key

  sign-next:
    image: registry.mareshq.com/woodpecker-plugins/cosign-sign:next
    settings:
      image: registry.mareshq.com/woodpecker-plugins/cosign-sign:next