From b81a45fb551bf700641212bb2b018623cb91977d Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Sun, 7 Dec 2025 15:10:39 +0000
Subject: [PATCH] Add ability to build docker images and gha's

---
 .github/workflows/go-release.yaml | 68 +++++++++++++++++++++++++++----
 1 file changed, 61 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/go-release.yaml b/.github/workflows/go-release.yaml
index 74d18ee..7c29558 100644
--- a/.github/workflows/go-release.yaml
+++ b/.github/workflows/go-release.yaml
@@ -13,10 +13,24 @@ on:
         required: false
         type: string
         default: "semver.yaml"
-    secrets:
-      homebrew-tap-token:
-        description: "Token for Homebrew tap repository"
+      docker-enabled:
+        description: "Enable Docker builds (requires QEMU, Buildx, GHCR login)"
         required: false
+        type: boolean
+        default: false
+      docker-registry:
+        description: "Docker registry to push to"
+        required: false
+        type: string
+        default: "ghcr.io"
+      rolling-release-tag:
+        description: "Create a rolling release tag (e.g., 'v1') that always points to latest"
+        required: false
+        type: string
+        default: ""
+
+# Permissions are inherited from the caller workflow via secrets: inherit
+# Caller must declare: contents: write (required), packages: write (if docker-enabled)
 
 jobs:
   test:
@@ -82,12 +96,29 @@ jobs:
         with:
           go-version: ${{ inputs.go-version }}
 
+      # Docker setup (optional)
+      - name: Set up QEMU
+        if: inputs.docker-enabled
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: inputs.docker-enabled
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        if: inputs.docker-enabled
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.docker-registry }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Create and push tag
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
-          git tag -a ${{ needs.version.outputs.version_tag }} -m "Release ${{ needs.version.outputs.version_tag }}"
-          git push origin ${{ needs.version.outputs.version_tag }}
+          git tag -a ${{ needs.version.outputs.version_tag }} -m "Release ${{ needs.version.outputs.version_tag }}" || true
+          git push origin ${{ needs.version.outputs.version_tag }} || true
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
@@ -96,5 +127,28 @@ jobs:
           version: "~> v2"
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ github.token }}
-          HOMEBREW_TAP_TOKEN: ${{ secrets.homebrew-tap-token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
+
+      # Rolling release (optional, e.g., v1 for GitHub Actions)
+      - name: Delete existing rolling release
+        if: inputs.rolling-release-tag != ''
+        run: |
+          gh release delete ${{ inputs.rolling-release-tag }} --cleanup-tag -y || true
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create rolling release
+        if: inputs.rolling-release-tag != ''
+        uses: ncipollo/release-action@v1
+        with:
+          name: ${{ inputs.rolling-release-tag }} - ${{ needs.version.outputs.version_tag }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ inputs.rolling-release-tag }}
+          prerelease: false
+          allowUpdates: true
+          makeLatest: false
+          body: |
+            Rolling release pointing to version ${{ needs.version.outputs.version_tag }}.
+
+            Use `@${{ inputs.rolling-release-tag }}` in your GitHub Actions workflows for automatic updates.