name: Release
on:
  release:
    types:
      - published
permissions: read-all
concurrency:
  group: ${{ github.workflow }}-${{ github.ref_name }}
  cancel-in-progress: true
jobs:
  pypi:
    name: Upload Python Package
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    environment:
      name: pypi
      url: https://pypi.org/project/${{github.event.repository.name}}/${{github.event.release.tag_name}}
    steps:
      - name: Retrieve release distributions
        uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
        with:
          tag: ${{ github.event.release.tag_name }}
          out-file-path: dist/
          fileName: '*'
      - name: Publish release distributions to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          packages-dir: dist/
  huggingface:
    name: Tag HuggingFace Space
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    environment:
      name: huggingface
      url: https://huggingface.co/spaces/${{github.repository}}/tree/${{github.event.release.tag_name}}
    steps:
      - name: Install uv
        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
        with:
          enable-cache: true
          activate-environment: true
      - name: Push to HF
        env:
          HF_TOKEN: ${{ secrets.HF_TOKEN }}
        run: >-
          uvx hf repo tag create ${{github.repository}} ${{github.event.release.tag_name}}
          --repo-type space
  image:
    name: Release Image
    needs: pypi
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    strategy:
      matrix:
        registry:
          - ghcr.io
          - docker.io
    uses: ./.github/workflows/.docker.yaml
    with:
      is_test: false
      registry: ${{ matrix.registry }}
      install_source: ${{github.event.repository.name}}==${{github.event.release.tag_name}}
    secrets: inherit