steps:
- name: 'bash'
  args:
  - 'echo'
  - 'Cloud build substitution check: '
  - 'BUILD_ID=$BUILD_ID'
  - 'PROJECT_ID=$PROJECT_ID'
  - 'REVISION_ID=$REVISION_ID'
  - 'REPO_NAME=$REPO_NAME'
  - 'COMMIT_SHA=$COMMIT_SHA'
  - 'BRANCH_NAME=$BRANCH_NAME'
  - 'TAG_NAME=$TAG_NAME'

# Cloud build has already copied the repo at the tag that
# that triggered the build to its /workspace directory, but
# hasn't actually _cloned_ the repo (there's no .git directory).
#
# The goreleaser tool, however, needs the repo and its history
# to produce release notes.
#
# So clone the repo to /workspace/myClone to avoid directory
# name collision.
#
- name: gcr.io/cloud-builders/git
  args:
  - clone
  - https://github.com/kubernetes-sigs/kustomize.git
  - myClone

# Checkout the proper tag.
- name: gcr.io/cloud-builders/git
  dir: myClone
  args:
  - checkout
  - $TAG_NAME

# Run goreleaser indirectly via a shell script
# to configure it properly.
- name: goreleaser/goreleaser:v0.138.0
  entrypoint: /bin/sh
  dir: myClone
  secretEnv: ['GITHUB_TOKEN']
  args:
  - releasing/cloudbuild.sh
  - $TAG_NAME
  # - '--snapshot'
  # Use this final arg in a local build, to suppress
  # the release and leave the 'dist' directory in place.

# golreleaser expects the GITHUB_TOKEN env var to hold the github token
# it needs to write the released package and notes back to github.
# The raw token was encrypted by gcloud kms (Key Management Service)
# The base64 of that is shown below.  It's decrypted by cloud build
# and provided back to goreleaser.
secrets:
- kmsKeyName: projects/jregan-corp-gke-dev/locations/global/keyRings/kust-cloud-key-ring/cryptoKeys/kust-cloud-key-name
  secretEnv:
    GITHUB_TOKEN: CiQAwfbOkSP4tJf3ZJZMjzHaRPZ2RxiQhORZ3xxlVtpoy8631uQSUACk6WMKjtkpsRkRl+uxWUVvN29M5qveyXjaDDO094/qwsSc8RiYlHYt7Ii1bWkkz3P1kG0nHfG7Fd46A+GJ6R5NhmNfingd/nu9iKrNwLXK