name: build-unified
on:
  push:
    paths-ignore: # don't rebuild if only documentation has changed
      - "**.md"
  pull_request:
  merge_group:
  workflow_dispatch:

jobs:
  build-unified:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - uses: hustcer/setup-nu@e78fff18e25cbb326611c45cafbce078103b4df7 # v3.18
        with:
          version: v0.93

      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Login to GitHub Container Registry
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      
      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1

      - name: Run build and push script
        run: nu ./build-unified.nu
        env:
          REGISTRY: ghcr.io/${{ github.repository_owner }}
          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
          GH_EVENT_NAME: ${{ github.event_name }}
          GH_PR_NUMBER: ${{ github.event.number }}
          GH_BRANCH: ${{ github.ref_name }}