ci: update build cmd #7

	name: Release

	on:
	push:
	tags:
	- '*'

	jobs:
	build-artifacts:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/vanilla-os/pico:main
	permissions:
	contents: read

	steps:
	- uses: actions/checkout@v6

	- name: Set up Go
	uses: actions/setup-go@v6
	with:
	go-version-file: go.mod

	- name: Build
	run: \|
	go build -o apx -ldflags="-X 'main.Version=${{ github.ref_name }}'" ./cmd
	tar -czvf apx-amd64.tar.gz apx
	GOARCH=arm64 go build -o apx -ldflags="-X 'main.Version=${{ github.sha }}'" ./cmd
	tar -czvf apx-arm64.tar.gz apx
	tar -czvf apx-man.tar.gz man/man1/apx.1

	- name: Calculate and Save Checksums
	run: sha256sum apx*.tar.gz >> checksums.txt

	- uses: actions/upload-artifact@v6
	with:
	name: apx
	path: \|
	apx*.tar.gz
	checksums.txt

	release:
	runs-on: ubuntu-latest
	needs: build-artifacts
	permissions:
	contents: write # to create and upload assets to releases
	attestations: write # to upload assets attestation for build provenance
	id-token: write # grant additional permission to attestation action to mint the OIDC token permission

	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	fetch-depth: 0

	- name: Download Artifact
	uses: actions/download-artifact@v7
	with:
	name: apx

	- name: Create Release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: gh release create "${{ github.ref_name }}" --generate-notes apx*.tar.gz checksums.txt

	- name: Attest Release Files
	id: attest
	uses: actions/attest-build-provenance@v2
	with:
	subject-path: 'apx*.tar.gz, checksums.txt'

Provide feedback