name: Production CI/CD Pipeline

on:
  release:
    types: [released]

defaults:
  run:
    shell: bash

jobs:
  aws_deploy:
    name: AWS Deploy
    uses: ./.github/workflows/aws_deploy.yml
    with:
      aws_account_id: 977287343304
      aws_task_prefix: core-prod
      aws_role_prefix: core-prod
      environment: production
      release_tag: ${{ needs.test.outputs.releasetag }}
    permissions:
      id-token: write

  sbom:
    name: Upload SBOM
    needs: [aws_deploy]
    permissions:
      contents: read
    uses: ./.github/workflows/upload-sbom.yml
    with:
      projectversion: prod
    secrets:
      DTRACK_API_KEY: ${{ secrets.DTRACK_API_KEY }}