name: Reproducible build

on:
  workflow_dispatch:

permissions:
  contents: read
  id-token: write
  attestations: write

jobs:
  build:
    strategy:
      matrix:
        os: [macos-latest, ubuntu-latest, windows-latest]
    runs-on: ${{ matrix.os }}

    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-go@v5
      with: { go-version: stable }

    - name: Build
      run: .github/workflows/repro.sh

    - uses: actions/attest-build-provenance@v1
      if: matrix.os == 'ubuntu-latest'
      with:
        subject-path: |
          embed/sqlite3.wasm
          util/vtabutil/parse/sql3parse_table.wasm