stages:
  - build
  - build docker image
  - test
  - upload artifacts

variables:
  # Make GitLab CI go fast:
  GIT_SUBMODULE_STRATEGY: recursive
  FF_USE_FASTZIP: 1
  CACHE_COMPRESSION_LEVEL: fastest

# --------------------------------------------------------------------- #
#  Create and publish docker image                                      #
# --------------------------------------------------------------------- #

.docker-shared-settings:
  stage: "build docker image"
  image:
    name: jdrouet/docker-with-buildx:20.10.21-0.9.1
    pull_policy: if-not-present
  needs: []
  tags: [ "docker" ]
  variables:
    # Docker in Docker:
    DOCKER_HOST: tcp://docker:2375/
    DOCKER_TLS_CERTDIR: ""
    # Famedly runners use BTRFS, overlayfs and overlay2 often break jobs
    DOCKER_DRIVER: btrfs
  services:
    - docker:dind
  script:
    - apk add openssh-client
    - eval $(ssh-agent -s)
    - mkdir -p ~/.ssh && chmod 700 ~/.ssh
    - printf "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config
    - sh .gitlab/setup-buildx-remote-builders.sh
    # Authorize against this project's own image registry:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    # Build multiplatform image and push to temporary tag:
    - >
      docker buildx build 
      --platform "linux/arm/v7,linux/arm64,linux/amd64"
      --pull
      --tag "$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
      --push
      --file "Dockerfile" .
    # Build multiplatform image to deb stage and extract their .deb files:
    - >
      docker buildx build 
      --platform "linux/arm/v7,linux/arm64,linux/amd64"
      --target "packager-result"
      --output="type=local,dest=/tmp/build-output"
      --file "Dockerfile" .
    # Build multiplatform image to binary stage and extract their binaries:
    - >
      docker buildx build 
      --platform "linux/arm/v7,linux/arm64,linux/amd64"
      --target "builder-result"
      --output="type=local,dest=/tmp/build-output"
      --file "Dockerfile" .
    # Copy to GitLab container registry:
    - >
      docker buildx imagetools create
      --tag "$CI_REGISTRY_IMAGE/$TAG"
      --tag "$CI_REGISTRY_IMAGE/$TAG-bullseye"
      --tag "$CI_REGISTRY_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
      "$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
    # if DockerHub credentials exist, also copy to dockerhub:
    - if [ -n "${DOCKER_HUB}" ]; then docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PASSWORD" "$DOCKER_HUB"; fi
    - >
      if [ -n "${DOCKER_HUB}" ]; then 
      docker buildx imagetools create
      --tag "$DOCKER_HUB_IMAGE/$TAG"
      --tag "$DOCKER_HUB_IMAGE/$TAG-bullseye"
      --tag "$DOCKER_HUB_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
      "$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
      ; fi
    - mv /tmp/build-output ./
  artifacts:
    paths:
      - "./build-output/" 

docker:next:
  extends: .docker-shared-settings
  rules:
    - if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "next"'
  variables:
    TAG: "matrix-conduit:next"

docker:master:
  extends: .docker-shared-settings
  rules:
    - if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "master"'
  variables:
    TAG: "matrix-conduit:latest"

docker:tags:
  extends: .docker-shared-settings
  rules:
    - if: "$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_TAG"
  variables:
    TAG: "matrix-conduit:$CI_COMMIT_TAG"


# --------------------------------------------------------------------- #
#  Run tests                                                            #
# --------------------------------------------------------------------- #

cargo check:
  stage: test
  image: docker.io/rust:1.64.0-bullseye
  needs: []
  interruptible: true
  before_script:
    - "rustup show && rustc --version && cargo --version" # Print version info for debugging
    - apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
  script:
    - cargo check


.test-shared-settings:
  stage: "test"
  needs: []
  image: "registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:latest"
  tags: ["docker"]
  variables:
    CARGO_INCREMENTAL: "false" # https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow
  interruptible: true

test:cargo:
  extends: .test-shared-settings
  before_script:
    - apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
  script:
    - rustc --version && cargo --version # Print version info for debugging
    - "cargo test --color always --workspace --verbose --locked --no-fail-fast -- -Z unstable-options --format json | gitlab-report -p test > $CI_PROJECT_DIR/report.xml"
  artifacts:
    when: always
    reports:
      junit: report.xml

test:clippy:
  extends: .test-shared-settings
  allow_failure: true
  before_script:
    - rustup component add clippy
    - apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
  script:
    - rustc --version && cargo --version # Print version info for debugging
    - "cargo clippy --color always --verbose --message-format=json | gitlab-report -p clippy > $CI_PROJECT_DIR/gl-code-quality-report.json"
  artifacts:
    when: always
    reports:
      codequality: gl-code-quality-report.json

test:format:
  extends: .test-shared-settings
  before_script:
    - rustup component add rustfmt
  script:
    - cargo fmt --all -- --check

test:audit:
  extends: .test-shared-settings
  allow_failure: true
  script:
    - cargo audit --color always || true
    - cargo audit --stale --json | gitlab-report -p audit > gl-sast-report.json
  artifacts:
    when: always
    reports:
      sast: gl-sast-report.json

test:dockerlint:
  stage: "test"
  needs: []
  image: "ghcr.io/hadolint/hadolint@sha256:6c4b7c23f96339489dd35f21a711996d7ce63047467a9a562287748a03ad5242" # 2.8.0-alpine
  interruptible: true
  script:
    - hadolint --version
    # First pass: Print for CI log:
    - >
      hadolint
      --no-fail --verbose
      ./Dockerfile
    # Then output the results into a json for GitLab to pretty-print this in the MR:
    - >
      hadolint
      --format gitlab_codeclimate
      --failure-threshold error
      ./Dockerfile > dockerlint.json
  artifacts:
    when: always
    reports:
      codequality: dockerlint.json
    paths:
      - dockerlint.json
  rules:
    - if: '$CI_COMMIT_REF_NAME != "master"'
      changes:
        - docker/*Dockerfile
        - Dockerfile
        - .gitlab-ci.yml
    - if: '$CI_COMMIT_REF_NAME == "master"'
    - if: '$CI_COMMIT_REF_NAME == "next"'

# --------------------------------------------------------------------- #
#  Store binaries as package so they have download urls                 #
# --------------------------------------------------------------------- #

# DISABLED FOR NOW, NEEDS TO BE FIXED AT A LATER TIME:

#publish:package:
#  stage: "upload artifacts"
#  needs:
#    - "docker:tags"
#  rules:
#    - if: "$CI_COMMIT_TAG"
#  image: curlimages/curl:latest
#  tags: ["docker"]
#  variables:
#    GIT_STRATEGY: "none" # Don't need a clean copy of the code, we just operate on artifacts
#  script:
#    - 'BASE_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/conduit-${CI_COMMIT_REF_SLUG}/build-${CI_PIPELINE_ID}"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit "${BASE_URL}/conduit-x86_64-unknown-linux-gnu"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit "${BASE_URL}/conduit-armv7-unknown-linux-gnu"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit "${BASE_URL}/conduit-aarch64-unknown-linux-gnu"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit.deb "${BASE_URL}/conduit-x86_64-unknown-linux-gnu.deb"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit.deb "${BASE_URL}/conduit-armv7-unknown-linux-gnu.deb"'
#    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit.deb "${BASE_URL}/conduit-aarch64-unknown-linux-gnu.deb"'

# Avoid duplicate pipelines
# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
      when: never
    - if: "$CI_COMMIT_BRANCH"
    - if: "$CI_COMMIT_TAG"