stages:
  - first
  - build_and_test
  - package
  - security
  - upload

.cljs-job: &cljs
  image: domaindrivenarchitecture/shadow-cljs
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
      - .shadow-cljs/
      - .m2
  before_script:
    - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
    - npm install

.clj-uploadjob: &clj
  image: clojure:lein-2.7.1-alpine
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - .m2
  before_script:
    - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_PASSWORD}\" }}}}" > ~/.lein/profiles.clj

test-cljs:
  <<: *cljs
  stage: build_and_test
  script:
    - shadow-cljs compile test

test-clj:
  <<: *clj
  stage: build_and_test
  script:
    - lein test

report-frontend:
  <<: *cljs
  stage: package
  script:
    - mkdir -p target
    - shadow-cljs run shadow.cljs.build-report frontend target/build-report.html
  artifacts:
    paths:
      - target/build-report.html

package-frontend:
  <<: *cljs
  stage: package
  script:
    - mkdir -p target/frontend-build
    - shadow-cljs release frontend
    - cp public/js/main.js target/frontend-build/k8s-mastodon-bot.js
    - sha256sum target/frontend-build/k8s-mastodon-bot.js > target/frontend-build/k8s-mastodon-bot.js.sha256
    - sha512sum target/frontend-build/k8s-mastodon-bot.js > target/frontend-build/k8s-mastodon-bot.js.sha512
  artifacts:
    paths:
      - target/frontend-build

package-uberjar:
  <<: *clj
  stage: package
  script:
    - lein uberjar
    - sha256sum target/uberjar/k8s-mastodon-bot-standalone.jar > target/uberjar/k8s-mastodon-bot-standalone.jar.sha256
    - sha512sum target/uberjar/k8s-mastodon-bot-standalone.jar > target/uberjar/k8s-mastodon-bot-standalone.jar.sha512
  artifacts:
    paths:
      - target/uberjar

sast:
  variables:
    SAST_EXCLUDED_ANALYZERS:
      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
      pmd-apex, security-code-scan, sobelow, spotbugs
  stage: security
  before_script:
    - mkdir -p builds && cp -r target/ builds/
include:
  - template: Security/SAST.gitlab-ci.yml

upload-clj-prerelease:
  <<: *clj
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
  script:
    - lein deploy clojars

release:
  # Caution, as of 2021-02-02 these assets links require a login, see:
  # https://gitlab.com/gitlab-org/gitlab/-/issues/299384
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  stage: upload
  rules:
    - if: '$CI_COMMIT_TAG != null'
  variables:
    PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic"
    UBERJAR_URL: "${PACKAGE_REGISTRY_URL}/k8s-mastodon-bot-standalone/${$CI_COMMIT_TAG}/k8s-mastodon-bot-standalone.jar"
    FRONTEND_URL: "${PACKAGE_REGISTRY_URL}/k8s-mastodon-bot/${$CI_COMMIT_TAG}/k8s-mastodon-bot.js"
  script:
    - apk --no-cache add curl
    - |
      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file target/uberjar/k8s-mastodon-bot-standalone.jar ${UBERJAR_URL}
    - |
      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file target/frontend-build/k8s-mastodon-bot.js ${FRONTEND_URL}
    - |
      release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
        --assets-link "{\"name\":\"k8s-mastodon-bot-standalone.jar\",\"url\":\"${UBERJAR_URL}\"}" \
        --assets-link "{\"name\":\"k8s-mastodon-bot.js\",\"url\":\"${FRONTEND_URL}\"}"