image: node:lts-buster

stages:
  - test
  - package
  - upload

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - node_modules/

default:
  before_script:
    - apt update && apt -qqy install openjdk-11-jre-headless
    - npm install
    - npm install -g --save-dev shadow-cljs

build:
  stage: test
  script:
    - shadow-cljs compile test

sast:
  variables:
    SAST_EXCLUDED_ANALYZERS:
      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
      pmd-apex, security-code-scan, sobelow, spotbugs
  stage: test
  before_script:
  - echo "scan security"
include:
  - template: Security/SAST.gitlab-ci.yml

package:
  stage: package
  rules:
    - if: '$CI_COMMIT_BRANCH == "master"'
  artifacts:
    paths:
      - target/
  script:
    - shadow-cljs compile app
    - chmod a+x target/mastodon-bot.js
    - sha256sum target/mastodon-bot.js > target/mastodon-bot.js.sha256
    - sha512sum target/mastodon-bot.js > target/mastodon-bot.js.sha512

upload-prerelease:
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
  before_script:
    - echo _auth=$NPM_PUBLSH_KEY >> .npmrc
    - echo email=$NPM_PUBLSH_MAIL >> .npmrc
    - echo always-auth=true >> .npmrc
  script:
    - mkdir -p target/npm-build/mastodon_bot
    - cp target/mastodon-bot.js target/npm-build/mastodon_bot/
    - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
    - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
    - cp package.json target/npm-build/mastodon_bot/
    - cp README.md target/npm-build/mastodon_bot/
    - npm version --no-git-tag-version prerelease
    - npm publish ./target/npm-build/mastodon_bot --access public

upload-release:
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null'
  before_script:
    - echo _auth=$NPM_PUBLSH_KEY >> .npmrc
    - echo email=$NPM_PUBLSH_MAIL >> .npmrc
    - echo always-auth=true >> .npmrc
  script:
    - mkdir -p target/npm-build/mastodon_bot
    - cp target/mastodon-bot.js target/npm-build/mastodon_bot/
    - cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
    - cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
    - cp package.json target/npm-build/mastodon_bot/
    - cp README.md target/npm-build/mastodon_bot/
    - npm version --no-git-tag-version $CI_COMMIT_TAG
    - npm publish ./target/npm-build/mastodon_bot --access public