.gitlab-ci.yml

stages:
  - test
  - lint
  - build
  - deploy
  - review
  - dast
  - staging
  - canary
  - production
  - incremental rollout 10%
  - incremental rollout 25%
  - incremental rollout 50%
  - incremental rollout 100%
  - performance
  - cleanup

lint:
  stage: lint
  image: node:18
  before_script:
    - git checkout $CI_COMMIT_BRANCH
    - git config user.name metahkg-bot
    - git config user.email bot@metahkg.org
    - git remote set-url origin https://root:$GITLAB_TOKEN@gitlab.com/$CI_PROJECT_PATH
  script:
    - yarn install
    - yarn lint
    - git commit -a -m lint || exit 0
    - git push origin $CI_COMMIT_BRANCH
  rules:
    - if: $CI_COMMIT_TAG
      when: never
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
      when: never
    - if: $CI_COMMIT_AUTHOR == "metahkg-bot <bot@metahkg.org>"
      when: never
    - if: $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev"

docker-build:
  image: docker:latest
  stage: build
  services:
    - docker:dind
  before_script:
    - apk add nodejs-current
    - docker pull tonistiigi/binfmt:latest
    - docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
    - docker run --privileged --rm tonistiigi/binfmt --install all
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - version=$(node -e 'console.log(require("./package.json").version)')
    - major=$(node -e "console.log('${version}'.split('.')[0])")
    - minor=$(node -e "console.log('${version}'.split('.').slice(0, 2).join('.'))")
    - docker buildx create --use
    - docker buildx build --push --pull --platform linux/amd64,linux/arm64
      -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:latest"
      -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$CI_COMMIT_SHORT_SHA"
      -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$version"
      -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$major"
      -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$minor" .
  rules:
    - if: $CI_COMMIT_TAG
      when: never
    - if: $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev"
      exists:
        - Dockerfile

tagging:
  image: node:18-alpine
  stage: deploy
  allow_failure: true
  before_script:
    - apk add git
    - git config --global user.name metahkg-bot
    - git config --global user.email bot@metahkg.org
    - git config pull.rebase false
    - git remote set-url origin https://root:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH
  script:
    - tag=$(node -e "console.log(require('./package.json').version)")
    - if [ $CI_COMMIT_BRANCH = "dev" ]; then tag=${tag}-dev; fi;
    - "if [ $CI_COMMIT_BRANCH = 'dev' ];
       then yarn install;
       yarn generate-changelog;
       git add CHANGELOG.md;
       git commit -m 'update: CHANGELOG.md'; fi;"
    - git tag "$tag"
    - git push origin $tag
    - "if [ $CI_COMMIT_BRANCH = 'dev' ]; then
         git fetch origin $CI_COMMIT_BRANCH;
         git checkout dev;
         git merge -X theirs origin/$CI_COMMIT_BRANCH -m 'merge';
         yarn generate-changelog;
         git add CHANGELOG.md;
         git commit -m 'update: CHANGELOG.md';
         git push origin $CI_COMMIT_BRANCH;
         fi;"
  rules:
    - if: $CI_COMMIT_TAG
      when: never
    - if: $CI_COMMIT_AUTHOR != "metahkg-bot <bot@metahkg.org>" && ($CI_COMMIT_BRANCH == "dev" || $CI_COMMIT_BRANCH == "master")
      changes:
        - package.json

publish:
  image: node:latest
  stage: deploy
  allow_failure: true
  script:
    - yarn install
    - yarn lint
    - yarn build:module
    - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' >> .npmrc
    - NPM_PACKAGE_ORIGINAL_VERSION=$(node -p "require('./package.json').version")
    - NPM_PACKAGE_VERSION=$CI_COMMIT_TAG
    - sed -i "s/${NPM_PACKAGE_ORIGINAL_VERSION}/${NPM_PACKAGE_VERSION}/" package.json
    - if [ "$CI_COMMIT_TAG" = "${NPM_PACKAGE_ORIGINAL_VERSION}-dev" ]; then npm publish --tag dev --access=public; else npm publish --access=public; fi;
  rules:
    - if: $CI_COMMIT_TAG

container_scanning:
  stage: review
  needs: [ "docker-build" ]
  variables:
    GIT_STRATEGY: fetch
    CI_APPLICATION_REPOSITORY: "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH"
    CI_APPLICATION_TAG: $CI_COMMIT_SHORT_SHA
    CLAIR_OUTPUT: High
  artifacts:
    paths:
      - gl-container-scanning-report.json
  rules:
    - if: $CI_COMMIT_TAG
      when: never
    - if: $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev"
      exists:
        - Dockerfile

sast:
  stage: test
  rules:
    - if: $CI_COMMIT_TAG
      when: never

test:
  stage: test
  rules:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
     - if: $CI_COMMIT_TAG
     - if: $CI_COMMIT_BRANCH

code_quality:
  stage: test
  rules:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
     - if: $CI_COMMIT_TAG
     - if: $CI_COMMIT_BRANCH

build:
  stage: build
  retry: 2

include:
  - template: Auto-DevOps.gitlab-ci.yml