include:
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'

stages:
- build
- test
- deploy-prod
- release

variables:
  DOCKER_HOST: tcp://docker:2376
  DOCKER_TLS_CERTDIR: "/certs"
  DOCKER_TLS_VERIFY: 1
  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
  DOCKER_DRIVER: overlay2

.buildtools:
  image: buildtool/build-tools:${BUILDTOOLS_VERSION}
  services:
  - docker:${DOCKER_DIND_VERSION}

run-pre-commit:
  stage: .pre
  image: unbound/pre-commit
  variables:
    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
  cache:
  - key:
      files:
      - .pre-commit-config.yaml
    paths:
    - ${PRE_COMMIT_HOME}
  script:
  - pre-commit run --all-files

build:
  extends: .buildtools
  stage: build
  script:
  - build
  - curl -Os https://uploader.codecov.io/latest/linux/codecov
  - chmod +x codecov
  - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH
  - push

vulnerabilities:
  stage: build
  image: golang:1.22.2
  script:
  - go install golang.org/x/vuln/cmd/govulncheck@latest
  - govulncheck ./...

deploy-prod:
  extends: .buildtools
  stage: deploy-prod
  before_script:
  - echo Deploy to prod
  script:
  - deploy prod
  rules:
  - if: $CI_COMMIT_BRANCH == "main"
  environment:
    name: prod

check_release:
  stage: test
  image:
    name: ${GORELEASER_IMAGE}
    entrypoint: [ '' ]
  script: |
    goreleaser check
    goreleaser release --snapshot --clean


release:
  stage: release
  image:
    name: ${GORELEASER_IMAGE}
    entrypoint: [ '' ]

  variables:
    # Disable shallow cloning so that goreleaser can diff between tags to
    # generate a changelog.
    GIT_DEPTH: 0
    GITLAB_TOKEN: $GITLAB_CI_TOKEN

  # Only run this release job for tags, not every commit (for example).
  rules:
  - if: $CI_COMMIT_TAG

  script: |
    goreleaser release --clean