schemas/.gitlab-ci.yml

include:
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
- project: unboundsoftware/ci-templates
  file: Defaults.gitlab-ci.yml
- project: unboundsoftware/ci-templates
  file: Release.gitlab-ci.yml
- project: unboundsoftware/ci-templates
  file: Pre-Commit-Go.gitlab-ci.yml

stages:
- build
- test
- deploy-prod
- release

variables:
  UNBOUND_RELEASE_TAG_ONLY: true

.buildtools:
  image: buildtool/build-tools:${BUILDTOOLS_VERSION}

check:
  stage: .pre
  image: amd64/golang:1.25.1@sha256:53f7808857782118f3a062261f721507dfa36e5c545e5d39c2dcf9916e3f0b1b
  script:
  - go install mvdan.cc/gofumpt@latest
  - go install golang.org/x/tools/cmd/goimports@latest
  - go generate ./...
  - git diff --stat  --exit-code

build:
  extends: .buildtools
  stage: build
  script:
  - build
  - curl -Os https://uploader.codecov.io/latest/linux/codecov
  - chmod +x codecov
  - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH
  - push

vulnerabilities:
  stage: build
  image: amd64/golang:1.25.1@sha256:53f7808857782118f3a062261f721507dfa36e5c545e5d39c2dcf9916e3f0b1b
  script:
  - go install golang.org/x/vuln/cmd/govulncheck@latest
  - govulncheck ./...

deploy-prod:
  extends: .buildtools
  stage: deploy-prod
  before_script:
  - echo Deploy to prod
  script:
  - deploy prod
  rules:
  - if: $CI_COMMIT_BRANCH == "main"
  environment:
    name: prod
  resource_group: prod

check_release:
  stage: test
  image:
    name: goreleaser/goreleaser:v2.12.3@sha256:963b4aa69c911da4f6abd9f90214998296ab3722713ee8f236ddedd3e49eebd4
    entrypoint: [ '' ]
  variables:
    GOTOOLCHAIN: auto
  script: |
    goreleaser check
    goreleaser release --snapshot --clean

release:
  stage: release
  needs:
  - unbound_release_prepare_release
  image:
    name: goreleaser/goreleaser:v2.12.3@sha256:963b4aa69c911da4f6abd9f90214998296ab3722713ee8f236ddedd3e49eebd4
    entrypoint: [ '' ]
  variables:
    # Disable shallow cloning so that goreleaser can diff between tags to
    # generate a changelog.
    GIT_DEPTH: 0
    GITLAB_TOKEN: $GITLAB_CI_TOKEN
    GOTOOLCHAIN: auto
  # Only run this release job for tags, not every commit (for example).
  rules:
  - if: $CI_COMMIT_TAG
  script: |
    goreleaser release --clean --release-notes=CHANGES.md