schemas/.gitlab-ci.yml

include:
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'

stages:
- build
- deploy-prod
- release

variables:
  DOCKER_HOST: tcp://docker:2376
  DOCKER_TLS_CERTDIR: "/certs"
  DOCKER_TLS_VERIFY: 1
  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
  DOCKER_DRIVER: overlay2

.buildtools:
  image: buildtool/build-tools:${BUILDTOOLS_VERSION}
  services:
  - docker:${DOCKER_DIND_VERSION}

run-pre-commit:
  stage: .pre
  image: unbound/pre-commit
  variables:
    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
  cache:
  - key:
      files:
      - .pre-commit-config.yaml
    paths:
    - ${PRE_COMMIT_HOME}
  script:
  - pre-commit run --all-files

build:
  extends: .buildtools
  stage: build
  script:
  - build
  - curl -Os https://uploader.codecov.io/latest/linux/codecov
  - chmod +x codecov
  - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH
  - push

vulnerabilities:
  stage: build
  image: golang:1.20.5
  script:
  - go install golang.org/x/vuln/cmd/govulncheck@latest
  - govulncheck ./...

deploy-prod:
  extends: .buildtools
  stage: deploy-prod
  before_script:
  - echo Deploy to prod
  script:
  - deploy prod
  rules:
  - if: $CI_COMMIT_BRANCH == "main"
  environment:
    name: prod

release:
  stage: release
  image: docker:stable
  services:
  - docker:${DOCKER_DIND_VERSION}

  variables:
    GORELEASER_IMAGE: goreleaser/goreleaser:v1.11.5-amd64
    # Disable shallow cloning so that goreleaser can diff between tags to
    # generate a changelog.
    GIT_DEPTH: 0

  # Only run this release job for tags, not every commit (for example).
  rules:
  - if: $CI_COMMIT_TAG

  script: |
    docker pull $GORELEASER_IMAGE

    # GITLAB_TOKEN is needed to create GitLab releases.
    # DOCKER_* are needed to push Docker images.
    docker run --rm --privileged \
      -v $PWD:/src \
      -w /src \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -e GITLAB_TOKEN \
      $GORELEASER_IMAGE release --rm-dist