.gitlab-ci.yml

---

# do not use "latest" here, if you want this to work in the future
image:
  name: docker:19

stages:
  - init_checks
  - build
  - push
  - compare
  - trigger_downstream
#  - sync
  - notify

variables:
  DOCKERHUB_REGISTRY: "docker.io"
  DOCKERHUB_IMAGE: "hestio/awsh"

services:
  - docker:dind

include:
  - project: 'hest-io/hestio-product/hestio-worx/autoworx/ci/templates'
    file:
      - 'Jobs/Docker/docker-compare-image-sizes.gitlab-ci.yml'
      - 'Jobs/Notifications/release-slack-notify.gitlab-ci.yml'


###############################################################################
# Task Templates
###############################################################################
.dockerfile_lint:
  allow_failure: true
  image: "hadolint/hadolint:latest-debian"
  stage: init_checks
  script:
    - mkdir -p reports
    - hadolint --no-fail -f gitlab_codeclimate .docker/Dockerfile.py3_alpine > reports/hadolint-$(md5sum .docker/Dockerfile.py3_alpine | cut -d" " -f1).json
  artifacts:
    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
    expire_in: 1 day
    when: always
    reports:
      codequality:
        - "reports/*"
    paths:
      - "reports/*"

.build_image:
  variables:
    DOCKER_FILE: ".docker/Dockerfile.py3_alpine"
    IMAGE_TAG: "${CI_COMMIT_REF_NAME}"
  stage: build
  script:
    - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
    - echo "Building using ${CI_PROJECT_DIR}/${DOCKER_FILE}"
    - >
      docker build
      --tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
      --build-arg "AWSH_BUILD_VERSION=${CI_COMMIT_REF_NAME}"
      --file "${CI_PROJECT_DIR}/${DOCKER_FILE}" .
    - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}


# Here, the goal is to tag the "master" branch as "latest"
.push_image:
  variables:
    # We are just playing with Docker here.
    # We do not need GitLab to clone the source code.
    GIT_STRATEGY: none
    IMAGE_TAG: "${CI_COMMIT_REF_NAME}"
  stage: push
  script:
    - echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
    # Because we have no guarantee that this job will be picked up by the same runner
    # that built the image in the previous step, we pull it again locally
    - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
    - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${IMAGE_TAG}
    - docker push ${CI_REGISTRY_IMAGE}:${IMAGE_TAG}
    # We also want to push the ${IMAGE_TAG} release into DockerHub
    - echo -n ${DOCKERHUB_REGISTRY_PASS} | docker login -u ${DOCKERHUB_REGISTRY_LOGIN} --password-stdin ${DOCKERHUB_REGISTRY}
    - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${DOCKERHUB_IMAGE}:${IMAGE_TAG}
    - docker push ${DOCKERHUB_IMAGE}:${IMAGE_TAG}


###############################################################################
# Tasks
###############################################################################
dockerfile_lint:
  extends:
    - .dockerfile_lint

build-image-alpine:
  extends:
    - .build_image
  variables:
    DOCKER_FILE: ".docker/Dockerfile.py3_alpine"
    IMAGE_TAG: "${CI_COMMIT_REF_NAME}"


# Here, the goal is to tag the "master" branch as "latest"
push-latest:
  extends:
    - .push_image
  variables:
    IMAGE_TAG: latest
  only:
    # Only "master" should be tagged "latest"
    - master


push-label:
  extends:
    - .push_image
  only:
    # We want this job to be run on tags only.
    - tags
    - develop


compare_image_sizes:
  stage: compare


trigger_blox_pipeline:
  stage: trigger_downstream
  before_script:
    - apk add --update curl
  script:
    - >
      curl
      -X POST
      --fail
      -F token=${BLOX_PIPELINE_TRIGGER_TOKEN}
      -F ref=master
      https://gitlab.com/api/v4/projects/24214318/trigger/pipeline
  only:
    - master

# sync_gitlab_to_github:
#   stage: sync
#   variables:
#     GITHUB_REPO: "hest-io/awsh"
#     GITLAB_REPO: "hest-io/hestio-product/hestio-worx/awsh"
#   only:
#     - master

release_slack_notify:
  stage: notify