# When using dind, it's wise to use the overlayfs driver for
# improved performance.
variables:
  DOCKER_DRIVER: overlay2
  MAJOR: 1
  TMP_IMAGE: $CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA

include:
  # - template: Security/Container-Scanning.gitlab-ci.yml
#   - https://gitlab.com/gitlab-org/security-products/ci-templates/raw/update-clair-version/includes/container_scanning.yml
  - https://gitlab.com/gitlab-org/gitlab-ce/raw/update-clair-version/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

services:
  - docker:stable-dind

stages:
  - build
  - test
  - tag
  - release

build commit:
  image: docker:stable
  stage: build
  script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
    - docker build -t $TMP_IMAGE .
    - docker push $TMP_IMAGE

code_quality:
  image: docker:stable
  stage: test
  allow_failure: true
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env SOURCE_CODE="$PWD"
        --volume "$PWD":/code
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
  artifacts:
    reports:
      codequality: gl-code-quality-report.json

container_scanning:
  variables:
    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/tmp # only predefined variables are parameter-expanded (no $TMP_IMAGE)

.QA:
  image: docker:stable
  stage: test
  variables:
    LM_PYTHON_VERSION: 2
  script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
    - docker pull $TMP_IMAGE
    - mkdir results
    - docker run --env LM_PYTHON_VERSION --volume `pwd`/results:/results $TMP_IMAGE test $QA_PROJECT ${QA_RESULTS:-$QA_PROJECT} $QA_REF
  artifacts:
    paths:
      - results/
    when: always

QA:java-maven:
  extends: .QA
  variables:
    QA_PROJECT: java-maven
    QA_REF: 831c7a04

QA:python-pip:
  extends: .QA
  variables:
    QA_PROJECT: python-pip
    QA_REF: 04dce91b

QA:python3-pip:
  extends: .QA
  variables:
    LM_PYTHON_VERSION: 3
    QA_RESULTS: python3-pip
    QA_PROJECT: python-pip
    QA_REF: 48e250a1

QA:ruby-bundler:
  extends: .QA
  variables:
    QA_PROJECT: ruby-bundler
    QA_REF: 6b858821

.docker_tag:
  image: docker:stable
  stage: tag
  script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
    - export SOURCE_IMAGE=$TMP_IMAGE
    - export TARGET_IMAGE=$CI_REGISTRY_IMAGE:${IMAGE_TAG:-$CI_JOB_NAME}
    - docker pull $SOURCE_IMAGE
    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
    - docker push $TARGET_IMAGE

branch:
  extends: .docker_tag
  variables:
    IMAGE_TAG: $CI_COMMIT_REF_SLUG
  only:
    - branches
  except:
    - master

edge:
  extends: .docker_tag
  variables:
    IMAGE_TAG: edge
  only:
    - master

version:
  extends: .docker_tag
  before_script:
    - export IMAGE_TAG=${CI_COMMIT_TAG/v/}
    - echo "Checking that $CI_COMMIT_TAG is last in the changelog"
    - test "$(grep '^## v' CHANGELOG.md |head -n 1)" = "## $CI_COMMIT_TAG"
  only:
    - tags
  when: manual
  allow_failure: false

.release:
  extends: .docker_tag
  stage: release
  only:
    - tags

major:
  extends: .release
  variables:
    IMAGE_TAG: $MAJOR

latest:
  extends: .release

12-1-stable:
  extends: .release

12-0-stable:
  extends: .release

11-11-stable:
  extends: .release

11-10-stable:
  extends: .release

11-9-stable:
  extends: .release

11-8-stable:
  extends: .release

11-7-stable:
  extends: .release

11-6-stable:
  extends: .release

11-5-stable:
  extends: .release

11-4-stable:
  extends: .release

11-3-stable:
  extends: .release

11-2-stable:
  extends: .release

11-1-stable:
  extends: .release

11-0-stable:
  extends: .release