# When using dind, it's wise to use the overlayfs driver for
# improved performance.
variables:
  DOCKER_DRIVER: overlay2
  MAJOR: 1
  TMP_IMAGE: $CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA

services:
  - docker:stable-dind

stages:
  - build
  - test
  - tag
  - release

build commit:
  image: docker:stable
  stage: build
  script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
    - docker build -t $TMP_IMAGE .
    - docker push $TMP_IMAGE

container_scanning:
  image: docker:stable
  stage: test
  allow_failure: true
  script:
    - docker run -d --name db arminc/clair-db:latest
    - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.6
    - apk add -U wget ca-certificates
    - docker pull $TMP_IMAGE
    - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
    - mv clair-scanner_linux_amd64 clair-scanner
    - chmod +x clair-scanner
    - touch clair-whitelist.yml
    - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
    - retries=0
    - echo "Waiting for clair daemon to start"
    - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $TMP_IMAGE || true
  artifacts:
    reports:
      container_scanning: gl-container-scanning-report.json
    paths:
      - gl-container-scanning-report.json


.docker_tag:
  image: docker:stable
  stage: tag
  script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
    - export SOURCE_IMAGE=$TMP_IMAGE
    - export TARGET_IMAGE=$CI_REGISTRY_IMAGE:${IMAGE_TAG:-$CI_JOB_NAME}
    - docker pull $SOURCE_IMAGE
    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
    - docker push $TARGET_IMAGE

edge:
  extends: .docker_tag
  variables:
    IMAGE_TAG: edge
  only:
    - master

version:
  extends: .docker_tag
  before_script:
    - export IMAGE_TAG=${CI_COMMIT_TAG/v/}
    - echo "Checking that $CI_COMMIT_TAG is last in the changelog"
    - test "$(grep '^## v' CHANGELOG.md |head -n 1)" = "## $CI_COMMIT_TAG"
  only:
    - tags
  when: manual
  allow_failure: false

.release:
  extends: .docker_tag
  stage: release
  only:
    - tags

major:
  extends: .release
  variables:
    IMAGE_TAG: $MAJOR

latest:
  extends: .release

11-9-stable:
  extends: .release

11-8-stable:
  extends: .release

11-7-stable:
  extends: .release

11-6-stable:
  extends: .release

11-5-stable:
  extends: .release

11-4-stable:
  extends: .release

11-3-stable:
  extends: .release

11-2-stable:
  extends: .release

11-1-stable:
  extends: .release

11-0-stable:
  extends: .release