variables:
  GIT_SUBMODULE_STRATEGY: recursive
  GIT_SUBMODULE_UPDATE_FLAGS: --jobs 4
  # https://hub.docker.com/r/alpine/git/tags
  GIT_VERSION: v2.36.2

stages:
- test
- update
- build

# Description
#   This script allows to store the artefacts of a step into the current
#   repository, to improve the efficiency of the next build process.

# Set up this script
#   1. Create a new personal access token (https://gitlab.com/-/profile/personal_access_tokens)
#      with the following scopes:
#        - read_repository
#        - write_repository
#   2. Inside Settings -> CI / CD -> Variables, create the following variables:
#
#   GITLAB_TOKEN          Personal access token previously created.
#     (masked)
#   GITLAB_USERNAME       Username associated with the personal access token.
#   COMMIT_MESSAGE        Commit message

# Other variables used by this script
#   The following variables are defined automatically by GitLab CI. Thus, you
#   don't need to override them.
#
#   CI_COMMIT_SHA         Commit SHA, to use a unique directory name.
#   CI_DEFAULT_BRANCH     Default branch.
#   CI_PROJECT_PATH       Current project path.
#   CI_SERVER_HOST        Hostname of the current GitLab instance.
#   GITLAB_USER_EMAIL     Email of the user used to commit the changes to the
#                         secondary repository.
#   GITLAB_USER_NAME      User name of the user used to commit the changes to 
#                         the secondary repository.

.git:push:
  after_script:
    # Go to the new directory
    - cd "${CI_COMMIT_SHA}"

    # Add all generated files to Git
    - git add .

    - |-
      # Check if we have modifications to commit
      CHANGES=$(git status --porcelain | wc -l)

      if [ "$CHANGES" -gt "0" ]; then
        # Show the status of files that are about to be created, updated or deleted
        git status

        # Commit all changes
        git commit -m "${COMMIT_MESSAGE}"

        # Update the repository and make sure to skip the pipeline create for this commit
        git push origin "${CI_DEFAULT_BRANCH}" -o ci.skip
      fi
  before_script:
    # Clone the repository via HTTPS inside a new directory
    - git clone "https://${GITLAB_USERNAME}:${GITLAB_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" "${CI_COMMIT_SHA}"

    # Set the displayed user with the commits that are about to be made
    - git config --global user.email "${GIT_USER_EMAIL:-$GITLAB_USER_EMAIL}"
    - git config --global user.name "${GIT_USER_NAME:-$GITLAB_USER_NAME}"
  image:
    entrypoint: ['']
    name: alpine/git:${GIT_VERSION}

sast:
  stage: test
include:
- template: Security/SAST.gitlab-ci.yml

update-gitmodules:
  extends: .git:push
  stage: update

  script:
    - cd "${CI_COMMIT_SHA}"
    - git submodule update --init --recursive
    - git submodule update --remote
  only:
    - schedules
    - manual
  except:
    - main
  needs: []

build-docker:
  stage: build
  image: 
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]

  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
    - >-
      /kaniko/executor --force
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${CI_REGISTRY}/mediawiki/miki:${CI_COMMIT_SHORT_SHA}"
      --cache=true
      --cache-repo="${CI_REGISTRY}/mediawiki/miki-cache"
    - >-
      /kaniko/executor --force
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${CI_REGISTRY}/mediawiki/miki:latest"
      --cache=true
      --cache-repo="${CI_REGISTRY}/mediawiki/miki-cache"
  only: 
    - main
  except:
    - schedules
  needs:
    - job: update-gitmodules
      optional: true