.gitlab-ci.yml

variables:
  GIT_CLEAN_FLAGS: "-ffdx --exclude=node_modules --exclude=cache" # Prevent from deleting those folders before checking out git repo.
  NODE_VERSION: "14.4.0"
  NODE_IMAGE: "node:$NODE_VERSION"
  POSTGRES_VERSION: "11.7"
  POSTGRES_IMAGE: "postgres:$POSTGRES_VERSION-alpine"
  PYTHON_VERSION: "3.8"
  PYTHON_IMAGE: "python:$PYTHON_VERSION"
  APP_VERSION_COMMIT_MESSAGE_PREFIX: "Update application version"  #Be aware to change the '.trigger_build' and '.trigger_staging' rules if you change the message
  FALCO_OPS_BRANCH: 'master'

.trigger_build: &trigger_build
  rules:
    # Pipeline based on the commit "APP_VERSION_COMMIT_MESSAGE" does not run build jobs.
    # Gitlab CI does not support variable inside Regex => '$CI_COMMIT_TITLE =~ /Update application version.*/' instead of '$CI_COMMIT_TITLE =~ /$$APP_VERSION_COMMIT_MESSAGE_PREFIX.*/'
    - if: '$CI_COMMIT_TITLE =~ /Update application version.*/'
      when: never
    # Pipeline based on a tag does not run build jobs
    - if: '$CI_COMMIT_TAG != null'
      when: never
    - when: always
.trigger_staging: &trigger_staging
  rules:
    # Pipeline based on the commit "APP_VERSION_COMMIT_MESSAGE" does not run versioning and staging deployment
    # Gitlab CI does not support variable inside Regex => '$CI_COMMIT_TITLE =~ /Update application version.*/' instead of '$CI_COMMIT_TITLE =~ /$$APP_VERSION_COMMIT_MESSAGE_PREFIX.*/'
    - if: '$CI_COMMIT_TITLE =~ /Update application version.*/'
      when: never
    # Staging versioning and deployment is only triggered from CI_DEFAULT_BRANCH
    - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
      when: on_success
.trigger_deployment: &trigger_deployment
  # A deployment can be triggered by setting $DEPLOY_ENVIRONMENT (by default null) from the desire branch
  rules:
    - if: '$DEPLOY_ENVIRONMENT != null'
      when: on_success

stages:
  - install
  - quality
  - build
  - test
  - track
  - deploy

default:
  image: "$NODE_IMAGE"
  tags:
    - docker

"Check Syntax":
  stage: quality
  extends: .trigger_build
  before_script:
    - yarn install --frozen-lockfile --non-interactive --production=false
  script:
    - yarn lint

"Audit Dependencies":
  stage: quality
  extends: .trigger_build
  script:
    - export AUDIT_LEVEL=moderate
    - export AUDIT_LEVEL_STATUS_CODE="4" #https://classic.yarnpkg.com/en/docs/cli/audit/#toc-yarn-audit
    - scripts/dependency-audit.sh > yarn-audit-api.log
    - tail -n 3 yarn-audit-api.log
  artifacts:
    when: always
    paths:
      - yarn-audit-api.log
    expire_in: 10 days

"Run Unit & Integration Tests":
  stage: test
  extends: .trigger_build
  services:
    - "$POSTGRES_IMAGE"
  before_script:
    - apt-get update
    - apt-get -y install pdftk ansible
    - yarn install --frozen-lockfile --non-interactive --production=false
  script:
    - export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/ansible-vault.password
    - echo $ANSIBLE_VAULT_PASSWORD > $ANSIBLE_VAULT_PASSWORD_FILE
    - ansible-vault decrypt .env.ci.vault
    - rm -f $ANSIBLE_VAULT_PASSWORD_FILE
    - cat .env.ci.vault >> .env
    - sed -i -e '$a\' .env # Add a new line if needed
    - cat .env.ci.plain >> .env
    - yarn build
    - yarn db:migrate
    - yarn db:seed
    - yarn test:ci
  variables:
    POSTGRES_DB: falco-db
    POSTGRES_USER: falcoadmin
    POSTGRES_PASSWORD: falcoadmin
    POSTGRES_HOST_AUTH_METHOD: trust
  coverage: /All files[^|]*\|[^|]*\s+([\d\.]+)/
  artifacts:
    when: always
    paths:
      - coverage
    expire_in: 10 days

"Update application version":
  stage: track
  extends: .trigger_staging
  before_script:
    - git config --global user.email "ci@appenin.fr"
    - git config --global user.name "Appenin CI User"
    - mkdir -p vars
  script:
    - git checkout -B "$CI_COMMIT_REF_NAME" "origin/$CI_COMMIT_REF_NAME"
    - CURRENT_APPLICATION_VERSION=$(node -p "require('./package').version")
    - APP_VERSION_COMMIT_MESSAGE="$APP_VERSION_COMMIT_MESSAGE_PREFIX from $CURRENT_APPLICATION_VERSION to %s"
    - npm config set tag-version-prefix ''
    - npm --unsafe-perm version patch -m "$APP_VERSION_COMMIT_MESSAGE"
    - node -p "require('./package').version" >> vars/application_version.txt
  artifacts:
    paths:
      - vars/application_version.txt

.deploy: &deploy
  stage: deploy
  extends: .trigger_staging
  image: "$PYTHON_IMAGE"
  variables:
    APPLICATION_VERSION: ''
  before_script:
    - apt-get update
    - apt-get -y install expect git make git-crypt
    - eval $(ssh-agent -s)
    - mkdir -p ~/.ssh/sockets
    - chmod -R 700 ~/.ssh
    - cp scripts/ssh.config ~/.ssh/config
    - chmod 400 $SSH_INF_MGR_KEY && ssh-add $SSH_INF_MGR_KEY
    - gpg --import $GPG_INF_MGR_KEY
    - export ANSIBLE_HOST_KEY_CHECKING=False
  script:
    - chmod 750 scripts/launch-deployment.sh
    - scripts/launch-deployment.sh

"Deploy API to Staging":
  <<: *deploy
  extends: .trigger_staging
  variables:
    APPLICATION_VERSION: 'cat vars/application_version.txt'
    DEPLOY_ENVIRONMENT: 'staging'

"Deploy API":
  <<: *deploy
  extends: .trigger_deployment
  variables:
    APPLICATION_VERSION: 'echo $CI_COMMIT_REF_NAME'