.gitlab-ci.yml

stages:
  - "prepare"
  - "test"
  - "publish"

variables:
  DOCKER_TLS_CERTDIR: "/certs"

services:
  - docker:dind

install:
  image: node:latest
  stage: prepare
  retry: 1
  dependencies: []
  artifacts:
    name: 'deps_$CI_COMMIT_REF_SLUG'
    paths:
      - node_modules/
    when: on_success
    expire_in: 12h
  script:
    - npm install --no-progress --no-audit --no-fund --verbose

eslint:
  image: node:latest
  stage: test
  except:
    - tags
  retry: 2
  allow_failure: true
  dependencies:
    - install
  script:
    - npm run test:lint

sast:
  stage: test
  retry: 2
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml

test:
  image: node:latest
  stage: test
  retry: 2
  allow_failure: true
  dependencies:
    - install
  script:
    - TEST=1 npx nyc -r text -r cobertura npm test # For creating coverage report
  coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage/cobertura-coverage.xml


docker-publish:
  image: docker:latest
  stage: publish
  only:
    - main
    - tags
  retry: 2
  before_script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - |
      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
        tag=""
        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
      elif [[ -n "$CI_COMMIT_TAG" ]]; then
        tag=":$CI_COMMIT_TAG"
        echo "Running on tag '$CI_COMMIT_TAG': tag = $tag"
      else
        tag=":$CI_COMMIT_REF_SLUG"
        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
      fi
    - docker build --pull -t "$CI_REGISTRY/$CI_PROJECT_PATH${tag}" .
    - docker push "$CI_REGISTRY/$CI_PROJECT_PATH${tag}"