.gitlab-ci.yml

stages:
  - prepare
  - devcontainer
  - build
  - test
  - release
  - publish
  - deploy

include:
  - template: Security/Secret-Detection.gitlab-ci.yml

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG =~ /^v?\d+\.\d+\.\d+$/
    # - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH =~ /^renovate\/.+$/i

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - .pnpm-store
    - node_modules/

prepare_job:
  stage: prepare
  image: alpine:latest
  tags: [docker]
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v?\d+\.\d+\.\d+$/'
  script:
    - apk add curl jq
    - 'curl -H "PRIVATE-TOKEN: $CI_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/repository/changelog?version=$CI_COMMIT_TAG" | jq -r .notes > release_notes.md'
    - 'curl -H "PRIVATE-TOKEN: $CI_API_TOKEN" -X POST "$CI_API_V4_URL/projects/$CI_PROJECT_ID/repository/changelog?version=$CI_COMMIT_TAG" --data-urlencode "notes=$(cat release_notes.md)"'
  artifacts:
    paths:
      - release_notes.md

devcontainer_job:
  stage: devcontainer
  timeout: 30 minutes
  tags: [docker]
  image: docker:28.0.1
  services:
    - docker:28.0.1-dind
  variables:
    DOCKER_BUILDKIT: "1"
    DOCKER_DRIVER: "overlay2"
    DOCKER_TLS_CERTDIR: "/certs"
    DOCKER_BUILDKIT_INLINE_CACHE: "1"
    DOCKER_CONTAINERD_IMAGE_STORE: "1"
    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/dev-container:$CI_COMMIT_REF_SLUG"
  before_script:
    - apk add --update nodejs npm python3 make g++
    - npm install --global @devcontainers/cli
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
  script:
    - docker pull $FQ_IMAGE_NAME || docker pull $CI_REGISTRY_IMAGE/dev-container:$CI_DEFAULT_BRANCH || true
    - docker tag $CI_REGISTRY_IMAGE/dev-container:$CI_DEFAULT_BRANCH $FQ_IMAGE_NAME || true
    - devcontainer build --cache-from $FQ_IMAGE_NAME --cache-to type=inline,mode=max --image-name $FQ_IMAGE_NAME --workspace-folder .
    - docker push $FQ_IMAGE_NAME

build_job:
  stage: build
  timeout: 30 minutes
  image: docker:28.0.1
  tags: [docker]
  services:
    - docker:28.0.1-dind
  needs:
    - job: devcontainer_job
  variables:
    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/dev-container:$CI_COMMIT_REF_SLUG"
  before_script:
    - docker pull $FQ_IMAGE_NAME
  script: |
    #!/bin/sh
    set -e
    build_date="$(date +%s)"
    apk add --update nodejs npm python3 make g++
    npm install --global @devcontainers/cli

    # Create a label for use during cleanup since the devcontainer CLI does
    # not have a "remove" or "down" command yet (though this is planned).
    id_label="ci-container=${build_date}"

    # Run build
    devcontainer up --cache-from $FQ_IMAGE_NAME --id-label ${id_label} --workspace-folder .
    set +e
    devcontainer exec --id-label ${id_label} --workspace-folder . pnpm coverage --run
    build_exit_code=$?
    set -e

    # Clean up.
    docker rm -f $(docker ps -aq --filter label=${id_label})
    exit ${build_exit_code}
  coverage: /All files(?:[^|]*\|){4}\s*(\S+)/
  artifacts:
    paths:
      - dist/
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage/cobertura-coverage.xml
      junit:
        - coverage/junit.xml

release_job:
  stage: release
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  tags: [docker]
  needs:
    - job: build_job
    - job: prepare_job
      artifacts: true
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v?\d+\.\d+\.\d+$/'
  script:
    - echo "Creating release"
  release:
    name: "Release $CI_COMMIT_TAG"
    description: release_notes.md
    tag_name: "$CI_COMMIT_TAG"
    ref: "$CI_COMMIT_SHA"

publish_job:
  stage: publish
  image: node:latest
  tags: [docker]
  needs:
    - job: release_job
    - job: build_job
      artifacts: true
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v?\d+\.\d+\.\d+$/'
  script:
    # Install pnpm
    - npm install --global corepack@latest
    - corepack install
    - corepack enable

    # Set version to match the git tag
    - (cd dist && npm version --no-git-tag-version $CI_COMMIT_TAG)

    # Add configuration to publish to GitLab's NPM registry and NPMJS
    # For more information, see https://docs.gitlab.com/ee/user/packages/npm_registry/#with-the-npmrc-file
    - echo "@${CI_PROJECT_ROOT_NAMESPACE}:registry=${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/" >> .npmrc
    - echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" >> .npmrc
    - echo "${CI_API_V4_URL#http*:}/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=\${CI_JOB_TOKEN}" >> .npmrc
    - echo "Using the following .npmrc:"; cat .npmrc

    # Publish to npm (before we change the scope of the package)
    - pnpm publish --no-git-checks --access public --registry https://registry.npmjs.org/

    # Validate that the package name is properly scoped to the project's root namespace.
    # For more information, see https://docs.gitlab.com/ee/user/packages/npm_registry/#package-naming-convention
    - (cd dist && npm init --yes --scope "@leoconforti")
    - NPM_PACKAGE_NAME=$(node -p "require('./dist/package.json').name")
    - |
      if [[ ! $NPM_PACKAGE_NAME =~ ^@$CI_PROJECT_ROOT_NAMESPACE/ ]]; then
        echo "Invalid package scope! Packages must be scoped in the root namespace of the project, e.g. \"@${CI_PROJECT_ROOT_NAMESPACE}/${CI_PROJECT_NAME}\""
        echo 'For more information, see https://docs.gitlab.com/ee/user/packages/npm_registry/#package-naming-convention'
        exit 1
      fi

    # Publish to gitlab
    - pnpm publish --no-git-checks --access public --registry ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/

pages_job:
  image: ruby:latest
  stage: deploy
  pages: true
  tags: [docker]
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
  needs:
    - job: build_job
      artifacts: true
  script:
    - gem install github-pages
    - github-pages build --source docs --destination public
  artifacts:
    paths:
      - public