.gitlab-ci.yml

stages:
  - test
  - build image
  - static scans
  - trigger deploy
  - publish pages

variables:
  MYSQL_ROOT_PASSWORD: "root"
  MYSQL_DATABASE: "ota_treehub"
  MYSQL_USER: "treehub"
  MYSQL_PASSWORD: "treehub"
  # VAULT_ADDR: defined in GitLab variables
  # The same image have to be used by test and code coverage jobs:
  TEST_IMAGE: advancedtelematic/gitlab-jobs:0.2.5
  TEST_IMAGE_SONAR: advancedtelematic/gitlab-jobs-sonar:0.0.3

default:
  services:
    - name: mariadb:10.4.31
      alias: db
      command:
        - --character-set-server=utf8
        - --collation-server=utf8_unicode_ci
        - --max_connections=1000

test:
  stage: test
  except:
    refs:
      - deploy/sit
  image: $TEST_IMAGE
  variables:
    DB_URL: "jdbc:mariadb://db:3306/ota_treehub"
  before_script:
    - echo "GRANT ALL PRIVILEGES ON \`ota\_treehub%\`.* TO 'treehub'@'%'; FLUSH PRIVILEGES;" > db_user.sql
    - mysqladmin ping --protocol=TCP -h db -P 3306 -u root -proot
    - mysql -v -h db -u root -proot < db_user.sql
  script:
    - sbt -sbt-dir ./.sbt -ivy ./.ivy2 -J-Xmx1G -J-XX:MaxPermSize=256m -J-XX:ReservedCodeCacheSize=128m clean coverage ut:test
  artifacts:
    paths:
      - "target/scala-*/scoverage-data"
      - "target/scala-*/src_managed"
      - "target/scala-*/classes"
  cache:
    paths:
      - .ivy2/
      - .sbt/

code coverage:
  extends: .report_scala_coverage
  except:
    refs:
      - deploy/sit
  allow_failure: true
  image: $TEST_IMAGE_SONAR

export docker credentials:
  extends: .export_docker_credentials
  stage: test
  rules:
    - if: '$CI_COMMIT_BRANCH != "master"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: never
    - when: on_success

build docker image:
  stage: build image
  rules:
    - if: '$CI_COMMIT_BRANCH != "master"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: never
    - when: on_success
  variables:
    DOCKER_TLS_CERTDIR: ""
    DOCKER_HOST: tcp://docker:2375
  image: advancedtelematic/gitlab-jobs:0.3.3
  services:
    - docker:19.03.12-dind
  script:
    - gitlab-docker-login $VAULT_ADDR
    - sbt -x -sbt-dir ./.sbt -ivy ./.ivy2 -batch docker:publish -J-Xmx1G -J-XX:ReservedCodeCacheSize=128m -Dsbt.log.noformat=true
    - docker tag advancedtelematic/treehub:${CI_COMMIT_SHA} hcr.data.here.com/ota_saas/treehub:${CI_COMMIT_SHA}
    - docker push hcr.data.here.com/ota_saas/treehub:${CI_COMMIT_SHA}
  artifacts:
    paths:
      - "target/docker/stage/Dockerfile"
  cache:
    paths:
      - .ivy2/
      - .sbt/

container_scanning:
  stage: static scans
  rules:
    - if: '$CI_COMMIT_BRANCH != "master"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: never
    - when: on_success
  variables:
    GIT_STRATEGY: fetch
    CS_SEVERITY_THRESHOLD: High
    CI_APPLICATION_REPOSITORY: hcr.data.here.com/ota_saas/treehub
    DOCKERFILE_PATH: target/docker/stage/Dockerfile
    DOCKER_USER: $HCR_REGISTRY_USER
    DOCKER_PASSWORD: $HCR_REGISTRY_PASSWORD


trigger dev deploy:
  stage: trigger deploy
  rules:
    - if: '$CI_COMMIT_BRANCH != "master"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: never
    - when: on_success
  variables:
    ENV: "dev"
    NEW_TAG: $CI_COMMIT_SHA
    SERVICE: $CI_PROJECT_NAME
    CREATE_COMMIT: "true"
    UPSTREAM_COMMIT_MESSAGE: $CI_COMMIT_MESSAGE
  trigger:
    project: OLP/EDGE/OTA/infra/deployment-descriptors
    branch: master

trigger sit deploy:
  stage: trigger deploy
  except:
    - schedules
  only:
    - deploy/sit
  variables:
    ENV: "sit"
    NEW_TAG: $CI_COMMIT_SHA
    SERVICE: $CI_PROJECT_NAME
    CREATE_COMMIT: "true"
    UPSTREAM_COMMIT_MESSAGE: $CI_COMMIT_MESSAGE
  trigger:
    project: OLP/EDGE/OTA/infra/deployment-descriptors
    branch: master


include:
  - template: SAST.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml
  - project: "poit/spc/be/prodsec-secret-detection"
    file: "ITT-Secret-Detection.gitlab-ci.yml"
  - project: olp/edge/ota/infra/security
    ref: v0.1.1
    file: /shared.yaml