.gitlab-ci.yml

stages:
  - lint
  - build
  - test
  - publish

default:
  tags:
    - aws_run_k8s_intel

variables:
  MTR_REGISTRY: mtr.devops.telekom.de
  MTR_REGISTRY_IMAGE: mtr.devops.telekom.de/secureops/safescarf-connector
  README_FILE: README.md
  SAFESCARF_HOST: https://dt-sec.safescarf.pan-net.cloud/

lint_readme:
  stage: lint
  image: dockerhub.devops.telekom.de/alpine:latest
  rules:
    # don't run on release pipelines when 'X.Y.Z' pattern is created
    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'
      when: never
  script:
    - apk --no-cache add nodejs npm
    - npm install -g markdownlint-cli
    - markdownlint -c .linter-config/markdownlint-cli-config.yml $README_FILE

build_image:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  rules:
    - if: '$CI_COMMIT_REF_PROTECTED == "true"'
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${MTR_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${MTR_REGISTRY_USER}" "${MTR_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor
        --context "${CI_PROJECT_DIR}"
        --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
        --destination "${MTR_REGISTRY_IMAGE}:$CI_COMMIT_SHORT_SHA"

#scan-docker-image-trivy:
#  stage: test
#  image:
#    name: registry.safescarf.pan-net.cloud/trivy
#    entrypoint: [""]
#  rules:
#    - if: '$CI_COMMIT_REF_PROTECTED == "true"'
#  script:
#    - ci-connector --version
#    - time trivy image --format json --output "$CI_PROJECT_DIR/trivy-container-scanning-report.json" "${MTR_REGISTRY_IMAGE}:$CI_COMMIT_SHORT_SHA"
#    - ci-connector upload-scan --scanner 'Trivy Scan' -e "${SAFESCARF_ENG_ID}" -f "$CI_PROJECT_DIR/trivy-container-scanning-report.json" --token "$SAFESCARF_API_TOKEN"

publish_release:
  stage: publish
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  rules:
    # Runs only when a tag with 'X.Y.Z' pattern is created
    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${MTR_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${MTR_REGISTRY_USER}" "${MTR_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor
        --context "${CI_PROJECT_DIR}"
        --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
        --destination "${MTR_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"