.gitlab-ci.yml

variables:
  IMAGE: harbor.rnds.pro/rnds/gorynich
  BASE_IMG: harbor.rnds.pro/dockerhub/library/ruby
  BASE_TAG: alpine
  BUILD_TAG: builder
  COMMIT_SHA: $CI_COMMIT_SHORT_SHA
  BRANCH_TAG: $CI_COMMIT_REF_SLUG
  DOCKER_IMAGE: harbor.rnds.pro/dockerhub/library/docker:20.10.23-alpine3.17
  BUILDVERSION: ${CI_PIPELINE_ID}

stages:
  - tests
  - build
  - deploy

before_script:
  - mkdir -p ~/.docker
  - echo ${DOCKER_AUTH_CONFIG} > ~/.docker/config.json

# PREPARE STAGE

prepare:
  stage: .pre
  image: ${DOCKER_IMAGE}
  interruptible: true
  variables:
    TAG: ${BUILD_TAG}
  script:
    - docker compose build --force-rm --pull
    - TAG=${COMMIT_SHA} docker compose build --force-rm
    - docker compose push
    - TAG=${COMMIT_SHA} docker compose push

# TEST STAGE

.test:
  image: ${IMAGE}:${BUILD_TAG}
  stage: tests
  variables:
     COMPOSE_PROJECT_NAME: gorynich_${CI_PIPELINE_ID}_${CI_JOB_ID}
  script:
    - echo PREPARE
    - export TAG=${RUBY_VER}-${BRANCH_TAG}-base
    - docker compose build --force-rm --pull
    - export BASE_IMG=${IMAGE}
    - export BASE_TAG=${TAG}
    - export TAG=${RUBY_VER}-${BRANCH_TAG}
    - docker compose build --force-rm
    - docker compose up --force-recreate -t 1 --remove-orphans -d
    - docker compose exec -T builder bundle exec rails db:create db:migrate
    - docker compose exec -T builder bundle exec rspec | tee .coverage
    - docker compose exec -T builder cat rspec.xml > rspec.xml
    - docker cp $(docker compose ps -q builder):/home/app/coverage/ coverage/
  after_script:
    - docker compose down -v --remove-orphans
  coverage: '/\(\d+.\d+\%\) covered/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage/coverage.xml
      junit: rspec*.xml
    name: "coverage"
    paths:
      - .coverage
      - coverage
      - coverage/*
      - rubycritic/*

units:
  extends: .test
  parallel:
    matrix:
      - RUBY_VER: [2.6-alpine, 3.0-alpine, alpine]

# BUILD STAGE

build:
  image: ${IMAGE}:${BUILD_TAG}
  stage: build
  variables:
    BUILDVERSION: ${CI_PIPELINE_ID}
  script:
    - bundle config set --local path 'vendor/bundle'
    - bundle install --jobs=3 && bundle package --all
    - gem build `ls | grep gemspec`
  cache:
    paths:
      - vendor/bundle
      - vendor/cache
  artifacts:
    name: "gem"
    paths:
      - ./*.gem

# DEPLOY STAGE

pushgem:internal:
  image: rnds/ruby:3.0-test
  stage: deploy
  variables:
    GEM_REPOSITORY: "https://qlibrary.rnds.pro/repository/internal"
  script:
    - mkdir -p ~/.gem
    - export GEMFILE=`ls *.gem | tail -n 1`
    - gem nexus -V --url=$GEM_REPOSITORY --credential=$GEM_STORAGE_CREDS  `ls | grep gem$`
  only:
    - master
    - /^v\d$/
    - /^v\d\.\d$/

pushgem:rubygems:
  image: rnds/ruby:3.0-test
  stage: deploy
  script:
    - mkdir -p ~/.gem
    - 'echo ":rubygems_api_key: ${RUBYGEMS_KEY}" > ~/.gem/credentials'
    - chmod 600 ~/.gem/credentials
    - export GEMFILE=`ls *.gem | tail -n 1`
    - gem push $GEMFILE
  only:
    - master
    - /^v\d$/
    - /^v\d\.\d$/

badges:
  image: harbor.rnds.pro/dockerhub/rnds/gitlab-runner:latest
  stage: deploy
  allow_failure: true
  variables:
    BRANCH_LOCK: ci/${CI_PROJECT_NAME}/${CI_COMMIT_REF_SLUG}
    ENV_LOCK: ci/${CI_PROJECT_NAME}/${CI_ENVIRONMENT_SLUG}
    BADGES_URL: https://lysander.rnds.pro/api/v1/badges/gorynich
    URL: https://github.com/RND-SOFT/gorynich
  cache:
    paths:
      - vendor/bundle
      - vendor/cache
    policy: pull
  script:
    - bundle audit update
    - bundle audit || true
    - bundle outdated --only-explicit --no-pre --group default || true

    - version=$(ruby -e "require 'rubygems'; puts Gem::Specification::load('gorynich.gemspec').version") || true
    - vulnerable=$(bundle audit | grep "Name:" | sort | uniq | wc -l) || true
    - outdated=$(bundle outdated --only-explicit --no-pre --group default | grep "*" | wc -l) || true
    - quality=$(rubycritic -f lint lib | tail -n 1 | cut -d ' ' -f2) || true
    - coverage=$(cat .coverage | ruby -e 'puts /\((\d+.\d+)\%\) covered/.match(STDIN.read)[1]') || true

    - curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"version\", \"color\":\"blue\", \"icon\":\"ruby&logoColor\", \"message\":\"${version}\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_version.json" || true
    - curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"vulnerable\", \"color\":\"red\", \"message\":\"${vulnerable} gems\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_vulnerable.json" || true
    - curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"outdated\", \"color\":\"orange\", \"message\":\"${outdated} gems\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_outdated.json" || true
    - curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"quality\", \"color\":\"lightgray\", \"message\":\"${quality}%\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_quality.json" || true
    - curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"coverage\", \"color\":\"brightgreen\", \"message\":\"${coverage}%\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_coverage.json" || true
  only:
   - master