#
# Copyright IBM Corp. 2024, 2025
#

version: "2"
tasks:
  pr-code-checks:
    include:
      - dind
    steps:
      - name: checks-setup
        onError: stopAndFail
        when: "true"
        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.54
        script: |
          #!/usr/bin/env bash
          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/scripts/prm_checks_setup.sh
      - name: detect-secrets
        when: "false"
        include:
          - docker-socket
        script: |
          #!/usr/bin/env bash
          exit 0
      - name: compliance-checks
        runAfter:
          - checks-setup
        when: "true"
        include:
          - docker-socket
        script: |
          #!/usr/bin/env bash
          echo "Skipping Code Complaince In Merge...."
      - name: static-scan
        when: "true"
        onError: stopAndFail
        include:
          - docker-socket
        script: |
          echo "Running Static Scan...."
          "/opt/commons/static-scan/run.sh" # https://github.ibm.com/open-toolchain/compliance-commons/blob/master/static-scan/run.sh
          echo "checking mend scan"
          list_env
          STATIC_SCAN_SUCCESS="static-scan-success"
          STATIC_SCAN_FAILED="static-scan-failed"
          STATIC_SCAN=$(get_env failure_reason_mend-sast "")
          echo "mend STATIC_SCAN Variable: $STATIC_SCAN"
          if [ -n "$STATIC_SCAN" ] && [ "$STATIC_SCAN" = "tool_detected_vulnerabilities" ]; then
           echo "mend scan failed add static-scan failed label"
           source "$WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/scripts/mend_scan_label.sh" "$STATIC_SCAN_FAILED"
          else
           echo "mend scan got success add static scan success label"
           source "$WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/scripts/mend_scan_label.sh" "$STATIC_SCAN_SUCCESS"
          fi

  # Configuration for the code-build task in the ci-pipeline
  pr-code-build:
    include:
      - dind
    steps:
      - name: unit-test
        when: "true"
        onError: continue
        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.54
        script: |
          #!/usr/bin/env bash
          echo "Skipping the unit test in Merge....."
          exit 0
      - name: build-artifact
        DisplayName: "Build image..."
        when: "true"
        include:
          - docker-socket
        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.54
        onError: stopAndFail
        script: |
          #!/usr/bin/env bash
          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/scripts/prm_build_artifacts.sh
      - name: scan-artifact
        skip: true
        when: "true"
        include:
          - docker-socket
        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.25
        onError: stopAndFail
        script: |
          #!/bin/sh
          exit 0


  finally:
    app-preview-pr-finish:
      steps:
        - name: run-stage
          image: icr.io/continuous-delivery/pipeline/pipeline-base-image:2.53
          onError: stopAndFail
          image_pull_policy: IfNotPresent
          script: "/opt/commons/custom-finish/finish.sh"