include:
  - project: 'devops/compliance'
    file: '/rendered/license.yml'
  - template: Jobs/SAST.gitlab-ci.yml

variables:
  RUNNER_GENERATE_ARTIFACTS_METADATA: 'true'
  imageName: 'wzrdtales/spawn-cluster:test'
  MOCHA_DIR: ./.test_reports
  MOCHA_FILE: $MOCHA_DIR/test-results.xml
  # Setting this variable will affect all Security templates
  # (SAST, Dependency Scanning, ...)
  SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers'
  # SECURE_ANALYZERS_PREFIX: "wzrdtales"
  SECRET_DETECTION_IMAGE_SUFFIX: ''

  SECRETS_ANALYZER_VERSION: '4'
  SECRET_DETECTION_EXCLUDED_PATHS: ''

  LICENSE_MANAGEMENT_SETUP_CMD: '' # If needed, specify a command to setup your environment with a custom package manager.
  LICENSE_MANAGEMENT_VERSION: '3.1'

  NPMCMD: 'pnpm'

stages:
  - test
  - build
  - docker

.nodecache:
  cache: &spec__audit_-_cache
    paths:
      - node_modules
    untracked: true

.nodeversion: &nodeversion registry.dev0.wizardtales.com/comcon/pnpm:18

.containerbuild:
  script: &build_container_dev_-_script
    - 'echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}"
      > /kaniko/.docker/config.json'
    - '/kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile
      --destination ${IMAGEBASE:-$CI_REGISTRY_IMAGE}:$TAG'

license:
  image: *nodeversion
  cache: *spec__audit_-_cache
  only:
    changes:
      - package.json
      - package-lock.json
      - pnpm-lock.json

spec::audit:
  before_script:
    - 'pnpm install'
  cache: *spec__audit_-_cache
  image: *nodeversion
  script:
    - 'pnpm audit --audit-level critical --prod'
  interruptible: true
  stage: test

spec::test:
  before_script:
    - 'pnpm install'
  cache: *spec__audit_-_cache
  image: *nodeversion
  script:
    - 'pnpm test'
  stage: test
  interruptible: true
  artifacts:
    when: always
    reports:
      junit: $MOCHA_DIR/**/*.xml

prep::stripped::build:
  artifacts:
    expire_in: 1d
    paths:
      - node_modules
  image: *nodeversion
  cache: *spec__audit_-_cache
  script:
    - pnpm install && pnpm prune --prod
  interruptible: true
  stage: build

build:container:latest:
  dependencies:
    - prep::stripped::build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: ['']
  stage: docker
  variables:
    #IMAGEBASE: 'wzrdtales/spawn-cluster'
    TAG: 'latest'
  script: *build_container_dev_-_script
  interruptible: true
  only:
    - master

build:container:dev:
  dependencies:
    - prep::stripped::build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: ['']
  stage: docker
  variables:
    #IMAGEBASE: 'wzrdtales/spawn-cluster'
    TAG: 'dev'
  script: *build_container_dev_-_script
  interruptible: true
  only:
    - develop
    - /^feat.*$/
    - /^fix.*$/

build:container:tag:
  dependencies:
    - prep::stripped::build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: ['']
  stage: docker
  variables:
    #IMAGEBASE: 'wzrdtales/spawn-cluster'
    TAG: '$CI_COMMIT_TAG'
  script: *build_container_dev_-_script
  interruptible: true
  only:
    - tags

.secret-analyzer:
  stage: test

  image: '$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION$SECRET_DETECTION_IMAGE_SUFFIX'
  services: []
  allow_failure: true
  variables:
    GIT_DEPTH: '50'
  artifacts:
    reports:
      secret_detection: gl-secret-detection-report.json

secret_detection:
  extends: .secret-analyzer
  needs: []
  rules:
    - if: $SECRET_DETECTION_DISABLED
      when: never
    - if: $CI_COMMIT_BRANCH
  script:
    - /analyzer run
    - cat gl-secret-detection-report.json