.gitlab-ci.yml

stages:
  - prepare
  - test
  - build image
  - trigger deploy
  - static scans
  - publish pages

variables:
  MYSQL_ROOT_PASSWORD: "root"
  MYSQL_DATABASE: "director_test"
  MYSQL_USER: "director_v2"
  MYSQL_PASSWORD: "director_v2"
  # VAULT_ADDR: defined in GitLab variables
  SERVICE_IMAGE: "advancedtelematic/director"
  # The same image have to be used by test and code coverage jobs:
  TEST_IMAGE: advancedtelematic/gitlab-jobs:0.2.5
  TEST_IMAGE_SONAR: advancedtelematic/gitlab-jobs-sonar:0.0.3

default:
  services:
    - name: mariadb:10.4.31
      alias: db
      command:
        - --character-set-server=utf8
        - --collation-server=utf8_unicode_ci
        - --max_connections=1000

test:
  stage: test
  except:
    refs:
      - deploy/sit
  image: $TEST_IMAGE
  except:
    refs:
      - deploy/sit
  variables:
    DB_URL: "jdbc:mariadb://db:3306/$MYSQL_DATABASE"
    SONAR_USER_HOME: $CI_PROJECT_DIR/.caches/sonar
  before_script:
    - echo "GRANT ALL PRIVILEGES ON \`director%\`.* TO 'director_v2'@'%'; FLUSH PRIVILEGES; " > db_user.sql
    - mysqladmin ping --protocol=TCP -h db -P 3306 -u root -proot
    - mysql -v -h db -u root -proot < db_user.sql
  script:
    - sbt -sbt-dir ./.sbt -ivy ./.ivy2 -Dsbt.override.build.repos=true -Dsbt.repository.config=sbt-repositories.conf clean compile coverage test
  artifacts:
    paths:
      - "target/scala-*/scoverage-data"
      - "target/scala-*/src_managed"
      - "target/scala-*/classes"
  cache:
    paths:
      - .ivy2/
      - .sbt/

code coverage:
  extends: .report_scala_coverage
  except:
    refs:
      - deploy/sit
  allow_failure: true
  image: $TEST_IMAGE_SONAR

build docker image:
  stage: build image
  except:
    refs:
      - schedules
      - deploy/sit
  only:
    refs:
      - master
      - /^deploy/.*$/
  variables:
    DOCKER_TLS_CERTDIR: ""
    DOCKER_HOST: tcp://docker:2375
  image: advancedtelematic/gitlab-jobs:0.3.3
  services:
    - docker:19.03.12-dind
  script:
    - env | sort
    - gitlab-docker-login $VAULT_ADDR
    - sbt -x -sbt-dir ./.sbt -ivy ./.ivy2 -batch docker:publish
    - docker tag advancedtelematic/director-v2:${CI_COMMIT_SHA} hcr.data.here.com/ota_saas/director-v2:${CI_COMMIT_SHA}
    - docker push hcr.data.here.com/ota_saas/director-v2:${CI_COMMIT_SHA}
  cache:
    paths:
      - .ivy2/
      - .sbt/

trigger dev deploy:
  stage: trigger deploy
  except:
    - schedules
  only:
    - master
  variables:
    ENV: "dev"
    NEW_TAG: $CI_COMMIT_SHA
    SERVICE: $CI_PROJECT_NAME
    CREATE_COMMIT: "true"
    UPSTREAM_COMMIT_MESSAGE: $CI_COMMIT_MESSAGE
  trigger:
    project: OLP/EDGE/OTA/infra/deployment-descriptors
    branch: master

trigger sit deploy:
  stage: trigger deploy
  except:
    - schedules
  only:
    - deploy/sit
  variables:
    ENV: "sit"
    NEW_TAG: $CI_COMMIT_SHA
    SERVICE: $CI_PROJECT_NAME
    CREATE_COMMIT: "true"
    UPSTREAM_COMMIT_MESSAGE: $CI_COMMIT_MESSAGE
  trigger:
    project: OLP/EDGE/OTA/infra/deployment-descriptors
    branch: master


include:
  - template: SAST.gitlab-ci.yml
  - project: "poit/spc/be/prodsec-secret-detection"
    file: "ITT-Secret-Detection.gitlab-ci.yml"
  - project: olp/edge/ota/infra/security
    ref: v0.1.1
    file: /shared.yaml