.gitlab-ci.yml

include:
  - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'

stages:
  - semgrep
  - build-maven
  - build-docker

semgrep:
  stage: semgrep
  image: returntocorp/semgrep-agent:latest
  script: semgrep-agent --gitlab-json > gl-sast-report.json || true
  variables:
    SEMGREP_RULES: >- # more at semgrep.dev/explore
      p/r2c-ci
      p/r2c-security-audit
      p/command-injection
      p/jwt
      p/xss
  artifacts:
    reports:
      sast: gl-sast-report.json

build-maven:
  stage: build-maven
  image: maven:3-openjdk-17
  variables:
    MAVEN_OPTS: '-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository'
  script:
    - mvn clean package
    - git diff --exit-code
    - git describe --tags | sed 's/\(.*\)-.*/\1/' > ./VERSION.txt
  cache:
    key: '$CI_JOB_NAME-$CI_COMMIT_REF_SLUG'
    paths:
      - '.m2/repository'
      - 'ones-frontend/node'
  artifacts:
    expire_in: 1 hour
    paths:
      - ones-webapp/target/ones-webapp.jar
      - VERSION.txt
    reports:
      junit:
        - 'ones-frontend/junit.xml'
        - 'ones-webapp/target/surefire-reports/TEST-*.xml'
        - 'ones-webapp/target/failsafe-reports/TEST-*.xml'

build-docker:
  stage: build-docker
  only:
    - master
  dependencies:
    - semgrep
    - build-maven
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [ "" ]
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"$(echo -n $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD | base64)\"}}}" > /kaniko/.docker/config.json
    - version=`cat VERSION.txt`
    - echo Publishing version $version
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.io/fourtyseveneleven/ones:$version --destination docker.io/fourtyseveneleven/ones:latest