.gitlab-ci.yml

image: python:3.8-buster

variables:
  GIT_SSL_NO_VERIFY: "true"
  GIT_STRATEGY: clone
  DOCKER_DRIVER: overlay2
  REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt

stages:
  - build

before_script:
  - REPO=${CI_REPOSITORY_URL#*@}
  - REPO_BASE=${REPO%.com/*}.com
  - REPO_URL=git@${REPO_BASE}:${REPO#*/}
  - apt-get update -y
  - apt-get install -y git ca-certificates
  - echo "$HII_CA_PUBLIC" | base64 --decode | tr -d '\r' > /usr/local/share/ca-certificates/hii_ca.crt
  - update-ca-certificates
  - mkdir -p ~/.ssh && chmod 700 ~/.ssh
  - echo "$SSH_PRIVATE_KEY" | base64 --decode | tr -d '\r' > ~/.ssh/id_rsa
  - chmod 600 ~/.ssh/id_rsa
  - chmod +x ./.git_ssh
  - cp ./.ssh_config ~/.ssh/config
  - chmod 600 ~/.ssh/config
  - pip config set global.cert /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  - git config user.name "${TRIGGER_USER_NAME:-${GITLAB_USER_NAME:-"GitLab CI"}}"
  - git config user.email "${TRIGGER_USER_EMAIL:-$GITLAB_USER_EMAIL}"
  - git config push.default matching

Build:
  stage: build
  script:
    - sh echo_info.sh
    - git checkout ${CI_COMMIT_REF_NAME:-develop}
    - python3 update_subs.py --verbose --url_base git@${REPO_BASE} --repo_branch ${CI_COMMIT_REF_NAME:-develop}
    - |
      CHANGES=$(git status --porcelain | wc -l)
      if [[ "${CHANGES}" -gt 0 ]]; then
        git add --all
        git commit -m "Update from repo ${TRIGGER_REPO:-"Commit"}"
        git remote show origin
        git push https://gitlab-ci-token:${OPENC2_OIF_ORCH_ACCESS_TOKEN}@ccoe-gitlab.hii-tsd.com/screamingbunny/public/openc2-oif-orchestrator.git $CI_COMMIT_REF_NAME
      else
        echo "Relax... nothing to commit..."
      fi