---

include:
  - template: Security/SAST.gitlab-ci.yml

variables:
  PKGDEST: $CI_PROJECT_DIR/packages
  PACKAGER: 'Alexandre Pujol <alexandre@pujol.io>'

stages:
  - lint
  - test
  - build
  - preprocess
  - deploy


# Code Linter
# -----------

bash:
  stage: lint
  image: koalaman/shellcheck-alpine
  script:
    - shellcheck --shell=bash
        PKGBUILD dists/build.sh
        tests/packer/init/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh
        debian/apparmor.d.postinst debian/apparmor.d.postrm

golangci-lint:
  stage: lint
  image: golangci/golangci-lint
  script:
    - golangci-lint run

sast:
  stage: lint


# Code test
# ---------

tests:
  stage: test
  image: golang
  coverage: '/Coverage: \d+.\d+/'
  script:
    - apt update && apt install -y rsync
    - cp tests/journalctl /usr/bin/journalctl
    - chmod 755 /usr/bin/journalctl
    - mkdir -p /var/log/audit/
    - touch /var/log/audit/audit.log /var/log/audit/audit.log.1
    - go test ./cmd/... -v -cover -coverprofile=coverage.out
    - go test ./pkg/... -v -cover -coverprofile=coverage.out
    - go tool cover -func=coverage.out


# Package Build
# -------------

archlinux:
  stage: build
  image: registry.gitlab.com/roddhjav/builders/archlinux
  script:
    - sudo pacman -Syu --noconfirm --noprogressbar
    - makepkg -s --noconfirm --noprogressbar
  artifacts:
    expire_in: 1 day
    paths:
      - $PKGDEST/*

debian:
  stage: build
  image: registry.gitlab.com/roddhjav/builders/debian
  script:
    - sudo chown -R build:build /builds/
    - git config --global --add safe.directory $CI_PROJECT_DIR
    - VERSION="0.$(git rev-list --count HEAD)-1"
    - mkdir -p "$PKGDEST"
    - sudo apt-get update -q && sudo apt-get install -y config-package-dev rsync
    - sudo apt-get install -y -t bullseye-backports golang-go
    - dpkg-buildpackage -b -d --no-sign
    - mv ../*.deb $PKGDEST/
  artifacts:
    expire_in: 1 day
    paths:
      - $PKGDEST/*.deb

ubuntu:
  extends: debian
  variables:
    DISTRIBUTION: ubuntu


# Profile Preprocessing
# ---------------------

preprocess-archlinux:
  stage: preprocess
  image: archlinux
  dependencies:
    - archlinux
  script:
    - pacman -Syu --noconfirm --noprogressbar apparmor
    - pacman -U --noconfirm --noprogressbar $PKGDEST/*
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null

preprocess-debian:
  stage: preprocess
  image: debian
  dependencies:
    - debian
  script:
    - apt-get update -q
    - apt-get install -y apparmor apparmor-profiles
    - dpkg --install $PKGDEST/*
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null

preprocess-ubuntu:
  stage: preprocess
  image: ubuntu
  dependencies:
    - ubuntu
  script:
    - apt-get update -q
    - apt-get install -y apparmor apparmor-profiles
    - dpkg --install $PKGDEST/*
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null

preprocess-opensuse:
  stage: preprocess
  image: opensuse/tumbleweed
  script:
    - zypper install -y apparmor-profiles go git rsync util-linux findutils make
    - make
    - make install
    - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null


# Deploy the documentation 
# ------------------------

pages:
  stage: deploy
  image: python
  variables:
    GIT_STRATEGY: clone
    GIT_DEPTH: 0
  script:
    - pip install -r requirements.txt
    - mkdocs build --verbose --site-dir public
  artifacts:
    paths:
      - public
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH