.gitlab-ci.yml

stages:
  - first
  - build_and_test
  - package
  - security
  - upload

.cljs-job: &cljs
  image: domaindrivenarchitecture/shadow-cljs
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
      - .shadow-cljs/
      - .m2
  before_script:
    - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
    - npm install

.clj-uploadjob: &clj
  image: clojure:lein-2.7.1-alpine
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - .m2
  before_script:
    - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj

.test-cljs:
  <<: *cljs
  stage: build_and_test
  script:
    - shadow-cljs compile test

test-clj:
  <<: *clj
  stage: build_and_test
  script:
    - lein test

.report-frontend:
  <<: *cljs
  stage: package
  script:
    - mkdir -p target/frontend-build
    - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
  artifacts:
    paths:
      - target/frontend-build/build-report.html

.package-frontend:
  <<: *cljs
  stage: package
  script:
    - mkdir -p target/frontend-build
    - shadow-cljs release frontend
    - cp public/js/main.js target/frontend-build/k8s-keycloak.js
    - sha256sum target/frontend-build/k8s-keycloak.js > target/frontend-build/k8s-keycloak.js.sha256
    - sha512sum target/frontend-build/k8s-keycloak.js > target/frontend-build/k8s-keycloak.js.sha512
  artifacts:
    paths:
      - target/frontend-build

package-uberjar:
  <<: *clj
  stage: package
  script:
    - lein uberjar
    - sha256sum target/uberjar/k8s-keycloak-standalone.jar > target/uberjar/k8s-keycloak-standalone.jar.sha256
    - sha512sum target/uberjar/k8s-keycloak-standalone.jar > target/uberjar/k8s-keycloak-standalone.jar.sha512
  artifacts:
    paths:
      - target/uberjar

sast:
  variables:
    SAST_EXCLUDED_ANALYZERS:
      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
      pmd-apex, security-code-scan, sobelow, spotbugs
  stage: security
  before_script:
    - mkdir -p builds && cp -r target/ builds/
include:
  - template: Security/SAST.gitlab-ci.yml

upload-clj-prerelease:
  <<: *clj
  stage: upload
  rules:
    - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
  script:
    - lein deploy clojars

release:
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  stage: upload
  rules:
    - if: '$CI_COMMIT_TAG != null'
  artifacts:
    paths:
      - target/uberjar
      - target/frontend-build
  script:
    - apk --no-cache add curl
    - |
      release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
        --assets-link "{\"name\":\"k8s-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar\"}" \
        --assets-link "{\"name\":\"k8s-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar.sha256\"}" \
        --assets-link "{\"name\":\"k8s-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar.sha512\"}" \
        --assets-link "{\"name\":\"k8s-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js\"}" \
        --assets-link "{\"name\":\"k8s-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js.sha256\"}" \
        --assets-link "{\"name\":\"k8s-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js.sha512\"}" \