.gitlab-ci.yml

variables:
  ### Disable cache in Docker builds, as this has occasionally resulted in images not containing what was
  ### expected multiple MRs where being built/retried.
  NO_CACHE: 'true'
  ### Replace RESOURCE with the name of the image you want to build and publish in OpenShift
  ### Important! In order for this template to work, the name of the gitlab repo must match
  ### also the variable name
  RESOURCE: cern-search-rest-api
  ### OpenShift namespace and server values
  NAMESPACE: cern-search-master
  NAMESPACE_DEV: test-cern-search-master
  OPENSHIFT_SERVER: https://openshift.cern.ch
  OPENSHIFT_SERVER_DEV: https://openshift-dev.cern.ch

### By default, there are 6 stages that we may use:
### Feel free to adapt this to your specific case.
stages:
  - build_base
  - check_base
  - test
  - build
  - tag_image
  - import_image # This stage is only used when the built image is stored in the GitLab Registry
  - deploy

### Build the image and store it in the registry. It is important that this step
### doesn't override the image the applications are running, as we haven't tested the image yet
.build_image:
  stage: build
  tags:
    - docker-image-build
  script: 'echo "Building Docker image..."'

### Import image into OpenShift.
.import_image:
  stage: import_image
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
    - oc import-image ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}

### If a new tag is pushed it needs to be referenced into the ImageStream
.tag_image:
  stage: tag_image
  only:
  - tags
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
    - oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_REGISTRY_TAG} ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}


######################################################
################### Merge Requests ###################

#'Build Base' stage
# Builds the base docker image and tags it according to the commit message.
build_base_image:
  extends: .build_image
  stage: build_base
  only:
    refs:
      - merge_requests
    changes:
      - Dockerfile-base
      - pyproject.toml
      - poetry.lock
  when: manual
  variables:
    DOCKER_FILE: Dockerfile-base
    TO: gitlab-registry.cern.ch/webservices/cern-search/cern-search-rest-api/cern-search-rest-api-base:${CI_COMMIT_SHA}

# Validate dockerfile is updated with base image tag
validate-base-image-updated:
  stage: check_base
  only:
    refs:
      - merge_requests
    changes:
      - Dockerfile-base
      - pyproject.toml
      - poetry.lock
  script:
    - git diff --name-only origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME | grep -q -E "(^|[^-])\bDockerfile\b([^-]|$)"

# Lint
lint:
  services:
    - docker:dind
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
  stage: test
  only:
    refs:
      - merge_requests
  image: tmaier/docker-compose:latest
  script: make build-env lint MODE=test
  before_script:
    - docker info
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - docker-compose --version
    - apk add make
  allow_failure: true
  tags:
    - docker-privileged-xl

# Test
test:
  services:
    - docker:dind
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
  stage: test
  only:
    refs:
      - merge_requests
  image: tmaier/docker-compose:latest
  script: make ci-test MODE=test
  before_script:
    - docker info
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - docker-compose --version
    - apk add make
    - apk add openssl
  tags:
    - docker-privileged-xl

# Build the image and store it in the registry.
build_test_version_manual:
  extends: .build_image
  only:
    refs:
      - merge_requests
  when: manual
  variables:
    BUILD_ARG: build_env=dev
    TO: ${CI_REGISTRY_IMAGE}:$CI_COMMIT_REF_SLUG

### Create tag in OpenShift.
tag_image_merge_request_prod:
  extends: .tag_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

### Create tag in OpenShift DEV.
tag_image_merge_request_dev:
  extends: .tag_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

# Import image into OpenShift.
import_image_merge_request_prod:
  extends: .import_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

# Import image into OpenShift DEV.
import_image_merge_request_dev:
  extends: .import_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

######################################################
##################### Dev branch #####################
build_dev_version:
  extends: .build_image
  only:
    - dev
  variables:
    BUILD_ARG: build_env=dev

### Import image into OpenShift.
import_image_dev_branch_prod:
  extends: .import_image
  only:
    - dev
  environment:
    name: staging
  variables:
    TAG: latest
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

### Import image into OpenShift DEV
import_image_dev_branch_dev:
  extends: .import_image
  only:
    - dev
  environment:
    name: staging
  variables:
    TAG: latest
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

######################################################
####################### Tags ########################
build_tagged_version:
  extends: .build_image
  only:
    - tags
  variables:
    TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}

### Create tag in OpenShift.
tag_image_prod:
  extends: .tag_image
  environment:
    name:  production
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

### Create tag in OpenShift DEV.
tag_image_dev:
  extends: .tag_image
  environment:
    name:  production
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

### Import image into OpenShift.
import_tagged_image_prod:
  extends: .import_image
  environment:
    name:  production
  only:
  - tags
  variables:
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

### Import image into OpenShift DEV.
import_tagged_image_dev:
  extends: .import_image
  environment:
    name:  production
  only:
  - tags
  variables:
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

### Deploy stable into OpenShift.
deploy_production:
  extends: .tag_image
  stage: deploy
  environment:
    name:  production
  when: manual
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: stable
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

### Deploy stable into OpenShift DEV.
deploy_dev:
  extends: .tag_image
  stage: deploy
  environment:
    name:  production
  when: manual
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: stable
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}