.gitlab-ci.yml

# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence

image: gradle:alpine

stages:
- build
- code-quality
- deploy
- update

before_script:
  - export GRADLE_USER_HOME=`pwd`/.gradle
  - chmod +x $CI_PROJECT_DIR/gradlew

build:
  stage: build
  only:
    - /^develop$/i
    - /^main$/i
    - /^release.*$/i
    - merge_requests
  script:
    - echo "🔢 Compiling the code ..."
    - $CI_PROJECT_DIR/gradlew --build-cache assemble
    - echo "Compile complete."
  artifacts:
    name: "${CI_JOB_NAME}-${CI_COMMIT_REF_SLUG}"
    untracked: true
    expire_in: 1 hour
  tags:
    - education


unit-test:
  stage: code-quality
  needs:
    - job: build
      artifacts: true
  only:
    - /^develop$/i
    - /^main$/i
    - /^release.*$/i
    - merge_requests
  script:
    - echo "🚛 Running unit tests ..."
    - $CI_PROJECT_DIR/gradlew test jacocoTestReport
    - echo "🚛 Unit tests complete."
  artifacts:
    when: always
    reports:
      junit: build/test-results/test/**/TEST-*.xml
    paths:
      - $CI_PROJECT_DIR/build/reports/jacoco/test/jacocoTestReport.xml
  tags:
    - education

coverage:
  stage: code-quality
  needs: 
    - job: unit-test
      artifacts: true
  only:
    - /^develop$/i
    - /^main$/i
    - /^release.*$/i
    - merge_requests
  image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.7
  script:
    - python /opt/cover2cover.py build/reports/jacoco/test/jacocoTestReport.xml $CI_PROJECT_DIR/src/main/java/ > build/cobertura.xml
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: build/cobertura.xml
  tags:
    - education

sonarqube-check:
  stage: code-quality
  needs:
    - job: build
      artifacts: true  
    - job: unit-test
      artifacts: true      
    - job: coverage
      artifacts: true
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: gradle sonar
  allow_failure: true
  only:
    - merge_requests
    - main
    - develop
  tags:
    - education

sast:
  stage: code-quality
  tags:
    - education

docker-job:
  stage: deploy
  image: docker:latest # Use the official docker image.
  services:
    - docker:dind
  variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  before_script:
    - docker info
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - ls build/libs/
  script:
    - echo "🏭 Starting docker build ..."
    - docker build -t $IMAGE_TAG -f ./Dockerfile .
    - echo "📤 Pushing image ..."
    - docker push $IMAGE_TAG
    - echo "📤 image pushed."
  tags:
    - education

watchtower-update:
  stage: update
  needs:
    - job: docker-job
      artifacts: true
  variables:
    CURL_UPDATE: 'curl -H "Authorization: Bearer =wU.603i3s97" http://namibia.sybit.de:8080/v1/update'
  before_script:
    - apk --no-cache --update add curl
  script:
    - echo "💡 Watchtower starts Container update ..."
    - 'eval "$CURL_UPDATE"'
    - echo "Container got updated."
  rules:
    - if: $CI_COMMIT_BRANCH == "develop"
      when: delayed
      start_in: 5 minutes
  tags:
    - education

include:
- template: Security/SAST.gitlab-ci.yml