image: registry.gitlab.com/openstapps/projectmanagement/node

before_script:
  - npm ci

stages:
  - build
  - test
  - maintenance
  - audit
  - publish
  - deploy

npm build:
  stage: build
  script:
    - npm run build
  artifacts:
    paths:
      - lib

npm test:
  script:
    - npm run test
  stage: test

docker image builder:
  image: registry.gitlab.com/openstapps/projectmanagement/builder
  stage: build
  only:
    variables:
      - $BUILD_IMAGES == "true"
  variables:
    DOCKER_DRIVER: overlay2
  services:
    - docker:dind
  script:
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
    - docker build -t registry.gitlab.com/openstapps/projectmanagement/builder -f images/builder/Dockerfile .
    - docker push registry.gitlab.com/openstapps/projectmanagement/builder
  tags:
    - docker

docker image node:
  image: registry.gitlab.com/openstapps/projectmanagement/builder
  stage: build
  only:
    variables:
      - $BUILD_IMAGES == "true"
  variables:
    DOCKER_DRIVER: overlay2
  services:
    - docker:dind
  script:
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com/openstapps/projectmanagement/
    - docker build -t registry.gitlab.com/openstapps/projectmanagement/node -f images/node/Dockerfile images/node
    - docker push registry.gitlab.com/openstapps/projectmanagement/node
  tags:
    - docker

npm audit:
  allow_failure: true
  except:
    - schedules
  script:
    - npm audit
  stage: audit

scheduled npm audit:
  only:
    - schedules
  except:
    variables:
      - $MAINTENANCE_MODE
      - $RENOVATE
  script:
    - npm audit --audit-level=high
  stage: audit

tidy:
  script:
    - node lib/cli tidy
  stage: maintenance
  only:
    variables:
      - $MAINTENANCE_MODE == "tidy"
  tags:
    - secrecy

remind:
  script:
    - node lib/cli remind
  stage: maintenance
  only:
    variables:
    - $MAINTENANCE_MODE == "remind"
  tags:
    - secrecy

unlabel:
  script:
    - node lib/cli tidy
    - node lib/cli unlabel
  stage: maintenance
  only:
    variables:
      - $MAINTENANCE_MODE == "unlabel"
  tags:
    - secrecy

pages:
  stage: deploy
  script:
    - npm run documentation
    - mv docs public
  only:
    - /^v[0-9]+\.[0-9]+\.[0-9]+$/
  artifacts:
    paths:
      - public

package:
  dependencies:
    - npm build
  tags:
    - secrecy
  stage: publish
  script:
    - echo "//registry.npmjs.org/:_authToken=$NPM_AUTH_TOKEN" > ~/.npmrc
    - npm publish
  only:
    - /^v[0-9]+.[0-9]+.[0-9]+$/
  artifacts:
    paths:
      - lib

renovate:
  image: renovate/renovate:slim
  services:
    - docker:dind
  cache:
    key: ${CI_COMMIT_REF_SLUG}-renovate
    paths:
      - $CI_PROJECT_DIR/renovate
  resource_group: production
  stage: maintenance
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: 1
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_CERT_PATH: /certs/client
    RENOVATE_EXTENDS: "gitlab>openstapps/projectmanagement"
    RENOVATE_BASE_DIR: $CI_PROJECT_DIR/renovate
    RENOVATE_ENDPOINT: $CI_API_V4_URL
    RENOVATE_PLATFORM: gitlab
    RENOVATE_OPTIMIZE_FOR_DISABLED: 'true'
    RENOVATE_REPOSITORY_CACHE: 'true'
    RENOVATE_REQUIRE_CONFIG: 'ignored'
    RENOVATE_ONBOARDING: 'false'
    RENOVATE_IGNORE_PR_AUTHOR: 'true'
    RENOVATE_LOG_FILE: renovate-log.ndjson
    RENOVATE_LOG_FILE_LEVEL: info
    LOG_LEVEL: warn
  only:
    variables:
      - $RENOVATE == "true"
  tags:
    - gitlab-org-docker
  artifacts:
    when: always
    expire_in: 1d
    paths:
      - "$RENOVATE_LOG_FILE"
  before_script: []
  script:
    - renovate $RENOVATE_EXTRA_FLAGS