.gitlab-ci.yml

# SPDX-License-Identifier: AGPL-3.0-only
# SPDX-FileCopyrightText: 2023 Univention GmbH

---
include:
  - project: "univention/customers/dataport/upx/common-ci"
    ref: "v1.35.0"
    file:
      - "defaults/stages.yaml"
      - "defaults/nubus-workflow.yaml"
      - "jobs/lint-commit-messages.yaml"
      - "jobs/lint-pre-commit.yaml"
      - "jobs/semantic-release-env.yaml"
      - "jobs/container-build-external.yaml"
      - "jobs/package-and-publish-helm-charts-external.yaml"
      - "jobs/check-debian-updates.yaml"

variables:
  SOUVAP_HELM_PROJECT_ID: 77

lint-pre-commit:
  before_script:
    - "helm repo add bitnami https://charts.bitnami.com/bitnami"

.build-matrix: &build-matrix
  - IMAGE_NAME: "keycloak-handler"
    KANIKO_BUILD_CONTEXT: "$CI_PROJECT_DIR/handler"
  - IMAGE_NAME: "keycloak-proxy"
    KANIKO_BUILD_CONTEXT: "$CI_PROJECT_DIR/proxy"

.publish-matrix: &publish-matrix
  - IMAGE_NAME:
      - "keycloak-handler"
      - "keycloak-proxy"

container-build:
  parallel:
    matrix: *build-matrix
  variables:
    KANIKO_ARGS: "--skip-unused-stages=true --cache=true --cache-repo=$CI_REGISTRY_IMAGE/${IMAGE_NAME}-cache"
    DOCKERFILE_PATH: "${CI_PROJECT_DIR}/docker/${IMAGE_NAME}/Dockerfile"

container-malware-scan:
  parallel:
    matrix: *publish-matrix

container-sign-external:
  parallel:
    matrix: *publish-matrix

push-image-external:
  parallel:
    matrix: *publish-matrix

lint-helm-chart:
  stage: "lint"
  needs: []
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: "never"
    - when: "on_success"
  image:
    name: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.0.2"
    entrypoint: [""]
  script:
    - helm repo add bitnami https://charts.bitnami.com/bitnami
    - helm dependency build helm/keycloak-extensions
    - helm lint helm/keycloak-extensions --strict

# TODO: this needs to be refactored. It started failing today
# tests:
#   stage: "test"
#   needs: []
#   rules:
#     - if: '$CI_PIPELINE_SOURCE == "schedule"'
#       when: "never"
#     - when: "on_success"
#   trigger:
#     include: "/.gitlab/ci/tests/docker_tests.yml"
#     strategy: depend

check-debian-updates:
  parallel:
    matrix: *publish-matrix
  variables:
    TARGET_IMAGE: "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest"

...