.gitlab-ci.yml

image: azul/zulu-openjdk-debian:21

# Enable Docker-in-Docker (DinD) for TestContainers and Docker image builds.
services:
  - docker:dind

variables:
  DOCKER_HOST: "tcp://docker:2375"
  # Improve performance by using overlayfs
  DOCKER_DRIVER: overlay2
  # Disable Gradle daemon during build
  GRADLE_OPTS: "-Dorg.gradle.daemon=false"

.gradle_build_job:
  before_script:
    # Tell Gradle to write its files to a separate directory within the build directory, so files do not conflict.
    - export GRADLE_USER_HOME=`pwd`/.gradle-user-home
    # Remove files that might be problematic (recommended by Travis CI)
    - rm -f  ${GRADLE_USER_HOME}/caches/modules-2/modules-2.lock

# Ideas taken from https://docs.gitlab.com/ee/ci/caching/ as well as
#   https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Gradle.gitlab-ci.yml and
#   https://blog.jdriven.com/2021/11/reuse-gradle-build-cache-on-gitlab/
cache: &gradle_cache_settings
  key:
    files:
      # Only have a single version of the wrapper, and invalidate the cache when the Gradle wrapper version changes.
      - gradle/wrapper/gradle-wrapper.properties
    prefix: wrapper
  paths:
    - .gradle-user-home/caches/             # Gradle Build Cache directories
    - .gradle-user-home/notifications/      # Prevent welcome message to be shown every time
    - .gradle-user-home/wrapper/            # Gradle Wrapper binaries
  policy: pull-push

stages:
  - build
  - package
  - verify
  - deploy

build:
  stage: build
  extends: .gradle_build_job
  cache:
    <<: *gradle_cache_settings
  script:
    - ./gradlew --build-cache build
  coverage: '/^Coverage:\s(\d+\.\d+%)/'
  artifacts:
    when: always
    paths:
      - '**/build/reports/'
      - rest-api-server/build/libs/rest-api-server-*.jar
    reports:
      junit: rest-api-server/build/test-results/**/TEST-*.xml
  needs: []

# Template job for building all documentation. These jobs rely on the Gradle build cache
# because Spring RestDoc snippets are generated from the test, and we do not want to re-run those.
.build-documentation:
  stage: deploy
  extends: .gradle_build_job
  needs:
    - job: build
      artifacts: true
  cache:
    <<: *gradle_cache_settings
  services: []    # Disable Docker-in-Docker
  script:
    - apt update && apt install --assume-yes graphviz
    - ./gradlew --build-cache :documentation:asciidoctor
    - mkdir -p public
    - cp -r documentation/build/docs/asciidoc/* public/
  artifacts:
    paths:
      - public

# Attempt to build the documentation, although we do not deploy it to GitLab Pages.
# This ensures that everything works as expected and prevents surprises when merging.
dummy-doc-build:
  extends: .build-documentation
  except:
    - master

# Deploy documentation to GitLab Pages.
pages:
  resource_group: gitlab-pages
  extends: .build-documentation
  only:
    - master

# Template for building Docker images.
.docker-build-instructions: &docker-build-instructions
  stage: package
  extends: .gradle_build_job
  cache:
    <<: *gradle_cache_settings
    policy: pull
  needs:
    - build
  script:
    # Turn a list of whitespace-separated tags into a comma-separated list, as GitLab gets confused with commas and variable substitutions.
    - docker_tags=$(echo "$IMAGE_TAGS" | sed 's/ \+/,/g')
    # Build using Jib (pushed automatically)
    - ./gradlew --build-cache jib -Djib.to.image=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA -Djib.to.tags=$docker_tags -Djib.to.auth.username=$REGISTRY_USER -Djib.to.auth.password=$REGISTRY_PASSWORD

docker-build-master:
  variables:
    IMAGE_TAGS: latest master
  <<: *docker-build-instructions
  only:
    - master

docker-build:
  extends: .docker-build-instructions
  variables:
    IMAGE_TAGS: $CI_COMMIT_REF_NAME release
  except:
    - master

# (Security) Scanning templates
include:
  - template: Security/Container-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  # Disabled because the scanner does not work properly with Gradle multi-project builds. Remove dot if fixed. See below.
  #- template: Dependency-Scanning.gitlab-ci.yml

container_scanning:
  stage: verify
  variables:
    CS_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
  needs:
    - job: docker-build
      optional: true
      artifacts: false
    - job: docker-build-master
      optional: true
      artifacts: false

# Disabled because the scanner does not work properly with Gradle multi-project builds. Remove dot if fixed. See above.
.dependency_scanning:
  stage: verify
  needs: []

secret_detection:
  stage: verify
  needs: []
  variables:
    SECRET_DETECTION_EXCLUDED_PATHS: '.gradle'

deployment_trigger:incubating:
  stage: deploy
  image: buildpack-deps:buster-curl
  script:
    - echo "Triggering deployment for branch $CI_COMMIT_REF_NAME"
    - curl --fail -X POST -F "token=$PIPELINE_TRIGGER_TOKEN" -F "ref=master" -F "variables[ORKG_COMPONENT_NAME]=orkg-rest-api" -F "variables[ORKG_COMPONENT_REF_NAME]=$CI_COMMIT_REF_NAME" https://git.tib.eu/api/v4/projects/1317/trigger/pipeline
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
  # Disable cloning, downloading artifacts and caching
  cache: []
  dependencies: []
  variables:
    GIT_STRATEGY: none
  needs:
    - docker-build-master

deployment_trigger:release:
  stage: deploy
  image: buildpack-deps:buster-curl
  script:
    - echo "Triggering deployment for release version $CI_COMMIT_TAG"
    - curl --fail -X POST -F "token=$PIPELINE_TRIGGER_TOKEN" -F "ref=master" -F "variables[ORKG_COMPONENT_NAME]=orkg-rest-api" -F "variables[ORKG_COMPONENT_REF_NAME]=$CI_COMMIT_REF_NAME" -F "variables[ORKG_COMPONENT_RELEASE_VERSION]=$CI_COMMIT_TAG" https://git.tib.eu/api/v4/projects/1317/trigger/pipeline
  rules:
    - if: $CI_COMMIT_TAG
  # Disable cloning, downloading artifacts and caching
  cache: []
  dependencies: []
  variables:
    GIT_STRATEGY: none
  needs:
    - docker-build