stages:
  - build
  - build-testimages
  - application-test
  - integration-test

consent-provider:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/consent_provider --dockerfile ${CI_PROJECT_DIR}/consent_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/consent_provider:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - consent_provider/**/*
      - .gitlab-ci.yml

login-provider:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider --dockerfile ${CI_PROJECT_DIR}/login_provider/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml

login-provider-mock:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test/behave --dockerfile ${CI_PROJECT_DIR}/login_provider/test/behave/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_mock:${CI_COMMIT_REF_NAME} --build-arg baseimage=$CI_REGISTRY_IMAGE/login_provider:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml

login-provider-test:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/login_provider/test --dockerfile ${CI_PROJECT_DIR}/login_provider/test/Dockerfile --destination $CI_REGISTRY_IMAGE/login_provider_ci_test:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml

integration-oauth:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout --dockerfile ${CI_PROJECT_DIR}/test/login_logout/Dockerfile --destination $CI_REGISTRY_IMAGE/login_logout:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - ./**/*
      - .gitlab-ci.yml

integration-test:
  stage: build-testimages
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR}/test/login_logout/test/ --dockerfile ${CI_PROJECT_DIR}/test/login_logout/test/Dockerfile --destination $CI_REGISTRY_IMAGE/integration_ci_test:${CI_COMMIT_REF_NAME}
  only:
    changes:
      - ./**/*
      - .gitlab-ci.yml

behave-login:
  stage: application-test
  variables:
    TESTUSER_USERNAME: "admin"
    TESTUSER_EMAIL: "admin@example.net"
    TESTUSER_PASSWORD: "password"
  services:
    - name: ${CI_REGISTRY_IMAGE}/login_provider_mock:${CI_COMMIT_REF_NAME}
      alias: login_provider
  image: ${CI_REGISTRY_IMAGE}/login_provider_ci_test:${CI_COMMIT_REF_NAME}
  script:
    - cd login_provider/test/behave/
    - python3 -m behave -D headless=True -D url=http://login_provider:5000 -D username=$TESTUSER_USERNAME -D password=$TESTUSER_PASSWORD
  artifacts:
    paths:
      - login_provider/test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml

behave-integration:
  stage: integration-test
  services:
    - name: postgres:latest
      alias: postgres
    - name: ${CI_REGISTRY_IMAGE}/login_provider:${CI_COMMIT_REF_NAME}
      alias: login
    - name: ${CI_REGISTRY_IMAGE}/consent_provider:${CI_COMMIT_REF_NAME}
      alias: consent
    - name: oryd/hydra:latest
      alias: hydra
      command:
        - serve
        - all
        - --dangerous-force-http
        - --dangerous-allow-insecure-redirect-urls
        - http://oauth:5000/callback
    - name: open.greenhost.net:4567/openappstack/user-panel:integration
      alias: backend
    - name: ${CI_REGISTRY_IMAGE}/login_logout:${CI_COMMIT_REF_NAME}
      alias: oauth
  variables:
    # Gitlab CI does not propagate service names to service containers
    # it assigns addresses incrementally starting from 172.17.0.2
    # in the order that the services are started which is the order of
    # the services listed in the job configuration
    DATABASE_HOST: "172.17.0.2" # 172.17.0.2 -> postgres
    URLS_LOGIN: "http://172.17.0.3:5000/" # 172.17.0.3 -> login
    URLS_LOGOUT: "http://172.17.0.3:5000/logout"
    LOGOUT_URL: "http://172.17.0.3:5000/logout"
    URLS_POST_LOGOUT_REDIRECT: "http://172.17.0.3:5000/"
    URLS_CONSENT: "http://172.17.0.4:5001/" # 172.17.0.4 -> consent
    URLS_SELF_ISSUER: "http://172.17.0.5:4444/" # 172.17.0.5 -> hydra
    HYDRA_ADMIN_URL: "http://172.17.0.5:4445"
    ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
    AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
    USERINFO_URL: "http://172.17.0.5:4444/userinfo"
    GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
    GIT_SUBMODULE_STRATEGY: "recursive"
    TESTUSER_USERNAME: "testuser"
    TESTUSER_USERNAME2: "testuser2"
    TESTUSER_PASSWORD: "password"
    TESTUSER_EMAIL: "testuser@example.net"
    TESTUSER_EMAIL2: "testuser2@example.net"
    ROLE: "admin"
    DSN: "memory"
    SECRETS_SYSTEM: "youReallyNeedToChangeThis"
    OIDC_SUBJECT_TYPES_SUPPORTED: "public,pairwise"
    OIDC_SUBJECT_TYPE_PAIRWISE_SALT: "youReallyNeedToChangeThis"
    DATABASE_USER: postgres
    DATABASE_PASSWORD: secret
    DATABASE_NAME: postgres
    POSTGRES_PASSWORD: secret
    POSTGRES_USER: postgres
    POSTGRES_DB: postgres
    OAUTHLIB_INSECURE_TRANSPORT: "true"
    KEY: "testapp"
    SECRET: "secret"
    DEBUG: "true"
    FLASK_ENV: "development"
  image: ${CI_REGISTRY_IMAGE}/integration_ci_test:${CI_COMMIT_REF_NAME}
  script:
    - echo "WAIT FOR SERVICES TO INITIALIZE" && sleep 20
    - user-panel/utils/create-user.bash ${TESTUSER_USERNAME} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL} backend:5000
    - user-panel/utils/create-user.bash ${TESTUSER_USERNAME2} ${TESTUSER_PASSWORD} ${TESTUSER_EMAIL2} backend:5000
    - user-panel/utils/create-application.bash ${KEY} backend:5000
    - user-panel/utils/create-role.bash ${ROLE} backend:5000
    - user-panel/utils/grant-access.bash ${TESTUSER_USERNAME} ${KEY} backend:5000
    - user-panel/utils/assign-role.bash ${TESTUSER_USERNAME} ${ROLE} backend:5000
    - /bin/sh test/create-hydra-client.sh ${KEY} ${SECRET} hydra 4445 http://oauth:5000/callback
    - cd test/login_logout/test/behave/
    - >
        python3 -m behave
        -D headless=True
        -D url=http://oauth:5000
        -D logout_url=http://oauth:5000/logout
        -D userinfo_url=http://oauth:5000/userinfo
        -D username=${TESTUSER_USERNAME}
        -D username2=${TESTUSER_USERNAME2}
        -D password=${TESTUSER_PASSWORD}
        -D email=${TESTUSER_EMAIL}
        -D role=${ROLE}
  artifacts:
    paths:
      - test/login_logout/test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  only:
    changes:
      - login_provider/**/*
      - .gitlab-ci.yml