include:
  - remote: https://open.greenhost.net/stackspin/stackspin/raw/main/.gitlab/ci_templates/kaniko.yml
  - remote: https://open.greenhost.net/stackspin/stackspin/-/raw/main/.gitlab/ci_templates/helm_package.yml
  - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'

stages:
  - build
  - lint
  # TODO: Re-enable after fixing #73
  # - application-test
  - integration-test
  - lint-helm-chart
  - package-helm-chart
  - release-helm-chart

variables:
  CHART_NAME: single-sign-on
  CHART_DIR: helmchart/single-sign-on/

.trigger_test_rules:
  rules:
    - changes:
        - test/lint/pylint/Dockerfile
        - test/lint/pylint/requirements.txt
        - .gitlab-ci.yml
        - login/**/*
        - login/*
        - .gitlab/ci/**/*

# Stackspin login panel
login:
  stage: build
  needs: []
  variables:
    KANIKO_CONTEXT: "login"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  before_script:
    - ls -l ${CI_PROJECT_DIR}/${KANIKO_CONTEXT:-.}/Dockerfile
  extends:
    - .kaniko_build
    - .trigger_test_rules


#  TODO: We'll re-implement this test in https://open.greenhost.net/stackspin/single-sign-on/-/issues/133
#  # For full integration testing we need to build the full stack in CI/CD
#  #
#  # - mariadb     : Backend database, the Dockerfile is based on the upstream
#  #                 with a small addition to create inital databases
#  # - kratos      : Identity manager, based on the upstream. We set the DSN
#  #                 in the Dockerimage, as its different from hydra's DSN,
#  #                 however, gitlab-ci will apply the same enviroment for all
#  #                 services.
#  # - hydra       : See above, the identiy provider
#  # - login       : Our login panel
#  # - sso_testapp : A test app which implements OIDC for testing
#  # - behave      : Image to do behave testing
#
#  # Build our own mariadb image, which is based on upstream
#  mariadb:
#    stage: build
#    needs: []
#    variables:
#      KANIKO_CONTEXT: ".gitlab/ci/mariadb"
#      KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
#    extends:
#      - .kaniko_build
#      - .trigger_test_rules
#
#  # Build our own kratos image, which is based on upstream
#  kratos:
#    stage: build
#    needs: []
#    variables:
#      KANIKO_CONTEXT: ".gitlab/ci/kratos"
#      KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
#    extends:
#      - .kaniko_build
#      - .trigger_test_rules
#
#  # Build our own hydra image, which is based on upstream
#  hydra:
#    stage: build
#    needs: []
#    variables:
#      KANIKO_CONTEXT: ".gitlab/ci/hydra"
#      KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
#    extends:
#      - .kaniko_build
#      - .trigger_test_rules
#
#  # A Fake SSO app to test the behaviour
#  sso_testapp:
#    stage: build
#    variables:
#      KANIKO_CONTEXT: "test/sso_testapp/"
#      KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
#    extends:
#      - .kaniko_build
#      - .trigger_test_rules
#
#  # Image to test behaviour (web)
#  behave:
#    stage: build
#    variables:
#      KANIKO_CONTEXT: "test/behave"
#      KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
#    extends:
#      - .kaniko_build
#      - .trigger_test_rules
#
#  behave-integration:
#    stage: integration-test
#    services:
#      - name: ${CI_REGISTRY_IMAGE}/mariadb:${CI_COMMIT_REF_SLUG}
#        alias: mariadb
#      - name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_SLUG}
#        alias: kratosmigrate
#        command:
#          - /bin/sh
#          - -c
#          - |
#            sleep 60
#            migrate sql -e -y
#      - name: ${CI_REGISTRY_IMAGE}/kratos:${CI_COMMIT_REF_SLUG}
#        alias: kratos
#        command:
#          - /bin/sh
#          - -c
#          - |
#            sleep 120
#            serve --config /etc/config/kratos.yaml
#      - name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_SLUG}
#        alias: hydramigrate
#        command:
#          - /bin/sh
#          - -c
#          - |
#            sleep 60
#            migrate sql -e -y
#      - name: ${CI_REGISTRY_IMAGE}/hydra:${CI_COMMIT_REF_SLUG}
#        alias: hydra
#        command:
#          - /bin/sh
#          - -c
#          - |
#            sleep 120
#            serve all --dangerous-force-http --dangerous-allow-insecure-redirect-urls http://oidc:5000/login
#      - name: ${CI_REGISTRY_IMAGE}/login:${CI_COMMIT_REF_SLUG}
#        alias: oidc
#      - name: ${CI_REGISTRY_IMAGE}/sso_testapp:${CI_COMMIT_REF_SLUG}
#        alias: ssoapp
#    variables:
#      # Feature Flag FF_NETWORK_PER_BUILD Enables creation of a docker network per build
#      # with the docker executor of the gitlab-runner. This is required for service
#      # interconnection. Requires gitlab-runner v12.9.0
#      FF_NETWORK_PER_BUILD: 1
#      OAUTHLIB_INSECURE_TRANSPORT: "true"
#      # For hydra
#      URLS_SELF_ISSUER: http://hydra:4445/
#      URLS_CONSENT: http://oidc:5000/login
#      URLS_LOGIN: http://oidc:5000/consent
#      SECRETS_SYSTEM: RandomSecretForTesting
#      # MariaDB image needs root user password, additional credentials are
#      # created from `.gitlab/ci/mariadb/setup.sql` during initialization
#      MYSQL_ROOT_PASSWORD: stackspin
#      # For Login image
#      FLASK_RUN_HOST: "0.0.0.0"
#      FLASK_RUN_PORT: "5000"
#      PUBLIC_URL: "http://localhost:5000/"
#      HYDRA_ADMIN_URL: "http://hydra:4445"
#      KRATOS_PUBLIC_URL: "http://kratos:4433"
#      KRATOS_ADMIN_URL: "http://kratos:4434"
#      DATABASE_URL: "mysql+pymysql://stackspin:stackspin@localhost/stackspin?charset=utf8mb4"
#      APP_SETTINGS: "config.DevelopmentConfig"
#      # General flask
#      DEBUG: "true"
#      FLASK_ENV: "development"
#      # For sso test app
#      BASE_URL: "http://hydra:4444/"
#      KEY: "testapp"
#      SECRET: "secret"
#    image: ${CI_REGISTRY_IMAGE}/behave:${CI_COMMIT_REF_SLUG}
#    script:
#      # Download retry-script from main stackspin repo
#      - curl -sS https://open.greenhost.net/stackspin/stackspin/-/raw/main/.gitlab/ci_scripts/retry_cmd_until_success.sh -o retry_cmd_until_success.sh
#      - chmod +x retry_cmd_until_success.sh
#      # Try several times to connect to hydra, kratos and oidc
#      - ./retry_cmd_until_success.sh 10 10 curl -sS http://hydra:4445/health/alive
#      - ./retry_cmd_until_success.sh 10 10 curl -sS http://kratos:4433/health/alive
#      - ./retry_cmd_until_success.sh 10 10 curl -sS http://oidc:5000/status
#      # Steps to do:
#      # - create user & access roles & grant access
#      # - add client applition ID + key for testing
#      # - test login etc
#
#    artifacts:
#      paths:
#        - test/integration_tests/test/behave/screenshots/
#      expire_in: 1 month
#      when: on_failure
#    extends:
#      - .trigger_test_rules
# login_test:
#   image: python:3.8
#   stage: unittest
#   needs: []
#   variables:
#     HYDRA_ADMIN_URL: http://localhost/ignored
#     KRATOS_PUBLIC_URL: http://localhost/ignored
#     PUBLIC_URL: http://localhost/ignored
#   cache:
#     paths:
#       - "$CI_PROJECT_DIR/pip-cache"
#     key: "$CI_PROJECT_ID"
#     before_script:
#       - cd login
#       - python -V
#       - pip install -r requirements.txt
#     script:
#       - pytest -v --cov=login --cov-report=term --cov-report=xml tests
#     artifacts:
#       reports:
#         cobertura: login/coverage.xml
#     coverage: '/^TOTAL.+?(\d+\%)$/'

pylint:
  stage: build
  variables:
    KANIKO_CONTEXT: "test/lint/pylint"
    KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
  extends:
    - .kaniko_build
    - .trigger_test_rules

pylint-lint:
  stage: lint
  variables:
    GIT_STRATEGY: clone
    GIT_DEPTH: 0
    PYLINT_PLUGINS: "pylint_flask pylint_flask_sqlalchemy"
  image: ${CI_REGISTRY_IMAGE}/pylint:${CI_COMMIT_REF_SLUG}
  script:
    # Run darker with --diff command. This will throw exit code 1 if there are
    # lint errors, but a 0 if there are only formatting recommendations
    - darker -i -L pylint --diff --revision remotes/origin/main .
  extends:
    - .trigger_test_rules