.travis.yml

language: python
python: 3.6
os: linux

stages:
  - name: run tests
    if: branch !~ ^pages\/.+
  - name: static analysis
    if: branch !~ ^pages\/.+
  - name: build packages
    if: branch = master OR branch =~ ^release\/.+
  - name: deploy to artifactory
    if: type != cron AND (branch =~ ^release\/.+ OR branch = master)
  - name: deploy documentation
    if: branch =~ ^pages\/.+ OR branch =~ ^release\/.+
  - name: release to pypi
    if: tag =~ ^release\/pypi\/.+
  - name: sync public repo
    if: tag =~ ^release\/pypi\/.+

env:
  global:
  - ARTIFACTORY_REPO_LINK=https://na.artifactory.swg-devops.com/artifactory/sec-resilient-team-integrations-generic-local
  - TEST_RESILIENT_APPLIANCE=staging2.internal.resilientsystems.com
  - OCTOKIT_API_ENDPOINT="https://github.ibm.com/api/v3/"
  - LATEST_TAG=$(git describe --abbrev=0 --tags)
  - IS_MASTER=$([[ "$TRAVIS_BRANCH" != *"master"* ]]; echo $?)
  - IS_RELEASE=$([[ "$TRAVIS_BRANCH" != *"release/"* ]]; echo $?)
  - LIB_VERSION=`if [[ $IS_RELEASE -eq 1 ]]; then echo $(echo ${TRAVIS_BRANCH##*/} | cut -d "." -f 1,2); else echo $(echo $LATEST_TAG | cut -d "." -f 1,2); fi`
  - NEW_VERSION=$LIB_VERSION.$TRAVIS_BUILD_NUMBER
  - SETUPTOOLS_SCM_PRETEND_VERSION=$NEW_VERSION
  - BASE_ARTIFACTORY_PATH=resilient-python-api/$LIB_VERSION/$NEW_VERSION
  - RUN_INT_TESTS_KEYWORD="[run-int-tests]"
  - RUN_INT_TESTS=$([[ "$TRAVIS_COMMIT_MESSAGE" != *"$RUN_INT_TESTS_KEYWORD"* ]]; echo $?)
  - SKIP_SCANS_KEYWORD="[skip-scans]"
  - SKIP_SCANS=$([[ "$TRAVIS_COMMIT_MESSAGE" != *"$SKIP_SCANS_KEYWORD"* ]]; echo $?)
  - FYRE_CLUSTER_NAME="${TRAVIS_BUILD_NUMBER}hydratest"
  - FYRE_CLUSTER_DOMAIN="${FYRE_CLUSTER_NAME}1.fyre.ibm.com"
  - FYRE_DEPLOY_SLEEP_SECONDS=90
  - FYRE_DEPLOY_TIMEOUT_SECONDS=540
  - PATH_MOCK_APP_CONFIG="$TRAVIS_BUILD_DIR/travis-scripts/mock_app_config"
  - PATH_TEMPLATE_PYPIRC="$TRAVIS_BUILD_DIR/travis-scripts/template.pypirc"
  - PAGES_INTERNAL_LINK="https://pages.github.ibm.com/Resilient/resilient-python-api/"
  - PAGES_PUBLIC_LINK="https://ibm.biz/soar-python-docs"

# Install package deps
before_install:
  - pip install --upgrade pip
  - pip install --upgrade setuptools

matrix:
  fast_finish: true

  include:
    - stage: run tests
      name: Python 2.7 Unit Tests
      python: 2.7
      env: RUN_TYPE=unit_test TOXENV=py27 TEST_RESILIENT_ORG="Resilient PS - Test"
      install: ./travis-scripts/install_unit_tests_deps.sh
      script:
        - echo "Starting Python 2.7 Tests"
        - ./travis-scripts/run_unit_tests.sh

    - stage: run tests
      name: Python 3.6 Unit Tests
      python: 3.6
      env: RUN_TYPE=unit_test TOXENV=py36 TEST_RESILIENT_ORG="Resilient PS - Test2"
      install: ./travis-scripts/install_unit_tests_deps.sh
      script:
        - echo "Starting Python 3.6 Tests"
        - ./travis-scripts/run_unit_tests.sh

    # Jobs that perform static analysis; code quality, security scans etc
    - stage: static analysis
      name: Python 2.7 Bandit Security Scan
      python: 2.7
      env:
        - ANALYSIS_NAME="Py2.7 Bandit Security Scan"
      install:
        - pip install bandit==1.6.2
      script:
        - if [ $SKIP_SCANS == 0 ]; then
            ./travis-scripts/run_bandit_scan.sh $BANDIT_RCFILE;
          fi
    - stage: static analysis
      name: Python 3.6 Bandit Security Scan
      python: 3.6
      env:
        - ANALYSIS_NAME="Py3.6 Bandit Security Scan"
      install:
        - pip install bandit
      script:
        - if [ $SKIP_SCANS == 0 ]; then
            ./travis-scripts/run_bandit_scan.sh $BANDIT_RCFILE;
          fi
    - stage: static analysis
      name: Pylint
      python: 3.6
      env:
        - ANALYSIS_NAME="Pylint"
      install:
        - pip install pylint
      script:
        - if [ $SKIP_SCANS == 0 ]; then
            ./travis-scripts/run_pylint_scan.sh $PACKAGES_TO_RUN_SCANS_ON $PYTEST_RCFILE;
          fi
    - stage: static analysis
      name: CVE Safety Check
      python: 3.6
      env:
        - ANALYSIS_NAME="CVE Search against dependancies"
      install:
        - pip install safety
      script:
        - if [ $SKIP_SCANS == 0 ]; then
            ./travis-scripts/run_cve_scan.sh $PACKAGES_TO_RUN_SCANS_ON;
          fi
    - stage: run tests
      name: Python 3.6 Integration Tests
      python: 3.6
      env: RUN_TYPE=int_test TOXENV=py36
      install: ./travis-scripts/install_int_tests_deps.sh
      script:
        - if [ $RUN_INT_TESTS == 1 ]; then
            ./travis-scripts/manage_fyre_instance.sh DEPLOY $FYRE_STENCIL_ID $FYRE_CLUSTER_NAME $FYRE_CLUSTER_DOMAIN $FYRE_DEPLOY_SLEEP_SECONDS $FYRE_DEPLOY_TIMEOUT_SECONDS;
            ./travis-scripts/run_int_tests.sh;
          fi
      after_script:
        - if [ $RUN_INT_TESTS == 1 ]; then
            ./travis-scripts/manage_fyre_instance.sh DELETE $FYRE_CLUSTER_NAME;
          fi

    - stage: build packages
      name: Build Packages in Python 2.7
      python: 2.7
      script:
        - echo "Building packages in Python 2.7"
        - ./travis-scripts/build_and_deploy_packages.sh no_deploy
      
    - stage: build packages
      name: Build Packages in Python 3.6
      python: 3.6
      script:
        - echo "Building packages in Python 3.6"
        - ./travis-scripts/build_and_deploy_packages.sh no_deploy

    - stage: deploy to artifactory
      script:
        - echo "Building packages in Python 3.6 and Deploying to Artifactory"
        - ./travis-scripts/build_and_deploy_packages.sh do_deploy
        - echo "Sending notification to Slack"
        - PARSED_VERSION=$(echo $NEW_VERSION | cut -d "v" -f 2)
        - ./travis-scripts/send_slack_notification.sh "Link to Artifactory - <$ARTIFACTORY_REPO_LINK/$BASE_ARTIFACTORY_PATH|$NEW_VERSION> \n Install command - \`\`\`pip install -U <package-name>==$PARSED_VERSION -i https://<EMAIL_ADDRESS>:<ARTIFACTORY_API_KEY>@na.artifactory.swg-devops.com/artifactory/api/pypi/sec-resilient-team-integrations-pypi-virtual/simple\`\`\` " "success"

    - stage: release to pypi
      install:
        - pip install twine
      script:
        - echo "Building packages in Python 3.6 and releasing to PyPi"
        - ./travis-scripts/build_and_deploy_packages.sh no_deploy do_release
        - echo "Sending notification to Slack"
        - ./travis-scripts/send_slack_notification.sh "Succesfully released $NEW_VERSION to PyPi" "success"

    - stage: deploy documentation
      install:
      - pip install sphinx furo
      script:
        - echo "Building packages in Python 3.6 and deploying Documentation internally too"
        - ./travis-scripts/build_and_deploy_packages.sh no_deploy no_release deploy_docs
      deploy:
        - provider: pages:git
          github_url: github.ibm.com
          github_token: $GH_TOKEN_INTERNAL
          target_branch: gh-pages
          on:
            all_branches: true
            condition: $TRAVIS_BRANCH =~ ^(pages\/.+|release\/.+|master)
          local_dir: ./docs/_build/
          keep_history: true
          verbose: true
          edge: true
      after_deploy:
        - ./travis-scripts/send_slack_notification.sh "INTERNAL Docs for $NEW_VERSION have been published and are available at <$PAGES_INTERNAL_LINK|$PAGES_INTERNAL_LINK>" "success";

    - stage: sync public repo
      script:
        - echo "Syncing INTERNAL repo with PUBLIC repo"
        - ./travis-scripts/sync_public_repo.sh "ALL"
      after_success:
        - ./travis-scripts/send_slack_notification.sh "PUBLIC Docs for $NEW_VERSION have been published and are available at <$PAGES_PUBLIC_LINK|$PAGES_PUBLIC_LINK>" "success";

after_failure:
  - ./travis-scripts/send_slack_notification.sh "resilient-python-api failed to build" "failure"