.gitlab-ci.yml

include:
  - project: sequence/templates/cicd
    file: .gitlab/ci/default.default.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/default.rules.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/default.scripts.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/default.variables.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/default.workflow.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/build.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/test.windows.yml
  - project: sequence/templates/cicd
    file: .gitlab/ci/quality.yml

default:
  image: mcr.microsoft.com/dotnet/sdk:6.0-windowsservercore-ltsc2019
  tags:
    - rt-windows

stages:
  - build
  - test
  - quality
  - package
  - package-test
  - sign
  - upload

variables:
  PACKAGE_NAME_EXE: Sequence
  NUGET_XMLDOC_MODE: none

.exe_artifacts_default:
  artifacts:
    name: '$PACKAGE_NAME_EXE-$PROJECT_VERSION'
    paths:
      - lib/
      - CHANGELOG.md
      - sequence.exe
      - LICENSE
      - NOTICE
      - README.md

test connector versions:
  stage: test
  needs: []
  script:
    - |
      [xml]$csproj = Get-Content ./Sequence/Sequence.csproj ;
      $versionString = $csproj.Project.PropertyGroup[0].Version -replace '\$\(VersionSuffix\)' ;
      $version = [semver]::new($versionString) ;
      Write-Host "Sequence version: $version" ;
      $errors = $false ;
      $dloadJson = Get-Content ./sequence.json | ConvertFrom-Json ;
      if ($version.ToString() -notin $dloadJson.version) {
          Write-Host -Fore Red "ERROR: Version $version is not in 'sequence.json'" ;
          $errors = $true ;
      }
      $connectors = Get-Content ./Sequence/connectors.json | ConvertFrom-Json ;
      $connectors.PsObject.Properties.Name | ForEach-Object {
          $conVer = [semver]::new($connectors.$_.Version) ;
          if ($conVer.Major -ne $version.Major -or $conVer.Minor -ne $version.Minor) {
              Write-Host -Fore Red "ERROR: Incorrect version $conVer for $_" ;
              $errors = $true ;
          }
      }
      if ($errors) { exit 1 }
  rules:
    - if: $CI_MERGE_REQUEST_TITLE =~ /Prepare for release/

package exe dev:
  stage: package
  extends:
    - .rules_dev
    - .exe_artifacts_default
  needs:
    - build dev
    - test dev
    - version check dev
  script:
    - dotnet publish --no-build --configuration $CONFIG_DEV --output ./lib
      --version-suffix $VERSION_SUFFIX
    - ./single-fileish.ps1
  artifacts:
    expire_in: 3 months

package exe release:
  stage: package
  extends:
    - .rules_release
    - .exe_artifacts_default
  needs:
    - build release
    - test release
    - version check release
  script:
    - dotnet publish --no-build --configuration $CONFIG_RELEASE --output ./lib
    - ./single-fileish.ps1
  artifacts:
    expire_in: 2 hours

test examples dev:
  stage: package-test
  extends:
    - .rules_dev
  needs:
    - package exe dev
  variables:
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
  trigger:
    include: Examples/example-tests.yml
    strategy: depend

test examples release:
  extends:
    - test examples dev
    - .rules_release
  needs:
    - package exe release

sign exe release:
  stage: sign
  tags:
    - rt-powershell
  image: registry.gitlab.com/reductech/containers/codesigning
  cache: {}
  extends:
    - .rules_release
    - .exe_artifacts_default
  needs:
    - version check release
    - package exe release
    - test examples release
  variables:
    DOCKER_AUTH_CONFIG: $RT_SIGN_REGISTRY
    TIMESTAMP_SERVER: http://timestamp.sectigo.com
    ALGO_FILE_DIGEST: SHA256
    ALGO_TIME_DIGEST: SHA256
  script:
    - signtool.exe sign /f $RT_CERT_PATH /p $RT_CERT_PASS /fd $ALGO_FILE_DIGEST
      /tr $TIMESTAMP_SERVER /td $ALGO_TIME_DIGEST .\sequence.exe
    - signtool.exe sign /f $RT_CERT_PATH /p $RT_CERT_PASS /fd $ALGO_FILE_DIGEST
      /tr $TIMESTAMP_SERVER /td $ALGO_TIME_DIGEST .\lib\sequence.exe
  artifacts:
    expire_in: never

upload release:
  stage: upload
  image: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
  tags: []
  extends:
    - .rules_release
  needs:
    - version check release
    - sign exe release
  variables:
    RELEASE_FILE: '$PACKAGE_NAME_EXE-${PROJECT_VERSION}.zip'
    S3_BUCKET: get.sequence.sh
    CF_DISTRIBUTION_ID: E3J0KK0KHICK2Z
  before_script:
    - apt install zip
  script:
    - zip -rq $RELEASE_FILE lib sequence.exe CHANGELOG.md LICENSE NOTICE README.md
    - aws s3 cp ./$RELEASE_FILE s3://$S3_BUCKET/
    - aws s3 cp ./sequence.json s3://$S3_BUCKET/
    - aws cloudfront create-invalidation --distribution-id $CF_DISTRIBUTION_ID --paths "/*"

# code_quality:
#   tags: []

security-code-scan-sast:
  tags: []

secret_detection:
  tags: []

code coverage dev:
  image: mcr.microsoft.com/dotnet/sdk:6.0
  tags: []

code coverage release:
  image: mcr.microsoft.com/dotnet/sdk:6.0
  tags: []

mutation testing:
  variables:
    PROJECT_TO_TEST: Sequence