image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.13.4-otp-25

variables: &global_variables
  # Only used for the release
  ELIXIR_VER: 1.13.4
  POSTGRES_DB: pleroma_test
  POSTGRES_USER: postgres
  POSTGRES_PASSWORD: postgres
  DB_HOST: postgres
  DB_PORT: "5432"
  MIX_ENV: test
  GIT_STRATEGY: fetch

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
      when: never
    - if: $CI_COMMIT_BRANCH

cache: &global_cache_policy
  key: $CI_JOB_IMAGE-$CI_COMMIT_SHORT_SHA
  paths:
    - deps
    - _build

stages:
  - build
  - lint
  - test
  - check-changelog
  - benchmark
  - deploy
  - release
  - docker
  - docker-combine

before_script:
  - echo $MIX_ENV
  - rm -rf _build/*/lib/pleroma
  - mix deps.get

after_script:
  - rm -rf _build/*/lib/pleroma

check-changelog:
  stage: check-changelog
  image: alpine
  rules:
    - if: $CI_MERGE_REQUEST_SOURCE_PROJECT_PATH == 'pleroma/pleroma' && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'weblate-extract'
      when: never
    - if: $CI_MERGE_REQUEST_SOURCE_PROJECT_PATH == 'pleroma/pleroma' && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'weblate'
      when: never
    - if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"
  before_script: ''
  after_script: ''
  cache: {}
  script:
    - apk add git
    - sh ./tools/check-changelog

.build_changes_policy:
  rules:
    - changes:
        - ".gitlab-ci.yml"
        - "**/*.ex"
        - "**/*.exs"
        - "mix.lock"

.using-ci-base:
  tags:
    - amd64

build-1.13.4-otp-25:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: build
  script:
  - mix compile --force

build-1.17.1-otp-26:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: build
  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.17.1-otp-26
  script:
  - mix compile --force

spec-build:
  extends:
  - .using-ci-base
  stage: build
  rules:
    - changes:
        - ".gitlab-ci.yml"
        - "lib/pleroma/web/api_spec/**/*.ex"
        - "lib/pleroma/web/api_spec.ex"
  artifacts:
    paths:
    - spec.json
  script:
  - mix pleroma.openapi_spec spec.json

benchmark:
  extends:
  - .using-ci-base
  stage: benchmark
  when: manual
  variables:
    MIX_ENV: benchmark
  services:
  - name: postgres:11.22-alpine
    alias: postgres
    command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
  script:
    - mix ecto.create
    - mix ecto.migrate
    - mix pleroma.load_testing

unit-testing-1.13.4-otp-25:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: test
  cache: &testing_cache_policy
    <<: *global_cache_policy
    policy: pull
  services: &testing_services
  - name: postgres:13-alpine
    alias: postgres
    command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
  script: &testing_script
    - mix ecto.create
    - mix ecto.migrate
    - mix pleroma.test_runner --cover --preload-modules
  coverage: '/^Line total: ([^ ]*%)$/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml

unit-testing-1.17.1-otp-26:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: test
  image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.17.1-otp-26
  cache: *testing_cache_policy
  services: *testing_services
  script: *testing_script

formatting-1.15:
  extends: .build_changes_policy
  image: &formatting_elixir elixir:1.15-alpine
  stage: lint
  cache: *testing_cache_policy
  before_script: &current_bfr_script
    - apk update
    - apk add build-base cmake file-dev git openssl
    - mix local.hex --force
    - mix local.rebar --force
    - mix deps.get
  script:
    - mix format --check-formatted

cycles-1.15:
  extends: .build_changes_policy
  image: *formatting_elixir
  stage: lint
  cache: {}
  before_script: *current_bfr_script
  script:
    - mix compile
    - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}'

analysis:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: lint
  cache: *testing_cache_policy
  script:
    - mix credo --strict --only=warnings,todo,fixme,consistency,readability

dialyzer:
  extends:
  - .build_changes_policy
  - .using-ci-base
  stage: lint
  allow_failure: true
  when: manual 
  cache: *testing_cache_policy
  tags:
    - feld
  script:
    - mix dialyzer

docs-deploy:
  stage: deploy
  cache: *testing_cache_policy
  image: alpine:latest
  only:
  - stable@pleroma/pleroma
  - develop@pleroma/pleroma
  before_script:
  - apk add curl
  script:
  - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline
review_app:
  image: alpine:3.9
  stage: deploy
  before_script:
    - apk update && apk add openssh-client git
  when: manual
  environment:
    name: review/$CI_COMMIT_REF_NAME
    url: https://$CI_ENVIRONMENT_SLUG.pleroma.online/
    on_stop: stop_review_app
  only:
    - branches
  except:
    - master
    - develop
  script:
    - echo "$CI_ENVIRONMENT_SLUG"
    - mkdir -p ~/.ssh
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
    - (ssh -t dokku@pleroma.online -- apps:create "$CI_ENVIRONMENT_SLUG") || true
    - (ssh -t dokku@pleroma.online -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true
    - ssh -t dokku@pleroma.online -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$CI_ENVIRONMENT_SLUG.pleroma.online" MIX_ENV=dokku
    - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true
    - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true
    - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true
    - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master

spec-deploy:
  stage: deploy
  artifacts:
    paths:
    - spec.json
  only:
    - develop@pleroma/pleroma
  image: alpine:latest
  before_script:
    - apk add curl
  script:
    - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" https://git.pleroma.social/api/v4/projects/1130/trigger/pipeline


stop_review_app:
  image: alpine:3.9
  stage: deploy
  before_script:
    - apk update && apk add openssh-client git
  when: manual
  environment:
    name: review/$CI_COMMIT_REF_NAME
    action: stop
  script:
    - echo "$CI_ENVIRONMENT_SLUG"
    - mkdir -p ~/.ssh
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
    - ssh -t dokku@pleroma.online -- --force apps:destroy "$CI_ENVIRONMENT_SLUG"
    - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db

amd64:
  stage: release
  image: elixir:$ELIXIR_VER
  only: &release-only
  - stable@pleroma/pleroma
  - develop@pleroma/pleroma
  - /^maint/.*$/@pleroma/pleroma
  - /^release/.*$/@pleroma/pleroma
  tags:
    - amd64
  artifacts: &release-artifacts
    name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME"
    paths:
      - release/*
    # Ideally it would be never for master branch and with the next commit for develop,
    # but Gitlab does not support neither `only` for artifacts
    # nor setting it to never from .gitlab-ci.yml
    # nor expiring with the next commit
    expire_in: 42 yrs

  cache: &release-cache
    key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME
    paths:
          - deps
  variables: &release-variables
    MIX_ENV: prod
    VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
  before_script: &before-release
  - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev
  - echo "import Config" > config/prod.secret.exs
  - mix local.hex --force
  - mix local.rebar --force
  script: &release
    - mix deps.get --only prod
    - mkdir release
    - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME
    - mix release --path release


amd64-musl:
  stage: release
  artifacts: *release-artifacts
  only: *release-only
  image: elixir:$ELIXIR_VER-alpine
  tags:
    - amd64
  cache: *release-cache
  variables: *release-variables
  before_script: &before-release-musl
  - apk add git build-base cmake file-dev openssl vips-dev
  - echo "import Config" > config/prod.secret.exs
  - mix local.hex --force
  - mix local.rebar --force
  script: *release

arm:
  stage: release
  artifacts: *release-artifacts
  only: *release-only
  tags:
    - arm32-specified
  image: arm32v7/elixir:$ELIXIR_VER
  cache: *release-cache
  variables: *release-variables
  before_script: *before-release
  script: *release

arm-musl:
  stage: release
  artifacts: *release-artifacts
  only: *release-only
  tags:
    - arm32-specified
  image: arm32v7/elixir:$ELIXIR_VER-alpine
  cache: *release-cache
  variables: *release-variables
  before_script: *before-release-musl
  script: *release

arm64:
  stage: release
  artifacts: *release-artifacts
  only: *release-only
  tags:
    - arm
  image: arm64v8/elixir:$ELIXIR_VER
  cache: *release-cache
  variables: *release-variables
  before_script: *before-release
  script: *release

arm64-musl:
  stage: release
  artifacts: *release-artifacts
  only: *release-only
  tags:
    - arm
  image: arm64v8/elixir:$ELIXIR_VER-alpine
  cache: *release-cache
  variables: *release-variables
  before_script: *before-release-musl
  script: *release

.kaniko:
  stage: docker
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  cache: {}
  dependencies: []
  before_script: &before-kaniko
    - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds)
    - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA
    - export IMAGE_TAG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_SHORT_SHA
    - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_REF_SLUG
    - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest
    - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest-stable
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json

.kaniko-latest:
  extends: .kaniko
  only:
    - develop@pleroma/pleroma
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST

.kaniko-stable:
  extends: .kaniko
  only:
    - stable@pleroma/pleroma
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST_STABLE

.kaniko-release:
  extends: .kaniko
  only:
    - /^release/.*$/@pleroma/pleroma
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG

.kaniko-adhoc:
  extends: .kaniko
  only:
    - /^build-docker/.*$/@pleroma/pleroma
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG

.kaniko:linux/amd64:
  variables:
    BUILD_ARCH: linux/amd64
    BUILD_ARCH_IMG_SUFFIX: linux-amd64
    ELIXIR_IMG: hexpm/elixir
  tags:
    - amd64

.kaniko:linux/arm64:
  variables:
    BUILD_ARCH: linux/arm64/v8
    BUILD_ARCH_IMG_SUFFIX: linux-arm64-v8
    ELIXIR_IMG: hexpm/elixir
  tags:
    - arm

.kaniko:linux/arm:
  variables:
    BUILD_ARCH: linux/arm/v7
    BUILD_ARCH_IMG_SUFFIX: linux-arm-v7
    ELIXIR_IMG: git.pleroma.social:5050/pleroma/ci-image/elixir-linux-arm-v7
  tags:
    - arm32-specified

kaniko-latest:linux/amd64:
  extends:
    - .kaniko-latest
    - .kaniko:linux/amd64

kaniko-latest:linux/arm64:
  extends:
    - .kaniko-latest
    - .kaniko:linux/arm64

kaniko-latest:linux/arm:
  extends:
    - .kaniko-latest
    - .kaniko:linux/arm

kaniko-stable:linux/amd64:
  extends:
    - .kaniko-stable
    - .kaniko:linux/amd64

kaniko-stable:linux/arm64:
  extends:
    - .kaniko-stable
    - .kaniko:linux/arm64

kaniko-stable:linux/arm:
  extends:
    - .kaniko-stable
    - .kaniko:linux/arm

kaniko-release:linux/amd64:
  extends:
    - .kaniko-release
    - .kaniko:linux/amd64

kaniko-release:linux/arm64:
  extends:
    - .kaniko-release
    - .kaniko:linux/arm64

kaniko-release:linux/arm:
  extends:
    - .kaniko-release
    - .kaniko:linux/arm

.docker-combine:
  stage: docker-combine
  image: docker:cli
  cache: {}
  before_script:
    - 'BUILD_ARCHES="linux-amd64 linux-arm64-v8 linux-arm-v7"'
    - export IMAGE_TAG=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
    - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
    - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE:latest
    - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE:latest-stable
    - 'IMAGES=; for arch in $BUILD_ARCHES; do IMAGES="$IMAGES $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_SHORT_SHA"; done'
    - 'IMAGES_SLUG=; for arch in $BUILD_ARCHES; do IMAGES_SLUG="$IMAGES_SLUG $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_REF_SLUG"; done'
    - 'IMAGES_LATEST=; for arch in $BUILD_ARCHES; do IMAGES_LATEST="$IMAGES_LATEST $CI_REGISTRY_IMAGE/$arch:latest"; done'
    - 'IMAGES_LATEST_STABLE=; for arch in $BUILD_ARCHES; do IMAGES_LATEST_STABLE="$IMAGES_LATEST_STABLE $CI_REGISTRY_IMAGE/$arch:latest"; done'
    - mkdir -p ~/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > ~/.docker/config.json

docker-combine:latest:
  extends: .docker-combine
  only:
    - develop@pleroma/pleroma
  script:
    - 'docker manifest create $IMAGE_TAG $IMAGES'
    - 'docker manifest push $IMAGE_TAG'
    - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG'
    - 'docker manifest push $IMAGE_TAG_SLUG'
    - 'docker manifest create $IMAGE_TAG_LATEST $IMAGES_LATEST'
    - 'docker manifest push $IMAGE_TAG_LATEST'

docker-combine:stable:
  extends: .docker-combine
  only:
    - stable@pleroma/pleroma
  script:
    - 'docker manifest create $IMAGE_TAG $IMAGES'
    - 'docker manifest push $IMAGE_TAG'
    - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG'
    - 'docker manifest push $IMAGE_TAG_SLUG'
    - 'docker manifest create $IMAGE_TAG_LATEST_STABLE $IMAGES_LATEST_STABLE'
    - 'docker manifest push $IMAGE_TAG_LATEST_STABLE'

docker-combine:release:
  extends: .docker-combine
  only:
    - /^release/.*$/@pleroma/pleroma
  script:
    - 'docker manifest create $IMAGE_TAG $IMAGES'
    - 'docker manifest push $IMAGE_TAG'
    - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG'
    - 'docker manifest push $IMAGE_TAG_SLUG'