.gitlab-ci.yml

stages:
  - devenv
  - test
  - lint
  - style
  - deploy

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "push"

variables:
  GIT_DEPTH: 0

.nix:
  image: registry.gitlab.com/cynerd/gitlab-ci-nix
  tags:
    - docker
  cache:
    key: "nix"
    paths:
      - ".nix-cache"
  before_script:
    - gitlab-ci-nix-cache-before
  after_script:
    - gitlab-ci-nix-cache-after

## Development environment #####################################################
devenv:
  stage: devenv
  extends: .nix
  script:
    - nix develop -c true

## Test stage ##################################################################
.test:
  stage: test
  extends: .nix
  needs: ["devenv"]

tests:
  extends: .test
  script:
    - nix develop --quiet -c pytest -vv --log-level DEBUG --junitxml=report.xml --cov=. --cov-report xml:coverage.xml --cov-report html:coverage --cov-report term
  artifacts:
    reports:
      junit: report.xml
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
    paths:
      - 'coverage/'
  coverage: '/^TOTAL.*\s+([^\s]+)%$/'

nix-build:
  extends: .test
  script:
    - nix build --log-lines 1000

nix-check:
  extends: .test
  script:
    - nix flake check --log-lines 1000

include:
  - template: Security/Secret-Detection.gitlab-ci.yml

## Linters #####################################################################
.lint:
  stage: lint
  extends: .nix
  needs: ["devenv"]

lint:
  extends: .lint
  script:
    - nix develop --quiet -c ruff check .

mypy:
  extends: .lint
  script:
    - mkdir .mypy-cache
    - nix develop --quiet -c mypy --cache-dir .mypy-cache .

shellcheck:
  extends: .lint
  script:
    - git ls-files '**.sh' | xargs nix develop --quiet -c shellcheck

statix:
  extends: .lint
  script:
    - nix develop --quiet -c statix check .

## Style stage #################################################################
.style:
  stage: style
  extends: .nix
  needs: ["devenv"]
  allow_failure: true

format:
  extends: .style
  script:
    - nix develop --quiet -c ruff format --diff .
    - nix develop --quiet -c ruff check --diff .

shell-format:
  extends: .style
  script:
    - git ls-files '**.sh' | xargs nix develop --quiet -c shfmt -w
    - git diff --exit-code

nixfmt:
  extends: .style
  script:
    - nix fmt
    - git diff --exit-code

deadnix:
  extends: .style
  script:
    - nix develop --quiet -c deadnix --fail .

editorconfig-checker:
  extends: .style
  script:
    - nix develop --quiet -c editorconfig-checker -exclude '.nix-cache/.*'

gitlint:
  extends: .style
  script:
    - git fetch
    - nix develop --quiet -c gitlint --commits origin/master..$CI_COMMIT_SHA

## Release creation ############################################################
.deploy:
  stage: deploy
  rules:
    - if: '$CI_COMMIT_TAG'
  needs:
    - job: tests
      artifacts: false

release:
  extends: .deploy
  image: "registry.gitlab.com/gitlab-org/release-cli:latest"
  before_script:
    - apk update
    - apk add bash curl jq py3-pip
    - pip install yq
  script:
    - bash release.sh

gitlab-pypi:
  extends: [.nix, .deploy]
  script:
    - nix develop --quiet -c python3 -m build
    - TWINE_PASSWORD=$CI_JOB_TOKEN TWINE_USERNAME=gitlab-ci-token nix develop --quiet -c twine upload --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*

pages:
  stage: deploy
  extends: .nix
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
  needs: ["devenv"]
  script:
    - git fetch
    - nix develop --quiet -c sphinx-multiversion docs public
    - | # Add index.html to public root to redirect to $CI_DEFUALT_BRANCH/index.html
      cat >public/index.html << EOF
      <!DOCTYPE html>
        <html>
          <head>
            <title>Redirecting to $CI_DEFAULT_BRANCH branch</title>
            <meta charset="utf-8">
            <meta http-equiv="refresh" content="0; url=./$CI_DEFAULT_BRANCH/index.html">
            <link rel="canonical" href="$CI_PAGES_URL/$CI_DEFAULT_BRANCH/index.html">
          </head>
        </html>
      EOF
  artifacts:
    paths:
    - public