stages:
  - test
  - deploy

## Cache composer packages between all jobs and all branches
## of this project...
cache:
  key: one-key-to-rull-them-all
  paths:
    - composer-cache/

# Test with PHP7.4 
test:php74:
  stage: test
  image: cylab/php:7.4
  services:
    - mysql:5.7
  variables:
    # Configure mysql environment variables (https://hub.docker.com/_/mysql/)
    MYSQL_DATABASE: laravel
    MYSQL_ROOT_PASSWORD: root
  before_script:
    # Install all project dependencies
    - COMPOSER_CACHE_DIR=./composer-cache composer install
    # setup Laravel
    - cp env.test .env
    - php artisan migrate
  script:
    - vendor/bin/phpunit --coverage-text --colors=never
    - vendor/bin/phpcs
    - vendor/bin/phpstan analyze --memory-limit=512M
    - vendor/bin/unused_scanner unused-scanner.php
  artifacts:
    paths:
      - storage/logs/*.log
    when: always

test:dependencies:
  image: cylab/php:7.4
  script:
    # in cylab/php:7.4, security-checker is already installed...
    - ~/.composer/vendor/bin/security-checker security:check composer.lock

test:gitleaks:
  stage: test
  image: 
    name: "zricethezav/gitleaks"
    entrypoint: [""]
  script:
    # to avoid
    # fatal: unsafe repository ('/builds/...' is owned by someone else)
    # with recent git versions
    - git config --global --add safe.directory $CI_PROJECT_DIR
    - gitleaks detect -v -c gitleaks.toml ./
    
build:
  stage: test
  ## Run on a gitlab-runner that is configured with docker-in-docker
  tags:
    - dind
  image: docker:20.10.16
  services:
    - docker:20.10.16-dind
  variables:
    DOCKER_TLS_CERTDIR: "/certs"
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker pull $CI_REGISTRY_IMAGE:latest || true
    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker push $CI_REGISTRY_IMAGE:latest

deploy:
  stage: deploy
  image: alpine
  before_script:
    # install envsubst and ssh-add
    - apk add gettext openssh-client
  script:
    # create the new docker-compose.yml
    - envsubst < docker-compose.tmpl > docker-compose.yml
    # start ssh-agent and import ssh private key
    - eval `ssh-agent`
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    # add server to list of known hosts
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - touch ~/.ssh/known_hosts
    - chmod 600 ~/.ssh/known_hosts
    - echo $SSH_HOST_KEY >> ~/.ssh/known_hosts
    # upload docker-compose to the server
    - scp docker-compose.yml monitoring@$SERVER:/home/monitoring/
    # docker login and restart services
    - ssh monitoring@$SERVER "cd /home/monitoring; 
        docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY;
        docker compose up -d --scale queue=4"