image: docker:latest

variables:
  GIT_STRATEGY: fetch
  PACKER_VERSION: 1.2.0
  ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce
  WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images
  DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder
  DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner

stages:
 - prepare
 - check
 - build

services:
 - docker:dind

dockerimage_builder:
  stage: prepare
  before_script:
    - apk add --no-cache make
  script:
    - docker pull $DOCKER_IMAGE_BUILDER || true
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - make builderimg
    - docker push $DOCKER_IMAGE_BUILDER
  tags:
    - fablab
  except:
    - schedules

dockerimage_security_scanner:
  stage: prepare
  before_script:
    - apk add --no-cache make
  script:
    - docker pull $DOCKER_IMAGE_SECURITY_SCANNER || true
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - make secscanimg
    - docker push $DOCKER_IMAGE_SECURITY_SCANNER
  tags:
    - fablab
  except:
    - schedules

security_scanner:
  stage: check
  image: $DOCKER_IMAGE_SECURITY_SCANNER
  script:
    - set -x
    - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')"
    - security-scanner stretch
  only:
    - schedules

.squashfs_template: &squashfs_template
  stage: build
  before_script:
    - apk add --no-cache make
  script:
   - make images/debian-stretch.squashfs
  artifacts: &squashfs_artifacts
    paths:
     - images
  tags:
    - fablab

squashfs_featurebranch:
  <<: *squashfs_template
  variables:
    COMPRESSION_LEVEL: 5
  except:
    - master
    - schedules

squashfs_master:
  <<: *squashfs_template
  variables:
    COMPRESSION_LEVEL: 7
  only:
    - master
  except:
    - schedules
  artifacts:
    <<: *squashfs_artifacts
    expire_in: 12 weeks