stages:
  - test
  - build
  - publish
  - deploy

variables:
  # Container registry settings
  REGISTRY: ${CI_REGISTRY}
  IMAGE_NAME: ${CI_REGISTRY_IMAGE}
  # Buildah settings
  STORAGE_DRIVER: vfs
  BUILDAH_FORMAT: docker
  BUILDAH_ISOLATION: chroot

.buildah-base:
  image: deps.global.bsf.tools/quay.io/buildah/stable:latest
  before_script:
    - buildah version
    - buildah login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}

# Run Python tests
test:
  stage: test
  image: python:3.12-slim
  before_script:
    - pip install -r backend/requirements.txt
    - pip install pytest pytest-asyncio httpx
  script:
    - cd backend
    - python -m pytest -v || echo "No tests yet"
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Build container image for merge requests (no push)
build:
  stage: build
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        --layers \
        --cache-from ${IMAGE_NAME}:latest \
        .
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

# Build and push on main branch
publish:
  stage: publish
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
        --tag ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG} \
        --tag ${IMAGE_NAME}:latest \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        .
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG}
    - buildah push ${IMAGE_NAME}:latest
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Build and push tagged releases
publish-release:
  stage: publish
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_TAG} \
        --tag ${IMAGE_NAME}:latest \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.version=${CI_COMMIT_TAG} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        --layers \
        .
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_TAG}
    - buildah push ${IMAGE_NAME}:latest
  rules:
    - if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/

# deploy_helm_charts:
#   stage: deploy
#   image:
#     name: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
#   parallel:
#     matrix:
#       # - ENV: "prod"
#       #   VALUES_FILE: "helm/values-prod.yaml"
#       #   CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
#       #   NAMESPACE: "bsf-services-namespace"
#         # ONLY: "main"
#       - ENV: "dev"
#         VALUES_FILE: "helm/orchard/values.yaml"
#         CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
#         NAMESPACE: "bsf-services-dev-namespace"
#         # ONLY: ["branches", "!main"]
#   script:
#     - kubectl config use-context $CONTEXT
#     - echo "Deploy - buildah push ${IMAGE_NAME}:latest"
#     - |
#       helm upgrade --install orchard-dev ./helm/orchard --namespace $NAMESPACE -f $VALUES_FILE