stages:
  - test
  - build
  - publish
  - deploy

variables:
  # Container registry settings
  REGISTRY: ${CI_REGISTRY}
  IMAGE_NAME: ${CI_REGISTRY_IMAGE}
  # Buildah settings
  STORAGE_DRIVER: vfs
  BUILDAH_FORMAT: docker
  BUILDAH_ISOLATION: chroot

.buildah-base:
  image: deps.global.bsf.tools/quay.io/buildah/stable:latest
  before_script:
    - buildah version
    - buildah login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}

# Run Go tests
test:
  stage: test
  image: deps.global.bsf.tools/docker/golang:1.22-alpine
  before_script:
    - apk add --no-cache git gcc musl-dev
  script:
    - export CGO_ENABLED=1
    - go mod download
    - go vet ./...
    - go test -v -race ./...
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Build container image for merge requests (no push)
build:
  stage: build
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        --layers \
        --cache-from ${IMAGE_NAME}:latest \
        .
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

# Build and push on main branch
publish:
  stage: publish
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
        --tag ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG} \
        --tag ${IMAGE_NAME}:latest \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        .
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG}
    - buildah push ${IMAGE_NAME}:latest
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Build and push tagged releases
publish-release:
  stage: publish
  extends: .buildah-base
  script:
    - |
      buildah build \
        --tag ${IMAGE_NAME}:${CI_COMMIT_TAG} \
        --tag ${IMAGE_NAME}:latest \
        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
        --label org.opencontainers.image.version=${CI_COMMIT_TAG} \
        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
        --layers \
        .
    - buildah push ${IMAGE_NAME}:${CI_COMMIT_TAG}
    - buildah push ${IMAGE_NAME}:latest
  rules:
    - if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/

deploy_helm_charts:
  stage: deploy
  image:
    name: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
  parallel:
    matrix:
      # - ENV: "prod"
      #   VALUES_FILE: "helm/values-prod.yaml"
      #   CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
      #   NAMESPACE: "bsf-services-namespace"
        # ONLY: "main"
      - ENV: "dev"
        VALUES_FILE: "helm/orchard/values.yaml"
        CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
        NAMESPACE: "bsf-services-dev-namespace"
        # ONLY: ["branches", "!main"]
  script:
    - kubectl config use-context $CONTEXT
    - echo "Deploy - buildah push ${IMAGE_NAME}:latest"
    - |
      helm upgrade --install orchard-dev ./helm/orchard --namespace $NAMESPACE -f $VALUES_FILE