.gitlab-ci.yml

include:
  - local: /.gitlab/shared.yml
  - https://gitlab.com/jitesoft/gitlab-ci-lib/raw/master/Scan/trivy.yml
  - local: /.gitlab/stable.yml
  - local: /.gitlab/latest.yml

stages:
  - check
  - download
  - build
  - containerize
  - scan
  - create-cache

check-versions:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "push"'
      when: always
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
      when: always
    - if: '$CI_PIPELINE_SOURCE == "web"'
      when: always
    - if: '$CI_PIPELINE_SOURCE == "trigger"'
      when: never
  stage: check
  cache:
    key: smallstep-certificates-versions
    paths:
      - latest.txt
      - stable.txt
    policy: pull
  script:
    - apk add --no-cache jq wget curl
    - STABLE=$(wget -qO- https://api.github.com/repos/smallstep/certificates/releases | jq -r ".[0].tag_name")
    - LATEST=$(wget -qO- https://api.github.com/repos/smallstep/certificates/tags | jq -r ".[0].name")
    - touch stable.txt
    - touch latest.txt
    - echo "Checking if latest (${LATEST} | $(cat latest.txt)) version should be built."
    - |
      if [ "$(cat latest.txt)" != "${LATEST}" ]; then
        echo "Latest should be built."
        curl -F token=${CI_JOB_TOKEN} -F ref=master  -F "variables[VERSION]=${LATEST}" -F "variables[BUILD]=latest"  https://gitlab.com/api/v4/projects/19567470/trigger/pipeline
      fi
    - echo "Checking if the stable (${STABLE} | $(cat stable.txt)) version should be built."
    - |
      if [ "$(cat stable.txt)" != "${STABLE}" ]; then
        echo "Stable should be built."
        curl -F token=${CI_JOB_TOKEN} -F "variables[VERSION]=${STABLE}" -F "variables[BUILD]=stable" -F ref=master https://gitlab.com/api/v4/projects/19567470/trigger/pipeline
      fi
    - echo "This job is done!"

create-cache:
  variables:
    GIT_STRATEGY: none
  stage: create-cache
  image: registry.gitlab.com/jitesoft/dockerfiles/alpine:latest
  rules:
    - if: '$CACHE_CREATE'
      when: always
    - when: never
  script:
    - touch stable.txt
    - touch latest.txt
    - echo "${VERSION}" > ${TYPE}.txt
  cache:
    paths:
      - latest.txt
      - stable.txt
    key: smallstep-certificates-versions
    policy: pull-push