.gitlab-ci.yml

stages:
  - prebuild
  - build
  - pack-centos
  - pack-ubuntu
  - pack-debian
  - sign
  - deploy

workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    - if: $CI_PIPELINE_SOURCE == "web"

variables:
  GIT_DEPTH: 0
  GIT_SUBMODULE_STRATEGY: recursive
  BASE_IMAGE: build-base:latest
  CARGO_INCREMENTAL: 0
  CARGO_HOME: ${CI_PROJECT_DIR}/.cargo
  DOCKER_AUTH_CONFIG: $DOCKER_AUTH_RW
  REGISTRY_IMAGE: docker-public.binary.picodata.io
  RAW_REGISTRY: https://binary.picodata.io/repository/raw-private/


  #
  # See also:
  #   GitLab CI/CD predefined variables
  #   https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
  #
  # CI_COMMIT_SHA: The commit revision the project is built for
  # CI_REGISTRY: The address of the GitLab Container Registry
  # CI_REGISTRY_USER: The username to push containers to the project’s
  #   GitLab Container Registry
  # CI_REGISTRY_PASSWORD: The password to push containers to the project’s
  #   GitLab Container Registry
  # CI_REGISTRY_IMAGE: The address of the project’s Container Registry

docker-build-base:
  stage: prebuild
  image: docker:20
  tags:
    - dind
  rules:
    - # if
      changes:
        - docker-build-base/Dockerfile
  before_script:
    - mkdir -p $CI_PROJECT_DIR/.docker
    - echo $DOCKER_AUTH_RW > $CI_PROJECT_DIR/.docker/config.json
  script:
    - docker pull ${REGISTRY_IMAGE}/${BASE_IMAGE} || true
    - >
      docker build
      --pull
      --label GIT_COMMIT=${CI_COMMIT_SHA}
      --cache-from ${REGISTRY_IMAGE}/${BASE_IMAGE}
      -t ${REGISTRY_IMAGE}/${BASE_IMAGE}
      -f ./docker-build-base/Dockerfile
      ./docker-build-base
    - docker --config $CI_PROJECT_DIR/.docker/ push ${REGISTRY_IMAGE}/${BASE_IMAGE}

build:
  image: ${REGISTRY_IMAGE}/${BASE_IMAGE}
  stage: build
  tags:
    - docker
  script:
    # - git submodule foreach --recursive 'git fetch --tags; git describe --always'
    - pushd tarantool-sys; git describe; popd
    - pushd tarantool-sys/third_party/luajit; git describe; popd
    - cargo -V
    - cargo build --locked
    - cargo test --locked
    - cargo fmt -- -v --check
    - cargo clippy --version
    - cargo clippy -- --deny clippy::all
    - PIPENV_VENV_IN_PROJECT=1 PIP_NO_CACHE_DIR=true python3.10 -m pipenv install --deploy
    - pipenv run pytest --numprocesses 2 -v
    - pipenv run lint
  cache:
    paths:
      - target
      - .cargo
      - .venv

build-package-centos:
  stage: pack-centos
  tags:
    - shell
  only:
    - web
    - tags
  before_script:
    - git submodule update --init --recursive
    - git clone https://github.com/packpack/packpack.git packpack
    - sed -i "s/(id -u)/(id -u) -o/g" packpack/packpack
  script:
    - |
      pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
      OS=centos DIST=7 PRESERVE_ENVVARS=VER_TNT packpack/packpack
      OS=centos DIST=8 PRESERVE_ENVVARS=VER_TNT packpack/packpack
  artifacts:
    paths:
      - build/picodata*.rpm

build-package-ubuntu:
  tags:
    - shell
  stage: pack-ubuntu
  only:
    - web
    - tags
  before_script:
    - git submodule update --init --recursive
    - git clone https://github.com/packpack/packpack.git packpack
    - git describe --long
  script:
    - |
      pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
      OS=ubuntu DIST=focal PRESERVE_ENVVARS=VER_TNT BUILDDIR=$PWD/build_ubuntu/ RELEASE=${DIST} packpack/packpack
  artifacts:
    paths:
      - build_ubuntu/*.deb

build-package-debian:
  tags:
    - shell
  stage: pack-debian
  only:
    - web
    - tags
  before_script:
    - git submodule update --init --recursive
    - git clone https://github.com/packpack/packpack.git packpack
    - git describe --long
  script:
    - |
      pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
      OS=debian DIST=bullseye PRESERVE_ENVVARS=VER_TNT BUILDDIR=$PWD/build_debian/ RELEASE=${DIST} packpack/packpack
  artifacts:
    paths:
      - build_debian/*.deb

sign-rpm-packages:
  variables:
    DOCKER_AUTH_CONFIG: $DOCKER_AUTH_RO
  stage: sign
  tags:
    - shell
  only:
    - web
    - tags
  before_script:
    - mkdir -p $CI_PROJECT_DIR/.docker
    - echo $DOCKER_AUTH_RW > $CI_PROJECT_DIR/.docker/config.json
    - echo "$GPG_KEY_KDY" | base64 -d > build/kdy.asc
  script:
    - docker run --rm -e KEY_FILE=kdy.asc -v $PWD/build:/build docker-picodata.binary.picodata.io/rpmsign:centos7
  artifacts:
    paths:
      - build/picodata*.rpm

deploy-job:
  stage: deploy
  tags:
    - shell
  only:
    - web
    - tags
  before_script:
    - eval $(ssh-agent -s)
    - echo "$DEPLOY_PROD_SSH_KEY" | base64 -d | ssh-add -
  script:
    # CentOS 7
    - echo "Deploying rpm-centos7-packet..."
    - scp -o stricthostkeychecking=no build/picodata*.el7.*rpm ansible@94.26.239.246:/data/nginx/www/packrepo/tarantool-picodata/el/7/x86_64/
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "cd /data/nginx/www/packrepo/tarantool-picodata/el/7/ && createrepo --update x86_64 && gpg --no-tty --yes -u kdy@picodata.io --detach-sign --armor x86_64/repodata/repomd.xml"
    -  echo "rpm-centos7-packet successfully deployed."
    -  echo
    # CentOS 8
    - echo "Deploying rpm-centos8-packet..."
    - scp -o stricthostkeychecking=no build/picodata*.el8.*rpm ansible@94.26.239.246:/data/nginx/www/packrepo/tarantool-picodata/el/8/x86_64/
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "cd /data/nginx/www/packrepo/tarantool-picodata/el/8/ && createrepo --update x86_64 && gpg --no-tty --yes -u kdy@picodata.io --detach-sign --armor x86_64/repodata/repomd.xml"
    - echo "rpm-centos8-packet successfully deployed."
    - echo
    # Ubuntu
    - echo "Deploying ubuntu deb-packets..."
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "mkdir -p ~/.deb/ubuntu"
    - scp -o stricthostkeychecking=no build_ubuntu/picodata*deb ansible@94.26.239.246:.deb/ubuntu/
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "reprepro -b /data/nginx/www/packrepo/tarantool-picodata/ubuntu/ -C main includedeb focal ~/.deb/ubuntu/picodata*focal*deb; rm ~/.deb/ubuntu/picodata*focal*deb"
    - echo "ubuntu deb-packets successfully deployed."
    - echo
    # Debian
    - echo "Deploying debian packets..."
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "mkdir -p ~/.deb/debian"
    - scp -o stricthostkeychecking=no build_debian/picodata*deb ansible@94.26.239.246:.deb/debian/
    - ssh -o stricthostkeychecking=no ansible@94.26.239.246 "reprepro -b /data/nginx/www/packrepo/tarantool-picodata/debian/ -C main includedeb bullseye ~/.deb/debian/picodata*bullseye*deb; rm ~/.deb/debian/picodata*bullseye*deb"
    - echo "debian packets successfully deployed."