---

stages:
  - deps
  - build
  - sast
  - qa
  - image
  - container_scanning


cache:
  paths:
    - .go/pkg/mod/
    - qa/ui/node_modules/
    - frontend/ui/node_modules/

include:
  - '.gitlab-ci/build.yml'
  - '.gitlab-ci/image.yml'
  - template: SAST.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

.scanners-matrix:
  parallel:
    matrix:
      - IMAGE_NAME: [checker, admin, evdist, frontend-ui, nginx, dashboard, repochecker, qa, receiver, generator]

container_scanning:
  stage: container_scanning
  extends:
    - .scanners-matrix
  variables:
    DOCKER_SERVICE: localhost
    DOCKERFILE_PATH: Dockerfile-${IMAGE_NAME}
    CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/${IMAGE_NAME}
    CI_APPLICATION_TAG: latest
    GIT_STRATEGY: fetch
  before_script:
    - 'echo "Scanning: ${IMAGE_NAME}"'
  rules:
    - if: '$CI_COMMIT_BRANCH == "master"'

sast:
  stage: sast
  interruptible: true
  needs: []
  before_script:
    - rm -rf .go/

secret_detection:
  stage: sast
  interruptible: true
  needs: []

license_scanning:
  stage: qa
  interruptible: true
  needs: []

get-deps:
  stage: deps
  image: golang:alpine3.18
  before_script:
    - export GOPATH="$CI_PROJECT_DIR/.go"
    - mkdir -p .go
  script:
    - apk --no-cache add git
    - go get -v -d ./...

vet:
  stage: sast
  needs: ["build-qa-ui"]
  dependencies:
    - build-qa-ui
  image: golang:alpine3.18
  before_script:
    - export GOPATH="$CI_PROJECT_DIR/.go"
    - mkdir -p .go
  script:
    - apk --no-cache add build-base
    - go vet -v -buildvcs=false -tags gitgo ./...
    - go vet -v -buildvcs=false ./...