---

stages:
  - deps
  - build
  - sast
  - qa
  - image
  - container_scanning


cache:
  paths:
    - .go/pkg/mod/
    - qa/ui/node_modules/
    - frontend/ui/node_modules/

include:
  - '.gitlab-ci/build.yml'
  - '.gitlab-ci/image.yml'
  - template: SAST.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

.scanners-matrix:
  parallel:
    matrix:
      - IMAGE_NAME: [checker, admin, evdist, frontend-ui, nginx, dashboard, repochecker, qa, receiver]

container_scanning:
  stage: container_scanning
  extends:
    - .scanners-matrix
  variables:
    DOCKER_SERVICE: localhost
    DOCKERFILE_PATH: Dockerfile-${IMAGE_NAME}
    CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}/${IMAGE_NAME}
    CI_APPLICATION_TAG: latest
    GIT_STRATEGY: fetch
  before_script:
    - 'echo "Scanning: ${IMAGE_NAME}"'
  rules:
    - if: '$CI_COMMIT_BRANCH == "master"'

sast:
  stage: sast
  interruptible: true
  needs: []

secret_detection:
  stage: sast
  interruptible: true
  needs: []

license_scanning:
  stage: qa
  interruptible: true
  needs: []

get-deps:
  stage: deps
  image: golang:alpine3.18
  before_script:
    - export GOPATH="$CI_PROJECT_DIR/.go"
    - mkdir -p .go
  script:
    - apk --no-cache add git
    - go get -v -d srs.epita.fr/fic-server/admin
    - go get -v -d srs.epita.fr/fic-server/checker
    - go get -v -d srs.epita.fr/fic-server/receiver
    - go get -v -d srs.epita.fr/fic-server/evdist
    - go get -v -d srs.epita.fr/fic-server/dashboard
    - go get -v -d srs.epita.fr/fic-server/repochecker
    - go get -v -d srs.epita.fr/fic-server/repochecker/epita
    - go get -v -d srs.epita.fr/fic-server/repochecker/file-inspector
    - go get -v -d srs.epita.fr/fic-server/repochecker/grammalecte
    - go get -v -d srs.epita.fr/fic-server/repochecker/pcap-inspector
    - go get -v -d srs.epita.fr/fic-server/repochecker/videos
    - go get -v -d srs.epita.fr/fic-server/qa

vet:
  stage: sast
  needs: ["build-qa-ui"]
  dependencies:
    - build-qa-ui
  image: golang:alpine3.18
  before_script:
    - export GOPATH="$CI_PROJECT_DIR/.go"
    - mkdir -p .go
  script:
    - apk --no-cache add build-base
    - go vet -v -buildvcs=false -tags gitgo srs.epita.fr/fic-server/admin
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/libfic
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/sync
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin/pki
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/admin
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/checker
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/receiver
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/evdist
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/dashboard
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/epita
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/file-inspector
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/grammalecte
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/pcap-inspector
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/repochecker/videos
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/qa
    - go vet -v -buildvcs=false srs.epita.fr/fic-server/settings