image: docker:latest

variables:
  IMAGE_NAME: "ci.perditum.com/perditum/account-rs"
  IMAGE_TAG: "${CI_COMMIT_REF_SLUG}"

before_script:
  - git submodule update --init
  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" ci.perditum.com

stages:
  - initialize-submodules
  - build
  - push
  - test  # for SAST + Dependency Scanning

build:
  stage: build
  script:
    - echo "DATABASE_URL=$DATABASE_URL" > .env
    - docker build -t "$IMAGE_NAME:$IMAGE_TAG" .

push:
  stage: push
  needs:
    - build
  script:
    - docker tag "$IMAGE_NAME:$IMAGE_TAG" "$IMAGE_NAME:latest"
    - docker push "$IMAGE_NAME:$IMAGE_TAG"
    - docker push "$IMAGE_NAME:latest"
  only:
    - main

sast:
  stage: test
  allow_failure: true
  script: ['echo "Running SAST scan"']
  artifacts:
    reports:
      sast: gl-sast-report.json
  rules:
    - if: $CI_COMMIT_BRANCH

dependency_scanning:
  stage: test
  allow_failure: true
  script: ['echo "Running dep scan"']
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
  rules:
    - if: $CI_COMMIT_BRANCH