.gitlab-ci.yml

variables:
  DIRAC_DIR: "/home/dirac"

stages:
  - linting
  - sonarqube
  - build
  - tests
  - upload

# Run hadolint Dockerfile linter
hadolint:
  tags:
      - DESY-IT
  stage: linting
  image:
    name: ghcr.io/hadolint/hadolint:latest-debian
  rules:
    - changes:
        - docker/dirac-client/Dockerfile
    - if: $CI_COMMIT_BRANCH =~ /^.*docker.*/
      when: manual
  script:
    - hadolint ${CI_PROJECT_DIR}/docker/dirac-client/Dockerfile
  allow_failure: true

# Run pytest coverage
pytest_coverage:
  stage: sonarqube
  image:
    name: mambaorg/micromamba:latest
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
    - changes:
      - test/Unit/
  script:
    - eval "$(micromamba shell hook --shell bash)"
    - micromamba env create -y --file ${CI_PROJECT_DIR}/utils/ci/env/coverage.yml
    - micromamba activate coverage
    - python -m pip install .
    - python -m pytest tests/Unit --verbose --cov=src/CTADIRAC/ --cov-report=xml --cov-report=term
  artifacts:
    paths:
      - coverage.xml
    expire_in: 1 day
  allow_failure: true

# Run Sonar scanner using pytest cov
sonarqube:
  stage: sonarqube
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
  needs: ["pytest_coverage"]
  dependencies:
    - pytest_coverage
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner -Dsonar.branch.name="${CI_COMMIT_BRANCH}" -Dsonar.sources=${CI_PROJECT_DIR} -Dsonar.projectKey=${SONAR_PROJECT_KEY} -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_TOKEN -X
  allow_failure: true

# Build DIRAC Client Docker image
# and push it to Gitlab container registry using Kaniko:
build_dirac_client_image:
  tags:
    - DESY-IT
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:v1.9.0-debug
    entrypoint: [""]
  rules:
    - if: $CI_COMMIT_TAG
      changes:
        - docker/dirac-client/Dockerfile
        - src/CTADIRAC
    - if: $CI_COMMIT_BRANCH =~ /^.*docker.*/
      when: manual
    - if: $CI_COMMIT_BRANCH =~ /^.*system_test.*/
      when: manual
  variables:
    IMAGE_NAME: dirac-client
  script:
    - /kaniko/executor
        --context "${CI_PROJECT_DIR}"
        --dockerfile "${CI_PROJECT_DIR}/docker/dirac-client/Dockerfile"
        --destination "${CI_REGISTRY_IMAGE}/dirac-client:$CI_COMMIT_TAG"
        --destination "${CI_REGISTRY_IMAGE}/dirac-client:latest"
        # Use --no-push to not push the image instead of destination

# Run CTADIRAC System tests:
system_tests:
  tags:
    - DESY-IT
  needs: ["build_dirac_client_image"]
  variables:
    BEGIN_CERT: "-----BEGIN CERTIFICATE-----"
    END_CERT: "-----END CERTIFICATE-----"
    BEGIN_KEY: "-----BEGIN ENCRYPTED PRIVATE KEY-----"
    END_KEY: "-----END ENCRYPTED PRIVATE KEY-----"
  rules:
    - if: $CI_COMMIT_TAG
      changes:
        - src/CTADIRAC/
        - tests/System/
    - if: $CI_COMMIT_BRANCH =~ /^.*system_test.*/
      when: manual
  stage: tests
  image: gitlab.cta-observatory.org:5555/cta-computing/dpps/ctadirac/dirac-client:latest
  script:
    - source ${DIRAC_DIR}/diracos/diracosrc
    - pip show CTADIRAC
    - cd $DIRAC_DIR
    - mkdir -p $DIRAC_DIR/.globus/
    - echo "$USER_CERT_ATTR" > $DIRAC_DIR/.globus/usercert.pem
    - echo "$BEGIN_CERT" >> $DIRAC_DIR/.globus/usercert.pem
    - echo "$USER_CERT" >> $DIRAC_DIR/.globus/usercert.pem
    - echo "$END_CERT" >> $DIRAC_DIR/.globus/usercert.pem
    - echo "$USER_KEY_ATTR" > $DIRAC_DIR/.globus/userkey.pem
    - echo "$BEGIN_KEY" >> $DIRAC_DIR/.globus/userkey.pem
    - echo "$USER_KEY" >> $DIRAC_DIR/.globus/userkey.pem
    - echo "$END_KEY" >> $DIRAC_DIR/.globus/userkey.pem
    - echo "$USER_CERT_PWD" | dirac-proxy-init --nocs --Cert $DIRAC_DIR/.globus/usercert.pem --Key $DIRAC_DIR/.globus/userkey.pem -ddd -p
    - dirac-configure -F -C https://majestix-vm1.zeuthen.desy.de:9135/Configuration/Server -S CTADIRAC-alma -ddd
    - echo "$USER_CERT_PWD" | dirac-proxy-init -g cta_prod --Cert $DIRAC_DIR/.globus/usercert.pem --Key $DIRAC_DIR/.globus/userkey.pem -ddd -p
    - cd $CI_PROJECT_DIR
    - python ${CI_PROJECT_DIR}/tests/System/runTestSuite.py JobExecutionTests TransformationExecutionTests ProductionExecutionTests ProductionConfigurationTests ProdSystemFullTests

# Upload CTADIRAC Package to Pypi
pypi_upload:
  tags:
    - DESY-IT
  needs: ["system_tests"]
  only:
    - tags
  except:
    - branches
  stage: upload
  image: python:latest
  script:
    - ${CI_PROJECT_DIR}/utils/ci/checkSetupVersion.sh
    - pip install build twine
    - rm -Rf build; rm -Rf dist
    - python setup.py sdist bdist_wheel
    - python3 -m twine upload --repository-url https://upload.pypi.org/legacy/ --username "__token__" --password "$PYPI_TOKEN" dist/*

# To upload to the Gitlab pkg registry add:
# python3 -m twine upload
# --repository-url https://gitlab.cta-observatory.org/api/v4/projects/${CI_PROJECT_ID}/packages/pypi
#--username gitlab-ci-token --password "${CI_JOB_TOKEN}" dist/*