image: node:alpine # Use latest version of Node.js on Alpine

cache:
  paths:
    - node_modules/

variables:
  NODE_ENV: "production"

# Rename to 'pages' for gitlab pages
build:
  stage: build

  before_script:
    - apk update && apk add git
    - npm install --include=optional --force

  script:
    # Generate site
    - npm run build

  rules:
    # Only trigger through push & "Run pipeline" events only in the master branch; Skip in renovate job; Merge request where master branch is the target
    - if: '$RENOVATE != "true" && (($CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")) || ($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"))'
      when: always

  artifacts:
    paths:
      - public/
    expire_in: 30 days

test:
  stage: test

  script:
    # Homepage should exist and non-empty
    - sh check-homepage.sh

  rules:
    - if: '$RENOVATE != "true" && (($CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")) || ($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"))'
      when: always

  artifacts:
    paths:
      - public/
    expire_in: 30 days

deploy:
  stage: deploy

  before_script:
    - apk update && apk add openssh-client rsync
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
    - echo "$SSH_KEY_1" > ~/.ssh/id_host_1
    - chmod 600 ~/.ssh/id_host_1
    - echo "$SSH_KEY_2" > ~/.ssh/id_host_2
    - chmod 600 ~/.ssh/id_host_2
    - echo "$SSH_CONFIG" > ~/.ssh/config
    - chmod 600 ~/.ssh/config

  script:
    - rsync -azvh --delete public/ host-1:/var/www/
    - rsync -azvh --delete public/ host-2:/var/www/
    - npm run deploy-cf-images

  rules:
    - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")'
      when: always

deploy_pages:
  stage: deploy

  trigger:
    project: curben/curben.gitlab.io
    branch: master
    strategy: depend

  rules:
    - if: '$RENOVATE != "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline")'
      when: always

# Check dependency update
renovate:
  before_script:
    - apk update && apk add git
    - npm install

  script:
    - npm install snyk @snyk/protect && npm run snyk
    - npm install renovate && npm run renovate

  # No artifact
  dependencies: []

  rules:
    - if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")'
      when: always

include:
  - template: Security/Secret-Detection.gitlab-ci.yml