image: python:3.11-slim

variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  PACKAGE_VERSION: $CI_COMMIT_TAG
  ADDON_PACKAGE: "TA-malware-filter-${PACKAGE_VERSION}.tar.gz"
  PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${PACKAGE_VERSION}"

stages:
  - test
  - build
  - upload
  - release

lint:
  stage: test

  variables:
    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit

  cache:
    paths:
      - .cache/pip
      - .venv/
      - ${PRE_COMMIT_HOME}

  before_script:
    - apt-get update && apt-get install -y --no-install-recommends git
    - python --version
    - python -m venv .venv
    - source .venv/bin/activate
    - pip install -r requirements-dev.txt -U

  script:
    - pre-commit run --all-files

build:
  stage: build

  script:
    - python --version
    - python build.py

  artifacts:
    paths:
      - TA-malware-filter-*.tar.gz
    expire_in: 30 days

upload:
  stage: upload
  image: curlimages/curl:latest
  rules:
    - if: $CI_COMMIT_TAG
  script:
    - |
      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${ADDON_PACKAGE} ${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}
      sha256sum "$ADDON_PACKAGE" > "${ADDON_PACKAGE}.sha256sum"
      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${ADDON_PACKAGE}.sha256sum" "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"

release_job:
  stage: release
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  rules:
    # Run this job when a tag is created manually
    - if: $CI_COMMIT_TAG
  script:
    - echo "Running the release job."
  release:
    tag_name: $CI_COMMIT_TAG
    description: $CI_COMMIT_TAG
    assets:
      links:
        - name: ${ADDON_PACKAGE}
          url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}"
        - name: ${ADDON_PACKAGE}.sha256sum
          url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"