stages:
  - deploy_stage
  - failed_stage
  - pages_stage

image: alpine:latest # Use the latest version of Alpine Linux docker image

deploy_job:
  stage: deploy_stage

  before_script:
    # Install dependencies
    - 'which ssh-agent || ( apk update && apk add openssh-client git grep)'

    # Run ssh-agent
    - eval $(ssh-agent -s)

    # Import private key with ed25519 workaround
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - echo "$GH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null

    # Create the SSH directory and give it the right permissions
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh

    # Add gitlab.com as ssh known host
    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts

    # Set commit author
    - git config --global user.name "curben-bot"
    - git config --global user.email "curben-bot@users.noreply.gitlab.com"

    # SSH to gitlab.com
    - ssh git@gitlab.com

    # Shallow cloning for faster cloning
    - git clone --depth 3 git@gitlab.com:curben/urlhaus-filter.git build
    - cd build/

  script:
    # Run scripts
    - sh script.sh

    # Commit the changes
    - sh utils/commit.sh

  after_script:
    - cd build/

    # Re-add ssh key https://gitlab.com/gitlab-org/gitlab-runner/issues/1926
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - echo "$GH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts

    # Generate successful status badge
    - mkdir -p .gitlab/
    - wget https://img.shields.io/badge/pipeline-passed-success.svg -O .gitlab/status.svg
    - git add .gitlab/status.svg
    # Only commit when diff exists https://stackoverflow.com/a/8123841
    - git config --global user.name "curben-bot"
    - git config --global user.email "curben-bot@users.noreply.gitlab.com"
    - git diff-index --quiet HEAD || git commit -m "Success pipeline"

    - ssh git@gitlab.com
    - git push

    # Push to mirror
    # Force exit code 0
    - ssh -T git@github.com || echo
    - git remote add mirror git@github.com:curbengh/urlhaus-filter.git
    - git push mirror

  only:
    # Allow CI to be triggered by schedule
    - schedules

    # Allow CI to be triggered manually
    - web

failed_job:
  stage: failed_stage

  script:
    - cd build/
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - echo "$GH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
    - git config --global user.name "curben-bot"
    - git config --global user.email "curben-bot@users.noreply.gitlab.com"
    - mkdir -p .gitlab/
    - wget https://img.shields.io/badge/pipeline-failed-critical.svg -O .gitlab/status.svg
    - git add .gitlab/status.svg
    - git diff-index --quiet HEAD || git commit -m "Failed pipeline"
    - ssh git@gitlab.com
    - git push
    - ssh -T git@github.com || echo
    - git remote add mirror git@github.com:curbengh/urlhaus-filter.git
    - git push mirror

  # Run this job only when deploy_job failed
  when: on_failure

  only:
    - schedules
    - web