stages:
  - verify
  - build
  - test
  - test:npm_install
  - test:dependency_checker
  - publish
  - security

.Check Makefile:
  stage: verify
  tags:
    - linux, dockerd
  script:
    - docker run --rm -v "${PWD}:/work" -w /work mandrean/checkmake ./Makefile

.Lint and Validate dockerfiles:
  stage: verify
  tags:
    - linux, dockerd
  script:
    - make test

.Make All Images:
  stage: build
  image: projectatomic/dockerfile-lint
  tags:
    - linux, dockerd
  script:
    - make 

.Test Sonar Scanner:
  stage: test
  tags:
    - dockerd
  script: 
    - docker run --rm its-registry.unl.edu/unl-its/docker-ci/static-code-analysis sonar-scanner -v
    - docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s

Test Dependency Checker npm install:
  stage: test:npm_install
  tags:
    - docker
  image: node:alpine
  cache:
    paths:
      - t/dependency-check/simple-app/node_modules/
  script:
    - cd t/dependency-check/simple-app/
    - npm install

Test Dependency Checker dependency_check:
  stage: test:dependency_checker
  image: 
    name: its-registry.unl.edu/unl-its/docker-ci/dependency-check
    entrypoint: ["/bin/sh"]
  cache:
    policy: pull
  variables:
    DEPENDENCY_CHECK_OUT_DIR: /tmp/dependency_check_results
    SRC_DIR: t/dependency-check/simple-app/
  before_script:
    - cd t/dependency-check/simple-app/
    - ls -alr
  tags:
    - docker
  script:
    - echo ${DEPENDENCY_CHECK_OUT_DIR}

.Test Dependency Checker:
  stage: test
  tags:
    - dockerd
  script:
    - ls -al 
    - docker run --rm -v "${PWD}/t/dependency-check/simple-app:/work" -w /work --entrypoint "/bin/ls -al" node:alpine npm install  
    - docker run --rm -v "${PWD}/t/dependency-check/simple-app:/work" -w /work node:alpine npm install 
    - docker run --rm -v "${PWD}/t/dependency-check/simple-app:/work" -w /work -e DEPENDENCY_CHECK_OUT_DIR=./ its-registry.unl.edu/unl-its/docker-ci/dependency-check
    - docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/static-code-analysis sonar-scanner -Dsonar.host.url=$SONAR_URL -Dsonar.projectKey=$CI_PROJECT_PATH_SLUG -Dsonar.sources=. -Dsonar.login=$SONAR_TOKEN -Dsonar.dependencyCheck.reportPath=dependency-check-report.xml -Dsonar.dependencyCheck.htmlReportPath=dependency-check-report.html

.Test PHP Lint:
  stage: test
  tags:
    - linux, dockerd
  script: 
    - t/php-lint/tests.sh

.Push to Container Registry:
  after_script:
    - rm -f /var/lib/gitlab-runner/.docker/config.json
  stage: publish
  tags:
    - linux, dockerd
  script:
    - make publish

.Scan with Tenable:
  stage: security
  tags:
    - linux, dockerd
  script:
    - make security