.gitlab-ci.yml

# .gitlab-ci.yml
#
# canvas
#
# pipelines can be triggered manually in the web


stages:
  - fmt
  - build-linux
  - build-mac
  - publish

variables:                         &default-vars
  GIT_STRATEGY:                    fetch
  GIT_DEPTH:                       100
  CARGO_INCREMENTAL:               0
  CARGO_TARGET_DIR:                "/ci-cache/${CI_PROJECT_NAME}/targets/${CI_COMMIT_REF_NAME}/${CI_JOB_NAME}"
  VAULT_SERVER_URL:                "https://vault.parity-mgmt-vault.parity.io"
  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt"
  VAULT_AUTH_ROLE:                 "cicd_gitlab_parity_${CI_PROJECT_NAME}"

workflow:
  rules:
    - if: $CI_COMMIT_TAG
    - if: $CI_COMMIT_BRANCH

.collect-artifacts:                &collect-artifacts
  artifacts:
    name:                          "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}"
    when:                          on_success
    expire_in:                     7 days
    paths:
      - artifacts/

.docker-env:                       &docker-env
  image:                           paritytech/ci-linux:production
  before_script:
    - cargo -vV
    - rustc -vV
    - rustup show
    - bash --version
    - mkdir -p ${CARGO_TARGET_DIR}
    - ./scripts/ci/pre_cache.sh
    - sccache -s
  interruptible:                   true
  retry:
    max: 2
    when:
      - runner_system_failure
      - unknown_failure
      - api_failure
  tags:
    - linux-docker

.kubernetes-env:                   &kubernetes-env
  retry:
    max: 2
    when:
      - runner_system_failure
      - unknown_failure
      - api_failure
  interruptible:                   true
  tags:
    - kubernetes-parity-build

.build-refs:                       &build-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
    - if: $CI_PIPELINE_SOURCE == "schedule"
    - if: $CI_COMMIT_REF_NAME == "master"
    - if: $CI_COMMIT_REF_NAME == "tags"
    - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs
    - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # i.e. v1.0, v2.1rc1

.master-refs:                      &master-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
    - if: $CI_PIPELINE_SOURCE == "schedule"
    - if: $CI_COMMIT_REF_NAME == "master"
    - if: $CI_COMMIT_REF_NAME == "tags"
    - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # i.e. v1.0, v2.1rc1

.publish-refs:                     &publish-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
    - if: $CI_PIPELINE_SOURCE == "schedule"
    - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # i.e. v1.0, v2.1rc1


### stage:                         fmt

fmt:
  stage:                           fmt
  <<:                              *docker-env
  script:
    - cargo +nightly fmt --verbose --all -- --check

### stage:                         build-linux

build-linux:
  stage:                           build-linux
  <<:                              *docker-env
  <<:                              *collect-artifacts
  <<:                              *build-refs
  script:
    - time cargo build --release
    - time cargo test --release --all
    - mkdir -p ./artifacts/canvas-linux/
    - cp ${CARGO_TARGET_DIR}/release/canvas ./artifacts/canvas-linux/canvas
    - cp ${CARGO_TARGET_DIR}/release/wbuild/canvas-runtime/canvas_runtime* ./artifacts/canvas-linux/
    - cp ./scripts/dockerfiles/canvas_injected.Dockerfile ./artifacts/canvas-linux/canvas_injected.Dockerfile

### stage:                         build-mac

build-mac:
  stage:                           build-mac
  <<:                              *docker-env
  <<:                              *collect-artifacts
  # we run the mac build only when we actually want to publish
  <<:                              *publish-refs
  before_script:
    - unset CARGO_TARGET_DIR
  script:
    - time cargo build --release
    - mkdir -p ./artifacts/canvas-mac/
    - cp target/release/canvas ./artifacts/canvas-mac/canvas
  tags:
    - osx

### stage:                         publish

.build-push-docker-image:          &build-push-docker-image
  <<:                              *master-refs
  <<:                              *kubernetes-env
  image:                           quay.io/buildah/stable
  variables:
    <<:                            *default-vars
    GIT_STRATEGY:                  none
    DOCKERFILE:                    canvas_injected.Dockerfile
    IMAGE_NAME:                    docker.io/paritytech/canvas
  secrets:
    DOCKER_HUB_USER:
      vault:                       cicd/gitlab/parity/DOCKER_HUB_USER@kv
      file:                        false
    DOCKER_HUB_PASS:
      vault:                       cicd/gitlab/parity/DOCKER_HUB_PASS@kv
      file:                        false
  needs:
    - job: build-linux
      artifacts: true
  before_script:
    - if [[ "${CI_COMMIT_TAG}" ]]; then
        VERSION=${CI_COMMIT_TAG};
      elif [[ "${CI_COMMIT_SHORT_SHA}" ]]; then
        VERSION=${CI_COMMIT_SHORT_SHA};
      fi
    - echo "Effective tags = ${VERSION} sha-${CI_COMMIT_SHORT_SHA} latest"
  script:
    - cd ./artifacts/canvas-linux/
    - test "$DOCKER_HUB_USER" -a "$DOCKER_HUB_PASS" ||
        ( echo "no docker credentials provided"; exit 1 )
    - buildah bud
        --format=docker
        --build-arg VCS_REF="${CI_COMMIT_SHA}"
        --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
        --build-arg VERSION="$VERSION"
        --tag "$IMAGE_NAME:$VERSION"
        --tag "$IMAGE_NAME:latest"
        --file "$DOCKERFILE" .
    - echo "$DOCKER_HUB_PASS" |
        buildah login --username "$DOCKER_HUB_USER" --password-stdin docker.io
    - buildah info
    - buildah push --format=v2s2 "$IMAGE_NAME:$VERSION"
    - buildah push --format=v2s2 "$IMAGE_NAME:latest"
  after_script:
    - buildah logout --all


publish-docker:
  stage:                           publish
  <<:                              *build-push-docker-image

publish:
  stage:                           publish
  <<:                              *kubernetes-env
  image:                           paritytech/tools:latest
  <<:                              *publish-refs
  needs:
    - job: build-linux
      artifacts: true
    - job: build-mac
      artifacts: true
  secrets:
    GITHUB_TOKEN:
      vault:                       cicd/gitlab/parity/GITHUB_TOKEN@kv
      file:                        false
  script:
    - git describe --tags
    - TAG_NAME=`git describe --tags`
    - echo "tag name ${TAG_NAME}"
    - tar -czvf ./canvas-linux.tar.gz ./artifacts/canvas-linux/canvas
    - tar -czvf ./canvas-mac.tar.gz ./artifacts/canvas-mac/canvas
    - 'curl https://api.github.com/repos/paritytech/canvas/releases
        --fail-with-body
        -H "Cookie: logged_in=no"
        -H "Authorization: token ${GITHUB_TOKEN}"'
    - 'curl https://api.github.com/repos/paritytech/canvas/releases
        --fail-with-body
        -H "Cookie: logged_in=no"
        -H "Authorization: token ${GITHUB_TOKEN}" | jq .'
    - 'RELEASE_ID=$(curl https://api.github.com/repos/paritytech/canvas/releases
        --fail-with-body
        -H "Cookie: logged_in=no"
        -H "Authorization: token ${GITHUB_TOKEN}"
        | jq -r ".[] | select(.tag_name == \"$TAG_NAME\") | .id");
      echo "release id if existent: ${RELEASE_ID}"'
    - 'if [ -z "$RELEASE_ID" ]; then
        RESP=$(curl -X "POST" "https://api.github.com/repos/paritytech/canvas/releases"
          --fail-with-body
          -H "Cookie: logged_in=no"
          -H "Authorization: token ${GITHUB_TOKEN}"
          -H "Content-Type: application/json; charset=utf-8"
          -d $"{
              \"tag_name\": \"${TAG_NAME}\",
              \"name\": \"${TAG_NAME}\",
              \"prerelease\": false,
              \"draft\": true
          }");
          echo "api response ${RESP}";
          RELEASE_ID=$(echo $RESP | jq -r .id);
          echo "release id of created release ${RELEASE_ID}";
        fi'
    - echo "release id ${RELEASE_ID}"
    - 'curl -X "POST" "https://uploads.github.com/repos/paritytech/canvas/releases/$RELEASE_ID/assets?name=canvas-linux.tar.gz"
        --fail-with-body
        -H "Cookie: logged_in=no"
        -H "Authorization: token ${GITHUB_TOKEN}"
        -H "Content-Type: application/octet-stream"
        --data-binary @"./canvas-linux.tar.gz"'
    - 'curl -X "POST" "https://uploads.github.com/repos/paritytech/canvas/releases/$RELEASE_ID/assets?name=canvas-mac.tar.gz"
        --fail-with-body
        -H "Cookie: logged_in=no"
        -H "Authorization: token ${GITHUB_TOKEN}"
        -H "Content-Type: application/octet-stream"
        --data-binary @"./canvas-mac.tar.gz"'