include:
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
- project: unboundsoftware/ci-templates
  file: Defaults.gitlab-ci.yml
- project: unboundsoftware/ci-templates
  file: Release.gitlab-ci.yml
- project: unboundsoftware/ci-templates
  file: Pre-Commit-Go.gitlab-ci.yml

stages:
- build
- test
- deploy-prod
- release

variables:
  UNBOUND_RELEASE_TAG_ONLY: true

.buildtools:
  image: buildtool/build-tools:${BUILDTOOLS_VERSION}

check:
  stage: .pre
  image: amd64/golang:1.24.5@sha256:0a156a4a26df7babc9944fa442dfe38e9f867b45869e182d056a174b7f949f8c
  script:
  - go install mvdan.cc/gofumpt@latest
  - go install golang.org/x/tools/cmd/goimports@latest
  - go generate ./...
  - git diff --stat  --exit-code

build:
  extends: .buildtools
  stage: build
  script:
  - build
  - curl -Os https://uploader.codecov.io/latest/linux/codecov
  - chmod +x codecov
  - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH
  - push

vulnerabilities:
  stage: build
  image: amd64/golang:1.24.5@sha256:0a156a4a26df7babc9944fa442dfe38e9f867b45869e182d056a174b7f949f8c
  script:
  - go install golang.org/x/vuln/cmd/govulncheck@latest
  - govulncheck ./...

deploy-prod:
  extends: .buildtools
  stage: deploy-prod
  before_script:
  - echo Deploy to prod
  script:
  - deploy prod
  rules:
  - if: $CI_COMMIT_BRANCH == "main"
  environment:
    name: prod
  resource_group: prod

check_release:
  stage: test
  image:
    name: goreleaser/goreleaser:v2.11.1@sha256:7e28f4c3823b4ff859f40cfeea76d2c3ee5980c9a8c16562e9afdb77db28e305
    entrypoint: [ '' ]
  variables:
    GOTOOLCHAIN: auto
  script: |
    goreleaser check
    goreleaser release --snapshot --clean

release:
  stage: release
  needs:
  - unbound_release_prepare_release
  image:
    name: goreleaser/goreleaser:v2.11.1@sha256:7e28f4c3823b4ff859f40cfeea76d2c3ee5980c9a8c16562e9afdb77db28e305
    entrypoint: [ '' ]
  variables:
    # Disable shallow cloning so that goreleaser can diff between tags to
    # generate a changelog.
    GIT_DEPTH: 0
    GITLAB_TOKEN: $GITLAB_CI_TOKEN
    GOTOOLCHAIN: auto
  # Only run this release job for tags, not every commit (for example).
  rules:
  - if: $CI_COMMIT_TAG
  script: |
    goreleaser release --clean --release-notes=CHANGES.md