stages:
  - build
  - cleanup
  - publish

variables:
  LATEST_IMAGE: '$CI_REGISTRY_IMAGE:latest'
  PRODUCTION_URL: 'https://home.unjx.de'

image: docker:${V_DOCKER}-dind

.auth_gitlab:
  before_script:
    - echo $CI_REGISTRY_PASSWORD | docker login --username $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
  after_script:
    - docker logout

.rules:deploy:
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'

build:
  rules: !reference [.rules:deploy, rules]
  stage: build
  variables:
    DOCKER_BUILDKIT: 1
    CURRENT_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG'
  before_script:
    - !reference [.auth_gitlab, before_script]
  script:
    - docker buildx create --use
    - >
      docker buildx build .
      --provenance=false
      --platform=linux/amd64,linux/arm64
      --build-arg APP_VERSION=${CI_COMMIT_TAG}
      --build-arg V_GOLANG=${V_GOLANG}
      --build-arg V_NODE=${V_NODE}
      --build-arg V_ALPINE=${V_ALPINE}
      --tag ${CURRENT_IMAGE}
      --tag ${LATEST_IMAGE}
      --push
  after_script:
    - !reference [.auth_gitlab, after_script]

cleanup:
  rules: !reference [.rules:deploy, rules]
  stage: cleanup
  script:
    - docker system prune -a -f
    - docker volume prune -a -f

publish:
  rules: !reference [.rules:deploy, rules]
  stage: publish
  script:
    - mkdir -p ~/.ssh
    - cp "$SSH_PRIVATE_KEY" ~/.ssh/bot
    - chmod 600 ~/.ssh/bot
    - ssh-keyscan -H ${SERVER} >> ~/.ssh/known_hosts
    - ssh -i ~/.ssh/bot flohoss@${SERVER} "cd /opt/docker/home && docker compose pull && docker compose up -d"