.gitlab-ci.yml

# SPDX-FileCopyrightText: 2017-2023 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only
variables:
  LANG: "C.UTF-8"

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_OPEN_MERGE_REQUESTS
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
    - if: $CI_PIPELINE_SOURCE == "web"
    - if: $CI_PIPELINE_SOURCE == "webide"

lint:
  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/python:3.10-bullseye
  variables:
    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  cache:
    paths:
      - .cache/pip
      - venv/
  before_script:
    - printf '\e[0Ksection_start:%d:%s[collapsed=true]\r\e[0K%s\n' "$(date +%s)" apt 'Install dependencies'
    - apt-get -qq update
    - apt-get -q install --assume-yes libdbus-1-dev libldap2-dev libsasl2-dev
    - python -V  # Print out python version for debugging
    - pip install virtualenv
    - virtualenv venv
    - . venv/bin/activate
    - pip install .[dev]
    - printf '\e[0Ksection_end:%d:%s\r\e[0K\n' "$(date +%s)" apt
  script:
    - flake8
    - isort .
    - mypy

deb:
  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/ubuntu:22.04
  variables:
    DEBIAN_FRONTEND: noninteractive
  before_script:
    - printf '\e[0Ksection_start:%d:%s[collapsed=true]\r\e[0K%s\n' "$(date +%s)" apt 'Install dependencies'
    - apt-get -qq update
    - apt-get -q --assume-yes install build-essential
    - apt-get -q --assume-yes build-dep .
    - printf '\e[0Ksection_end:%d:%s\r\e[0K\n' "$(date +%s)" apt
    - find -exec touch -m -h -c -d "@${SOURCE_DATE_EPOCH:-$(dpkg-parsechangelog -STimestamp)}" {} +
  script: |
    echo src=$(dpkg-parsechangelog -SSource) >.env
    echo ver=$(dpkg-parsechangelog -SVersion) >>.env
    echo dist=$(dpkg-parsechangelog -SDistribution) >>.env
    . .env
    dpkg-buildpackage --no-sign
    dpkg-genchanges -S -O"${src}_${ver}_source.changes"
    mv ../*univention-domain-join*_*.* .
  artifacts:
    paths:
      - "*univention-domain-join*_*.*"
    reports:
      dotenv: .env

.upload:
  interruptible: no
  variables:
    GIT_STRATEGY: none
  needs:
    - job: lint
      artifacts: false
    - job: deb
  image: docker-registry.knut.univention.de/knut/dput

upload:gitlab:
  extends: .upload
  rules:
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
  script: |
    URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/debian_distributions?codename=${dist}"
    curl --fail --head "$URL" ||
      curl --fail --request POST --user "PRIVATE-TOKEN:${CI_JOB_TOKEN}" "$URL"
    dput --force gitlab "${src}_${ver}_amd64.changes"

.launchpad:
  extends: .upload
  variables:
    KEY: D523B8FD547C464C9EA89D5B5E9F163B66AA3A17  # Univention Corporate Client archive key <packages@univention.de>
    VAULT_AUTH_ROLE: ubuntu-ppa
  secrets:
    GPG_PRIVATE:
      vault:
        engine:
          name: kv-v2
          path: secret
        path: ucc/pgp/production/key
        field: private
    GPG_SECRET:
      vault:
        engine:
          name: kv-v2
          path: secret
        path: ucc/pgp/production/key
        field: secret
  script:
    - install -o root -g root -m 0755 -d /var/log/apt
    - apt-get -qq update
    - apt-get -q --assume-yes --no-install-recommends install gpg devscripts python3-distro-info
    - gpg --batch --pinentry-mode loopback --passphrase-file "$GPG_SECRET" --import "$GPG_PRIVATE"
    - debsign --no-conf --no-re-sign -p "gpg --batch --pinentry-mode loopback --passphrase-file $GPG_SECRET" -k "$KEY" "${src}_${ver}_source.changes"
    - dput "ppa:$PPA" "${src}_${ver}_source.changes"

upload:testing:
  extends: .launchpad
  rules:
    - if: $CI_PIPELINE_SOURCE == "push"
      changes:
        - debian/changelog
  variables:
    PPA: univention-dev/testing

upload:public:
  extends: .launchpad
  rules:
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
      changes:
        - debian/changelog
      when: manual
  variables:
    PPA: univention-dev/ppa