.gitlab-ci.yml

variables:
  CI_DISPOSABLE_ENVIRONMENT: "true"
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://localhost:2375
  DOCKER_TLS_CERTDIR: ""
  GITLAB_ADVANCED_SAST_ENABLED: "true"
  SECURE_LOG_LEVEL: "info"
  SECRET_DETECTION_ENABLED: "true"
  DS_GRADLE_RESOLUTION_POLICY: "none"
  DS_EXCLUDED_PATHS:  "spec, docs, test, tests, tmp, proxy"
  SAST_EXCLUDED_PATHS:  "spec, docs, test, tests, tmp, proxy"

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml

stages:
  - security
  - fmt
  - build
  - test
  - test_long
  - deploy

.base:
  image: xenoky/lwk-builder@sha256:2ae964fa1de82046cd86f4a9997a624a00b91c7374f9ffdc4d23ce117da115a3
  tags:
    - cloud
  retry:
    max: 2
    when:
      - runner_system_failure
      - unknown_failure
      - stuck_or_timeout_failure
  services:
    - docker:27-dind
  before_script:
    - cp /usr/local/cargo/bin/waterfalls /bin/waterfalls_b8818e1


sast:
 stage: security
 needs: []

dependency_scanning:
 stage: security
 needs: []

secret_detection:
  stage: security
  needs: []

build_bindings:
  stage: build
  needs: []
  extends: .base
  script:
    - cargo build --release -p lwk_bindings
  artifacts:
    paths:
      - target/release/liblwk.so
    expire_in: 1 day

fmt_clippy:
  stage: fmt
  needs: []
  extends: .base
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo fmt --check
    - cargo clippy --all-targets -- -D warnings

test_clean:
  stage: test
  needs: []
  image: rust:1.75
  script:
    - cargo build

test_no_default_features:
  stage: test
  needs: []
  extends: .base
  # We need to polish how we feature gate our code
  # However let's do things iteratively rather than all at once
  # TODO: add RUSTFLAGS="-D warnings" to address warnings too
  # TODO: test other crates too
  # TODO: replace cargo build with cargo check --tests
  script:
    - cargo build -p lwk_wollet --no-default-features
  allow_failure: true # TODO: remove once fixed


test_wollet:
  stage: test
  needs: []
  extends: .base
  script:
    - docker pull xenoky/local-jade-emulator:1.0.27
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo test -p lwk_wollet -p lwk_signer

test_jade:
  stage: test
  needs: []
  extends: .base
  variables:
      TMPDIR: ${CI_PROJECT_DIR}  # otherwise issue with the docker
  script:
    - docker pull tulipan81/blind_pin_server:v0.0.7
    - docker pull xenoky/local-jade-emulator:1.0.27
    - cargo test -p lwk_jade

test_ledger:
  stage: test
  needs: []
  extends: .base
  script:
    - cargo test -p lwk_ledger --features asyncr

test_serial:
  stage: test
  needs: []
  extends: .base
  variables:
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo test --no-run --features serial

# run tests for minor crates all together
test_minor:
  stage: test
  needs: []
  extends: .base
  script:
    - cargo test -p lwk_tiny_jrpc -p lwk_app -p lwk_containers -p lwk_common -p lwk_hwi -p lwk_rpc_model -p lwk_signer

test_cli:
  stage: test
  needs: []
  extends: .base
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo test -p lwk_cli

test_simplicity:
  stage: test
  needs: []
  extends: .base
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo test -p lwk_simplicity

unit_tests:
  stage: test
  needs: []
  extends: .base
  script:
    - cargo nextest run --lib --profile unit # ensure unit tests don't take more than a sec each

test_coverage:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  variables:
    RUSTFLAGS: "-C instrument-coverage"
    LLVM_PROFILE_FILE: "coverage-%p-%m.profraw"
    TMPDIR: ${CI_PROJECT_DIR}  # otherwise issue with the docker
    JAVA_OPTS: "-Xmx2g"

  script:
    - docker pull tulipan81/blind_pin_server:v0.0.7
    - docker pull xenoky/local-jade-emulator:1.0.27
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo nextest run --features foreign_bindings,asyncr --profile ci
    - grcov . -s . --binary-path ./target/debug/ -t cobertura --branch --ignore-not-existing --ignore "*cargo*" -o ./target/coverage.xml -p $(pwd)
    - "xmllint --xpath \"concat('Coverage: ', 100 * string(//coverage/@line-rate), ' perc')\" target/coverage.xml"
    - grcov . -s . --binary-path ./target/debug/ -t html --branch --ignore-not-existing --ignore "*cargo*" -o ./target/coverage/ -p $(pwd)
  coverage: '/Coverage: \d+(?:\.\d+)?/'
  artifacts:
    paths:
      - target/coverage.xml
      - target/coverage/
      - target/nextest/ci/junit.xml
    reports:
      coverage_report:
        coverage_format: cobertura
        path: target/coverage.xml
      junit: target/nextest/ci/junit.xml

build_cli:
  stage: test
  needs: []
  extends: .base
  only:
    - master@liquid/lwk
  script:
    - cargo build --release -p lwk_cli
  artifacts:
    paths:
      - target/release/lwk_cli
    when: always
    expire_in: 14 days

audit:
  stage: test
  needs: []
  extends: .base
  script:
    - cargo audit --deny yanked

doc:
  stage: test
  needs: []
  extends: .base
  variables:
    RUSTDOCFLAGS: "-D warnings --cfg docsrs"
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    # - cargo +nightly doc --all-features --no-deps # we can't use --all-features right now because of lightning feature
    - cargo +nightly doc --no-deps -p lwk_app --all-features
    - cargo +nightly doc --no-deps -p lwk_cli --all-features
    - cargo +nightly doc --no-deps -p lwk_common --all-features
    - cargo +nightly doc --no-deps -p lwk_containers --all-features
    - cargo +nightly doc --no-deps -p lwk_hwi --all-features
    - cargo +nightly doc --no-deps -p lwk_jade --all-features
    - cargo +nightly doc --no-deps -p lwk_ledger --all-features
    - cargo +nightly doc --no-deps -p lwk_rpc_model --all-features
    - cargo +nightly doc --no-deps -p lwk_signer --all-features
    - cargo +nightly doc --no-deps -p lwk_test_util --all-features
    - cargo +nightly doc --no-deps -p lwk_tiny_jrpc --all-features
    - cargo +nightly doc --no-deps -p lwk_wasm --all-features
    - cargo +nightly doc --no-deps -p lwk_wollet --all-features
    - cargo +nightly doc --no-deps -p lwk_bindings --features foreign_bindings

examples:
  stage: test
  needs: []
  extends: .base
  script:
    - cargo run --example list_transactions

bindings:
  stage: test
  needs: []
  extends: .base
  variables:
    JAVA_OPTS: "-Xmx2g"
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo test -p lwk_bindings --features foreign_bindings

csharp:
  stage: test
  needs: [build_bindings]
  extends: .base
  script:
    - mkdir csharp
    - cp target/release/liblwk.so csharp/
    - uniffi-bindgen-cs --library csharp/liblwk.so --out-dir csharp
    - sed -i 's#\"lwk\"#\"./liblwk.so\"#g' csharp/lwk.cs # this is an hack, but make it work until we understand how to properly reference the dynamic lib
    - cp lwk_bindings/tests/bindings/list_transactions.cs csharp
    - cp lwk_bindings/tests/test_data/test-dotnet.csproj csharp
    - cd csharp && dotnet run && cd -
    - rm -rf csharp/bin && rm -rf csharp/obj # remove dotnet-build created files
  artifacts:
    paths:
      - csharp

cpp:
  stage: test
  needs: [build_bindings]
  extends: .base
  script:
    - mkdir cpp
    - cp target/release/liblwk.so cpp/
    - uniffi-bindgen-cpp --library cpp/liblwk.so --out-dir cpp
    - cp lwk_bindings/tests/bindings/list_transactions.cpp cpp
    - cd cpp
    - g++ -std=c++20 -L./ -Wl,-rpath,./ -o test list_transactions.cpp lwk.cpp -llwk
    - ./test && cd -
    - rm -rf cpp/test cpp/list_transactions.cpp # cleanup
  artifacts:
    paths:
      - cpp

just:
  stage: test
  needs: []
  extends: .base
  variables:
    JAVA_OPTS: "-Xmx2g"
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - just python-test-bindings
    - just python-test-bindings-simplicity
    - just kotlin # kotlin-android would require cargo-ndk and various targets, tested on github which produce the kotlin package

wasm:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  variables:
    RUSTFLAGS: "--cfg=web_sys_unstable_apis"
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    - cargo check --target wasm32-unknown-unknown -p lwk_common -p lwk_rpc_model -p lwk_containers -p lwk_hwi
    - cargo check --target wasm32-unknown-unknown -p lwk_wollet --no-default-features --features esplora,serial,amp2,amp0
    - cargo check --target wasm32-unknown-unknown -p lwk_signer --no-default-features
    - cargo check --target wasm32-unknown-unknown -p lwk_jade --no-default-features --features asyncr --features serial
    - cargo check --target wasm32-unknown-unknown -p lwk_ledger --no-default-features
    - cargo check --target wasm32-unknown-unknown -p lwk_boltz --no-default-features
    - cd lwk_wasm && CHROMEDRIVER_ARGS="--allowed-ips=127.0.0.1" WASM_BINDGEN_TEST_TIMEOUT=60 wasm-pack test --chrome --headless --features serial && cd -
    - cd lwk_wasm && RUSTFLAGS="--cfg=web_sys_unstable_apis" CARGO_PROFILE_RELEASE_OPT_LEVEL=z wasm-pack build --features serial && cd -
    # testing nodejs package
    - cd lwk_wasm
    - RUSTFLAGS="--cfg=web_sys_unstable_apis" CARGO_PROFILE_RELEASE_OPT_LEVEL=z wasm-pack build --target nodejs --out-dir pkg_node -- --features serial,simplicity
    - sed -i 's/"lwk_wasm"/"lwk_node"/g' pkg_node/package.json
    - cd tests/node
    - npm install
    - npm run test
  artifacts:
    paths:
      - lwk_wasm/pkg

nix:
  stage: test_long
  needs: [fmt_clippy]
  image: xenoky/lwk-nix-builder@sha256:c24c03dce4f0f9ea10614844c29e0cdef0b0bcf80ce68e83da57e820a2049da1
  variables:
      EXP_FEAT: --extra-experimental-features nix-command --extra-experimental-features flakes
      CACHE: --extra-trusted-public-keys nix.casatta.it:HseKZh7436/vKXfZDBHbhr7wwAkzjLwY5BIq+OOrITg= --extra-substituters https://nix.casatta.it
  script:
    - nix $EXP_FEAT $CACHE build .
    - nix $EXP_FEAT $CACHE develop . -c rust-analyzer analysis-stats . 2>log # prints ERROR if there are cyclic deps with dev-deps
    - (! grep ERROR log)

# AMP0 has a closed source backend, so its tests are unreliable, allow them to fail.
# Anyway for MRs/PRs that touch AMP0 code, this must pass.
amp0:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  script:
    - cp ./context/env.sh / && cd / && . ./env.sh && cd -
    # slow amp0 unit tests
    - cargo test -p lwk_wollet slow_amp0 -- --include-ignored
    # bindings
    - cargo test -p lwk_bindings --features foreign_bindings amp0
    # wasm
    - cd lwk_wasm
    - RUSTFLAGS="--cfg=web_sys_unstable_apis" wasm-pack build --dev --target nodejs --out-dir pkg_node -- --features serial
    - sed -i 's/"lwk_wasm"/"lwk_node"/g' pkg_node/package.json
    - cd tests/node
    - npm install
    - node amp0-setup.js
    - node amp0-daily-ops.js
  allow_failure: true

boltz_chain:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  script:
    - cd lwk_boltz
    - git submodule update --init --recursive
    - just regtest-env-start && sleep 15 # explicitly start the env to give more time to bitcoind to start
    - just test-chain
  allow_failure: true

boltz_mrh:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  script:
    - cd lwk_boltz
    - git submodule update --init --recursive
    - just regtest-env-start && sleep 15 # explicitly start the env to give more time to bitcoind to start
    - just test-mrh
  allow_failure: true

boltz_reverse:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  script:
    - cd lwk_boltz
    - git submodule update --init --recursive
    - just regtest-env-start && sleep 15 # explicitly start the env to give more time to bitcoind to start
    - just test-reverse
  allow_failure: true

boltz_submarine:
  stage: test_long
  needs: [fmt_clippy]
  extends: .base
  script:
    - cd lwk_boltz
    - git submodule update --init --recursive
    - just regtest-env-start && sleep 15 # explicitly start the env to give more time to bitcoind to start
    - just test-submarine
  allow_failure: true

# maven credentials and gpg settings
# in runner's ~/.gradle/gradle.properties
publish_to_maven:
  stage: deploy
  tags:
    - m4
  rules:
    - if: '$CI_COMMIT_TAG'
      when: manual
  needs: []
  script:
    - just kotlin-multiplatform
    - cd lwk_bindings/android_bindings
    - ./gradlew publish --no-daemon
  artifacts:
    paths:
      - lwk_bindings/android_bindings/lib/build/libs
      - lwk_bindings/android_bindings/lib/build/outputs
      - lwk_bindings/android_bindings/lib/build/publications
    when: always
    expire_in: 7 days
  allow_failure: true

publish_snapshot_to_maven:
  stage: deploy
  tags:
    - m4
  needs: []
  variables:
    SIMPLICITY: "1"
  rules:
    - if: '$CI_COMMIT_BRANCH == "master"'
      when: on_success
    - when: manual
  script:
    - just kotlin-multiplatform
    - cd lwk_bindings/android_bindings
    - RAW_VERSION=$(grep '^libraryVersion=' gradle.properties | cut -d'=' -f2)
    - BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
    - VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
    - IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"
    - MAJOR=${MAJOR:-0}
    - MINOR=${MINOR:-0}
    - PATCH=${PATCH:-0}
    - NEXT_PATCH=$((PATCH + 1))
    - NEXT_VERSION="${MAJOR}.${MINOR}.${NEXT_PATCH}"
    - GIT_COMMIT=$(git rev-parse --short=8 HEAD)
    - SNAPSHOT_VERSION="${NEXT_VERSION}-SNAPSHOT"
    - SNAPSHOT_VERSION_COMMIT="${NEXT_VERSION}-${GIT_COMMIT}-SNAPSHOT"
    - |
      if [ "$CI_COMMIT_BRANCH" = "master" ]; then
        echo "Publishing snapshot versions ${SNAPSHOT_VERSION}"
        ./gradlew -PlibraryVersion=${SNAPSHOT_VERSION} publish --no-daemon
      fi
      echo "Publishing snapshot version ${SNAPSHOT_VERSION_COMMIT}"
      ./gradlew -PlibraryVersion=${SNAPSHOT_VERSION_COMMIT} publish --no-daemon
  artifacts:
    paths:
      - lwk_bindings/android_bindings/lib/build/libs
      - lwk_bindings/android_bindings/lib/build/outputs
      - lwk_bindings/android_bindings/lib/build/publications
    when: always
    expire_in: 7 days
  allow_failure: true