.gitlab-ci.yml

# 2019 © PostgresAI
#
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings

include:
  - template: Security/SAST.gitlab-ci.yml

image: docker:20.10.12

stages:
  - validate
  - prepare_image
  - deploy
  - test

variables:
  GIT_SUBMODULE_STRATEGY: recursive # Ensure .cursor submodule is initialized
  ENV: "local" # Should be overwritten by environment template.
  NAMESPACE: "default" # Should be overwritten by environment template.
  REGISTRY: "gcr.io/postgres-ai/docs"
  TAG_VERSION: "${REGISTRY}:${NAMESPACE}-${CI_PIPELINE_IID}"
  TAG_LATEST: "${REGISTRY}:${NAMESPACE}-latest"
  DOCS_NAME: "docs"

# Validate RSS/Atom feeds before building and deploying
validate_feeds:
  stage: validate
  image: oven/bun:1.3-debian
  before_script:
    # Install xmllint for XML validation and libvips for sharp image processing
    - apt-get update && apt-get install -y --no-install-recommends libxml2-utils jq libvips42
    - bun install --frozen-lockfile
  script:
    - bash .ci/validate-feeds.sh
  artifacts:
    when: on_failure
    paths:
      - build/blog/*.xml
      - build/blog/*.json
    expire_in: 1 week
  only:
    - branches

# Stages templates.
.job_template: &build_and_push_definition
  stage: prepare_image
  cache:
    - key: $CI_COMMIT_REF_SLUG
      paths:
        - .cache
  services:
    - docker:20.10.12-dind
  script:
    - source "./deploy/configs/${ENV}.sh"

    # Login to Google Container Registry.
    - echo $GCP_SERVICE_ACCOUNT | base64 -d > ./key.json
    - docker login -u _json_key --password-stdin https://gcr.io < ./key.json
    - rm -f ./key.json  # Clean up credentials

    # Pull latest image to use it as a cache source.
    # Docker image with `$TAG_LATEST` can be unavailable during the build - it is okay for us -
    # that means we don't have a cache for `docker build` command.
    - docker pull $TAG_LATEST || true

    # Build the image.
    # `--cache-from` arg in `docker build` doesn't have any troubles if
    # passed image tag is unavailable - it will simply ignore it.
    - docker build
      --cache-from $TAG_LATEST
      --tag $TAG_VERSION
      --tag $TAG_LATEST
      --build-arg ARG_URL="${URL}"
      --build-arg ARG_BASE_URL="${BASE_URL}"
      --build-arg ARG_SIGN_IN_URL="${SIGN_IN_URL}"
      --build-arg ARG_BOT_WS_URL="${BOT_WS_URL}"
      --build-arg ARG_API_URL_PREFIX="${API_URL_PREFIX}"
      --build-arg ARG_UMAMI_WEBSITE_ID="${UMAMI_WEBSITE_ID}"
      --build-arg ARG_UMAMI_SCRIPT_URL="${UMAMI_SCRIPT_URL}"
      .

    # Extract cache folders from tmp container to use as cache in GitLab runner.
    - CONTAINER_ID=$(docker create $TAG_VERSION)
    - docker cp $CONTAINER_ID:/docs/node_modules/.cache .
    - docker rm -v $CONTAINER_ID

    # Push the image.
    - docker push $TAG_VERSION
    - docker push $TAG_LATEST

.job_template: &deploy_definition
  stage: deploy
  image: dtzar/helm-kubectl:2.14.1
  script:
    # Substitute env variables in deploy config.
    - bash ./do.sh subs_envs ./deploy/docs.yaml /tmp/deploy.yaml
    # Context (gitlab agent)
    - kubectl config get-contexts
    - kubectl config use-context postgres-ai/docs:k8s-cluster-docs
    # Deploy to k8s cluster.
    - kubectl apply --filename /tmp/deploy.yaml -n $NAMESPACE

# Environments.
.environment_template: &env_production
  environment:
    name: production
    url: https://postgres.ai
  variables:
    ENV: production
    NAMESPACE: production

.environment_template: &env_staging
  environment:
    name: staging
    url: https://v2.postgres.ai
  variables:
    ENV: staging
    NAMESPACE: staging

# Stages with branch policies.
build_and_push_production:
  <<: *build_and_push_definition
  <<: *env_production
  only:
    - master

build_and_push_staging:
  <<: *build_and_push_definition
  <<: *env_staging
  except:
    - master

deploy_production:
  <<: *deploy_definition
  <<: *env_production
  only:
    - master

deploy_staging:
  <<: *deploy_definition
  <<: *env_staging
  when: manual
  except:
    - master