# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
  - build
  - test
  - quality-assurance
  - quality-assurance-report

sast:
  stage: test

.job-base-template: &job-base-definition
  image: php:8.1-cli

.vendor-install-template: &vendor-install-definition
  before_script:
    - cp .env.test .env
    - apt-get update
    - apt-get install -y zip unzip curl libzip-dev
    - pecl install xdebug
    - docker-php-ext-enable xdebug
    - pecl install zip
    - docker-php-ext-enable zip
    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    - php composer-setup.php
    - php -r "unlink('composer-setup.php');"
    - php composer.phar install -vv --prefer-dist --no-interaction --optimize-autoloader --no-scripts || echo "Composer install fail"
    - curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v2.0.3/local-php-security-checker_2.0.3_linux_amd64 --output /bin/php-security-checker
    - chmod 755 /bin/php-security-checker

.cache-pull-template: &cache-pull-definition
  cache:
    key: "$CI_PROJECT_PATH-php"
    paths:
      - vendor
    policy: pull

create_cache:
  <<: *job-base-definition
  image: php:8.1-cli
  script:
    - php composer.phar --version && php composer.phar install -vv --prefer-dist --no-interaction --optimize-autoloader --no-scripts || echo "Composer install fail"
  cache:
    key: "$CI_PROJECT_PATH-php"
    paths:
      - vendor
  stage: build
  except:
    - main

unit_tests:
  <<: *job-base-definition
  <<: *vendor-install-definition
  <<: *cache-pull-definition
  script:
    - php -dxdebug.mode=coverage vendor/bin/phpunit --colors=never
  coverage: /^\s+Lines:\s+(\d+)\.\d+%/
  artifacts:
    paths:
      - storage/artefacts/coverage/
    expire_in: 1 month
  stage: test
  except:

php-cs-fixer:
  <<: *job-base-definition
  <<: *vendor-install-definition
  <<: *cache-pull-definition
  script:
    - php vendor/bin/php-cs-fixer fix --dry-run --stop-on-violation
  stage: quality-assurance
  except:
    - master

check-security:
  <<: *job-base-definition
  <<: *vendor-install-definition
  <<: *cache-pull-definition
  script:
    - /bin/php-security-checker
  stage: quality-assurance
  except:
    - main

phpstan:
  <<: *job-base-definition
  <<: *vendor-install-definition
  <<: *cache-pull-definition
  script:
    - php -dmemory_limit=512M vendor/bin/phpstan analyse
  stage: quality-assurance
  except:
    - master

eslint:
  image: node:14
  script:
    - npm install && npm run lint
  stage: quality-assurance
  except:
    - master


include:
  - template: Security/SAST.gitlab-ci.yml