---
# SPDX-FileCopyrightText: WTF Kooperative eG <https://wtf-eg.de/>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
kind: pipeline
type: docker
name: qa

trigger:
  event:
    - push
    - pull_request
  branch:
    - main

steps:
  - name: reuse
    image: fsfe/reuse:5.0.2-debian@sha256:7928d25ed14a1bc22758d917ebc6aecbb8bcd1a4da7aa748d7179c9011bbfb0b
  - name: lint
    image: node:20.18.1-alpine@sha256:e44837841abf6177b308a7c627c8fd7820c1ae6ed09ffa4d60d700e5fbba1b1a
    commands:
      - npm ci
      - npm run lint -- --no-fix
  - name: audit
    image: node:20.18.1-alpine@sha256:e44837841abf6177b308a7c627c8fd7820c1ae6ed09ffa4d60d700e5fbba1b1a
    commands:
      - npm install -g better-npm-audit
      - better-npm-audit audit --production --level=moderate
  - name: docker-dry-run
    image: plugins/docker:20.18.4@sha256:a8d3d86853c721492213264815f1d00d3ed13f42f5c1855a02f47fa4d5f1e042
    settings:
      registry: git.wtf-eg.de
      repo: git.wtf-eg.de/kompetenzinventar/frontend
      target: ki-frontend
      dry_run: true
    when:
      event:
        - pull_request

---
kind: pipeline
type: docker
name: build

trigger:
  event:
    - push
  branch:
    - main

depends_on:
  - qa

steps:
  - name: docker-publish
    image: plugins/docker:20.18.4@sha256:a8d3d86853c721492213264815f1d00d3ed13f42f5c1855a02f47fa4d5f1e042
    settings:
      registry: git.wtf-eg.de
      repo: git.wtf-eg.de/kompetenzinventar/frontend
      target: ki-frontend
      auto_tag: true
      username:
        from_secret: "docker_username"
      password:
        from_secret: "docker_password"

---
kind: pipeline
type: docker
name: deploy

trigger:
  event:
    - push
  branch:
    - main

depends_on:
  - build

steps:
  - name: deploy-dev
    image: appleboy/drone-ssh:1.7.5@sha256:995677e073454912f26d4c0fdd2f9df2e1f5a30d6603d3f2ece667311b6babb3
    settings:
      host:
        - dev01.wtf-eg.net
      username: drone_deployment
      key:
        from_secret: "dev01_deployment_key"
      command_timeout: 2m
      script:
        - echo "Executing forced command..."

---
kind: pipeline
type: docker
name: tag-release

trigger:
  event:
    - tag

steps:
  - name: reuse
    image: fsfe/reuse:5.0.2-debian@sha256:7928d25ed14a1bc22758d917ebc6aecbb8bcd1a4da7aa748d7179c9011bbfb0b
  - name: lint
    image: node:20.18.1-alpine@sha256:e44837841abf6177b308a7c627c8fd7820c1ae6ed09ffa4d60d700e5fbba1b1a
    commands:
      - npm ci
      - npm run lint -- --no-fix
  - name: docker-publish
    image: plugins/docker:20.18.4@sha256:a8d3d86853c721492213264815f1d00d3ed13f42f5c1855a02f47fa4d5f1e042
    settings:
      registry: git.wtf-eg.de
      repo: git.wtf-eg.de/kompetenzinventar/frontend
      target: ki-frontend
      auto_tag: true
      username:
        from_secret: "docker_username"
      password:
        from_secret: "docker_password"