.gitlab-ci.yml

image: quay.io/tike/alpine-oc-java-17

variables:
  MAVEN_OPTS: "-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository"

cache:
  paths:
    - .m2/repository

# Define the stages
stages:
  - clean-cache
  - test
  - build
  - dependency-check
  - sonarqube-check
  - deploy

clean-cache:
  stage: clean-cache
  tags:
    - ohtu-build-4
  script:
    - echo "Clearing Maven repository cache."
    - rm -rf $CI_PROJECT_DIR/.m2/repository

# Define the process for each stage

test :
  stage: test
  tags:
    - ohtu-build-3
  script:
    - mvn test
    - cat target/site/jacoco/index.html | grep -o 'Total[^%]*%'
  coverage: "/Total.*?([0-9]{1,3})%/"
  artifacts:
    paths:
      - target/site/jacoco
    expire_in: 1 week

# Dependency-Check Stage
dependency-check:
  stage: dependency-check
  only:
    - main
  tags:
    - ohtu-build-3
  image:
    name: owasp/dependency-check:latest
    entrypoint: [""]
  script:
    - >
      /usr/share/dependency-check/bin/dependency-check.sh
      --project orgrek-ou-service --scan .
      --format JSON --format HTML  -nvdApiKey $NVD_API_KEY
  artifacts:
    when: always
    expire_in: 1 hour
    paths:
      - dependency-check-report.json
      - dependency-check-report.html

sonarqube-check:
  stage: sonarqube-check
  tags:
    - ohtu-build-3
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
  - mvn verify sonar:sonar -Dsonar.projectKey=orgrek-ou-service -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.token=${SONAR_TOKEN} -Dsonar.dependencyCheck.jsonReportPath=dependency-check-report.json -Dsonar.dependencyCheck.htmlReportPath=dependency-check-report.html
  only:
    - main
  needs:
    - job: dependency-check
      artifacts: true

build :
  stage: build
  tags:
    - ohtu-build-3
  script:
    - java -version
    - mvn clean install
  artifacts:
    name: orgrek-ous-build-$CI_BUILD_ID-$CI_BUILD_REF
    paths:
      - target/*.jar


  # Define the process for deploy stage to development environment
deploy_dev:
  stage: deploy
  tags:
    - ohtu-build-3
  environment:
    name: development
  only:
    - main
  except:
    - schedules
  script:
    # set home path for openshift 1001 user
    - export HOME=/home/1001
    # before any action, I connect to the OpenShift server with the appropriate credentials
    - oc login https://$OPENSHIFT_ADDR_TEST:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_TEST
    - oc project organisaatiorekisteri
    # list environment variables here
    - oc set env deploy/organisaatiorekisteri-ou-service-dev URL=$DB_POD_URL_DEV
    - oc set env deploy/organisaatiorekisteri-ou-service-dev PORT=$OU_SERVICE_PORT
    - oc set env deploy/organisaatiorekisteri-ou-service-dev TZ="Europe/Helsinki"
    # start build process
    - oc start-build organisaatiorekisteri-ou-service-dev --from-dir=. --follow
    # patch build config
    - oc patch bc/organisaatiorekisteri-ou-service-dev --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
    - oc patch bc/organisaatiorekisteri-ou-service-dev --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
    # set pod memory quota to 200 MB and limit to 500 MB
    - oc set resources deploy/organisaatiorekisteri-ou-service-dev --limits=memory=500Mi --requests=memory=200Mi


deploy_test:
  stage: deploy
  tags:
    - ohtu-build-3
  except:
    - schedules
  environment:
    name: test
  only:
    - test
  script:
    # set home path for openshift 1001 user
    - export HOME=/home/1001
    # before any action, I connect to the OpenShift server with the appropriate credentials
    - oc login https://$OPENSHIFT_ADDR_TEST:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_TEST
    - oc project organisaatiorekisteri
    # list environment variables here
    - oc set env deploy/organisaatiorekisteri-ou-service-test URL=$DB_POD_URL_TEST
    - oc set env deploy/organisaatiorekisteri-ou-service-test PORT=$OU_SERVICE_PORT
    - oc set env deploy/organisaatiorekisteri-ou-service-test TZ="Europe/Helsinki"
    # start build process
    - oc start-build organisaatiorekisteri-ou-service-test --from-dir=. --follow
    # patch build config
    - oc patch bc/organisaatiorekisteri-ou-service-test --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
    - oc patch bc/organisaatiorekisteri-ou-service-test --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
    # set pod memory quota to 200 MB and limit to 500 MB
    - oc set resources deploy/organisaatiorekisteri-ou-service-test --limits=memory=500Mi --requests=memory=200Mi

deploy_prod:
  stage: deploy
  tags:
    - ohtu-build-3
  except:
    - schedules
  environment:
    name: prod
  only:
    - prod
  script:
    # set home path for openshift 1001 user
    - export HOME=/home/1001
    # before any action, I connect to the OpenShift server with the appropriate credentials
    - oc login https://$OPENSHIFT_ADDR_PROD:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_PROD
    - oc project organisaatiorekisteri
    # list environment variables here
    - oc set env deploy/organisaatiorekisteri-ou-service-prod URL=$DB_POD_URL_PROD
    - oc set env deploy/organisaatiorekisteri-ou-service-prod PORT=$OU_SERVICE_PORT
    - oc set env deploy/organisaatiorekisteri-ou-service-prod TZ="Europe/Helsinki"
    # start build process
    - oc start-build organisaatiorekisteri-ou-service-prod --from-dir=. --follow
    # patch build config
    - oc patch bc/organisaatiorekisteri-ou-service-prod --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
    - oc patch bc/organisaatiorekisteri-ou-service-prod --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
    # set pod memory quota to 200 MB and limit to 500 MB
    - oc set resources deploy/organisaatiorekisteri-ou-service-prod --limits=memory=500Mi --requests=memory=200Mi