.gitlab-ci.yml

services:
  - name: rabbitmq:3.8-management
    alias: rabbitmq

variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  RABBITMQ_HOST: rabbitmq
  RABBITMQ_PORT: 5672
  RABBITMQ_DEFAULT_USER: doclib
  RABBITMQ_DEFAULT_PASS: doclib
  RABBITMQ_DEFAULT_VHOST: "/"


cache:
  paths:
    - .cache/pip
    - venv/

stages:
  - test
  - publish
  - release

default:
  image: registry.gitlab.com/medicines-discovery-catapult/informatics/docker-images/ci/python:3.11
  before_script:
    - pip install -r requirements.txt  

lint:
  stage: test
  script:
    - pylint --rcfile=.pylintrc src
  except:
    refs:
      - main
    variables:
      - $CI_COMMIT_MESSAGE =~ /^Setting version to.*/

test:
  stage: test
  script:
    - pytest --cov-report term:skip-covered --cov=src tests/
  coverage: '/TOTAL.*\s+(\d+%)$/'

publish-stable:
  stage: publish
  script:
    - python setup.py sdist bdist_wheel
    - TWINE_PASSWORD=${CI_JOB_TOKEN} TWINE_USERNAME=gitlab-ci-token python -m twine upload --repository-url ${CI_API_V4_URL}/projects/${REGISTRY_HOST_PROJECT_ID}/packages/pypi dist/*
    - twine upload -u $PYPI_USERNAME -p $PYPI_PASSWORD --repository-url https://upload.pypi.org/legacy/ dist/*
  only:
    refs:
      - tags
    variables:
      - $CI_COMMIT_MESSAGE =~ /^Setting version to.*/

publish-unstable:
  stage: publish
  script:
    - python setup.py sdist bdist_wheel
    - TWINE_PASSWORD=${CI_JOB_TOKEN} TWINE_USERNAME=gitlab-ci-token python -m twine upload --skip-existing --repository-url ${CI_API_V4_URL}/projects/${REGISTRY_HOST_PROJECT_ID}/packages/pypi dist/*
  except:
    refs:
      - main
    variables:
      - $CI_COMMIT_MESSAGE =~ /^Setting version to.*/

release:
  stage: release
  before_script:
    - ''
  script:
    - cictl exec release python
  only:
    - main
  except:
    variables:
      - $CI_COMMIT_MESSAGE =~ /^Setting version to.*/

dependency_scanning:
  stage: test
  before_script:
    - pip install --upgrade pip
    - pip install -r requirements.txt
  allow_failure: false
  inherit:
    default: false

sast:
  stage: test
  before_script:
    - pip install --upgrade pip
    - pip install -r requirements.txt
  allow_failure: false
  inherit:
    default: false

secret_detection:
  stage: test
  allow_failure: false
  inherit:
    default: false

include:
  - template: Jobs/Secret-Detection.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml