stages:
  - compiling
  - assembling
#  - testing
#  - signing
#  - packaging
#  - publishing

image: ubuntu:20.10

Compile:
  stage: compiling
  script:
    - apt update
    - DEBIAN_FRONTEND="noninteractive" apt install -y npm
    - make dev-setup
    - make build-js

Assemble:
  stage: assembling
  script:
    - wget https://github.com/ChristophWurst/krankerl/releases/download/v0.12.3/krankerl_0.12.3_amd64.deb
    - sudo dpkg -i krankerl_0.12.3_amd64.deb
    - krankerl package

PHPUnit:
  stage: testing
  script:
    - npm run phpunit
  artifacts:
    paths:
      - ./passwords

Sign:
  stage: signing
  script:
    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
    - echo $SIGN_KEY | tr " " "\n" >> sign.key
    - echo "-----END PRIVATE KEY-----" >> sign.key
    - echo "-----BEGIN CERTIFICATE-----" > sign.crt
    - echo $SIGN_CRT | tr " " "\n" >> sign.crt
    - echo "-----END CERTIFICATE-----" >> sign.crt
    - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=$(pwd)/sign.key --certificate=$(pwd)/sign.crt
    - rm sign.key sign.crt
  artifacts:
    paths:
      - ./passwords
  only:
    - testing
    - stable

Pack:
  stage: packaging
  script:
    - tar -zcf passwords.tar.gz passwords
    - echo "export JOB_ID=\"${CI_JOB_ID}\"" > job.id
  artifacts:
    paths:
      - ./passwords.tar.gz
      - job.id
  only:
  - testing
  - stable

Publish Nightly:
  stage: publishing
  script:
    - source job.id
    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
    - echo $SIGN_KEY | tr " " "\n" >> sign.key
    - echo "-----END PRIVATE KEY-----" >> sign.key
    - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
    - rm sign.key
    - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"'
  environment:
    name: Testing
  only:
  - testing

Publish Stable:
  stage: publishing
  script:
    - source job.id
    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
    - echo $SIGN_KEY | tr " " "\n" >> sign.key
    - echo "-----END PRIVATE KEY-----" >> sign.key
    - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
    - rm sign.key
    - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"'
  environment:
    name: Stable
  only:
  - stable