default:
  image: ruby:<%= RUBY_VERSION %>

stages:
  - lint
  - test
  - deploy

variables:
  RAILS_ENV: test
<%- unless options.api? -%>
  NODE_VERSION: 12.13.1
<%- end -%>
  BUNDLER_VERSION: 2.2.26
<%- if pg? -%>
  POSTGRES_DB: <%= app_name %>
  POSTGRES_PASSWORD: postgres
  DATABASE_URL: "postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/$POSTGRES_DB"
<%- end -%>
<%- if mysql? -%>
  MYSQL_DATABASE: <%= app_name %>
  MYSQL_USER: <%= app_name %>
  MYSQL_PASSWORD: <%= app_name %>
  MYSQL_RANDOM_ROOT_PASSWORD: "true"
  DATABASE_URL: "mysql2://$MYSQL_USER:$MYSQL_PASSWORD@mysql:3306/$MYSQL_DATABASE"
<%- end -%>

.install_ruby_gems: &install_ruby_gems
  - gem install bundler -v ${BUNDLER_VERSION}
  - bundle install --path vendor
<% unless options.api? %>
.install_nodejs: &install_nodejs
  - curl -SLO https://nodejs.org/dist/v$NODE_VERSION/node-v${NODE_VERSION}-linux-x64.tar.xz && tar -xJf node-v${NODE_VERSION}-linux-x64.tar.xz -C /usr/local --strip-components=1;
  - curl -o- -L https://yarnpkg.com/install.sh | bash
  - export PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$PATH
<% end -%>

.common:
  before_script:
    - export LANG=C.UTF-8
    - export LC_ALL=C.UTF-8
    - *install_ruby_gems
  cache:
    key:
      files:
        - Gemfile.lock
<%- unless options.api? -%>
        - yarn.lock
<%- end -%>
    paths:
      - vendor/ruby
<% unless options.api? %>
      - node_modules
<% end -%>

rubocop:
  extends: .common
  stage: lint
  script:
    - bundle exec rubocop
  rules:
    - if: $CI_MERGE_REQUEST_ID

brakeman:
  image: registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2
  stage: lint
  allow_failure: true
  script:
    - /analyzer run
  artifacts:
    reports:
      sast: gl-sast-report.json
  rules:
    - if: $CI_MERGE_REQUEST_ID

bundler-audit:
  extends: .common
  stage: lint
  script:
    - gem install bundler-audit
    - bundle audit --update
    - bundle audit
  rules:
    - if: $CI_MERGE_REQUEST_ID
    - if: $CI_PIPELINE_SOURCE == 'schedule'
  allow_failure: true

bundler-leak:
  extends: .common
  stage: lint
  script:
    - gem install bundler-leak
    - bundle leak check --update
    - bundle leak
  rules:
    - if: $CI_MERGE_REQUEST_ID
    - if: $CI_PIPELINE_SOURCE == 'schedule'
<% unless options.api? %>
yarn-audit:
  extends: .common
  stage: lint
  before_script:
    - *install_nodejs
  script:
    - yarn audit
  rules:
    - if: $CI_MERGE_REQUEST_ID
    - if: $CI_PIPELINE_SOURCE == 'schedule'
  allow_failure: true
<% end -%>

rspec:
  extends: .common
  stage: test
  before_script:
    - *install_ruby_gems
<%- unless options.api? -%>
    - *install_nodejs
    - yarn install
<%- end -%>
  services:
<%- if pg? -%>
    - postgres:12-alpine
<%- end -%>
<%- if mysql? -%>
    - name: mysql:5.7
      command: ['mysqld', '--character-set-server=utf8', '--collation-server=utf8_unicode_ci']
<%- end -%>
  script:
    - bundle exec rake db:migrate
    - bundle exec rspec
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: $CI_MERGE_REQUEST_ID
  artifacts:
    reports:
      cobertura: coverage/coverage.xml