---
workflow:
  rules:
    # for default branch (pushes, merges, etc.)
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    # for all merge requests
    - if: '$CI_MERGE_REQUEST_IID'
    # for all tags
    - if: '$CI_COMMIT_TAG'

.ruby: &ruby
  variables:
    LANG: "C.UTF-8"
  before_script:
    - ruby -v                                   # Print out ruby version for debugging
    - bundle config set --local deployment true
    - bundle install -j $(nproc)                # Install dependencies into ./vendor/ruby
  parallel:
    matrix:
      - RUBY_VERSION: ['3.0', '3.1', '3.2']
  image: "ruby:$RUBY_VERSION"
  cache:
    paths:
      - vendor/ruby
    key: 'ruby$RUBY_VERSION'

rspec:
  extends: .ruby
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
  script:
    - bundle exec rake update_assets
    - bundle exec rake spec
  artifacts:
    reports:
      junit: rspec.xml
      coverage_report:
        path: coverage/coverage.xml
        coverage_format: cobertura

gem:
  extends: .ruby
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
  script:
    - bundle exec rake install
  artifacts:
    paths:
      - pkg/*.gem

rubocop:
  extends: .ruby
  script:
    - bundle exec rake rubocop

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Code-Quality.gitlab-ci.yml
  - project: 'gitlab-org/quality/pipeline-common'
    file:
      - '/ci/gem-release.yml'
      - '/ci/danger-review.yml'

secret_detection:
  rules:
    - if: $SECRET_DETECTION_DISABLED
      when: never
    # for default branch (pushes, merges, etc.)
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    # for all merge requests
    - if: '$CI_MERGE_REQUEST_IID'
    - if: $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train" # specific
      when: never
  needs: []
  dependencies: [] # Don't download artifacts

update-changelog:
  stage: deploy
  image: ruby:3.0
  rules:
    - if: '$GITLAB_API_TOKEN == null'
      when: never
    - changes: ["CHANGELOG.md"]
      when: never
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      changes: ["lib/**/version.rb"]
  variables:
    GEMSPEC_FILE: "${CI_PROJECT_NAME}.gemspec"
  script:
    - |
      version=$(ruby -e "print Gem::Specification.load('${GEMSPEC_FILE}').version")
      [ -n "${version}" ] || (echo "VERSION could not be parsed in ${GEMSPEC_FILE}!" && exit 1)
    - 'curl --fail --request POST --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/repository/changelog?version=${version}&branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}"'