stages:
  - build
  - release
  - deploy
  
variables:
  DOCKER_DRIVER: overlay2
  IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
  # IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
  RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
  
before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  - mkdir -p .ci_status

.dedicated-builder: &dedicated-builder
  tags:
    - build1-shell


.dedicated-runner: &dedicated-runner
  tags:
    - runner1-prod-shell

vault_wrap_build:
  <<: *dedicated-builder
  stage: build
  script:
    - DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml build vault-wrap
    - docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
    - docker push $IMAGE_PATH/vault-wrap:dev
    - touch .ci_status/vault_wrap_build
  only:
    refs:
      - main
    changes:
      - vault-wrap.go
      - Dockerfile
      - entrypoint.sh
      - docker-compose.yml
      - .gitlab-ci.yml
  artifacts:
    paths:
      - .ci_status/

# --------------- RELEASE STAGE -------------#
vault_wrap_release:
  <<: *dedicated-builder
  stage: release
  script:
    - if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
  artifacts:
    paths:
      - .ci_status/
  only:
    refs:
      - main


#-------------- DEPLOY STAGE ------------------#
vault_wrap_deploy:
  <<: *dedicated-runner
  stage: deploy
  script:
    - docker volume create vault-wrap_vault-wrap-conf
    - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
    - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
    # -cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
    # - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
    - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
    - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
    - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
  only:
    refs:
      - main

# traefik_deploy:
  # <<: *dedicated-runner
  # stage: deploy
  # script:
    # - mkdir -p /home/gitlab-runner/traefik
    # - docker volume create vault-wrap_traefik-ssl
    # - docker volume create  vault-wrap_traefik-dynamic-conf
    # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
    # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
    # - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
    # - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
    # - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
    # - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
    # - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
  # only:
    # refs:
      # - main