# include:
#   # include the component located in the current project from the current SHA
#   - component: gitlab.com/$CI_PROJECT_PATH/full-pipeline@$CI_COMMIT_SHA
#     inputs:
#       stage: build
#
# stages: [build, test, release]

stages:
  - build

.versions:
  parallel:
    matrix:
      - OPENTOFU_VERSION: '1.6.0'
      - OPENTOFU_VERSION: '1.6.0-rc1'

variables:
  # OpenTofu image build variables:
  DOCKER_DIND_IMAGE: "docker:24.0.7-dind"
  PLATFORMS: linux/amd64,linux/arm64
  BASE_IMAGE: "alpine:3.18.4"
  GITLAB_OPENTOFU_IMAGE_NAME: "$CI_REGISTRY_IMAGE/internal/gitlab-opentofu-$OPENTOFU_VERSION:$CI_COMMIT_SHA"


gitlab-opentofu-image:
  extends: .versions
  stage: build
  services:
    - "$DOCKER_DIND_IMAGE"
  image: "$DOCKER_DIND_IMAGE"
  before_script:
    # See note on the `build terraform` job about this image
    - docker run --rm --privileged tonistiigi/binfmt
    # Registry auth
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
  script:
    - docker buildx create --use
    # NOTE: we disable provenance for now
    # because it causes troubles with the registry and older clients.
    # See
    # - https://gitlab.com/gitlab-org/terraform-images/-/issues/104
    # - https://gitlab.com/gitlab-org/terraform-images/-/merge_requests/184#note_1328485943
    - docker buildx build
      --platform "$PLATFORMS"
      --build-arg BASE_IMAGE=$BASE_IMAGE
      --build-arg OPENTOFU_VERSION=$OPENTOFU_VERSION
      --file Dockerfile
      --tag "$GITLAB_OPENTOFU_IMAGE_NAME"
      --provenance=false
      --push
      .


# Check if `component-job` is added.
# This example job could also test that the included component works as expected.
# You can inspect data generated by the component, use GitLab API endpoints, or third-party tools.
# ensure-job-added:
#   stage: test
#   image: badouralix/curl-jq
#   script:
#     - |
#       route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
#       count=`curl --silent --header "PRIVATE-TOKEN: $API_TOKEN" $route | jq 'map(select(.name | contains("component-job"))) | length'`
#       if [ "$count" != "1" ]; then
#         exit 1
#       fi

# If the pipeline is for a new tag with a semantic version, and all previous jobs succeed,
# create the release.
# create-release:
#   stage: release
#   image: registry.gitlab.com/gitlab-org/release-cli:latest
#   rules:
#     - if: $CI_COMMIT_TAG =~ /\d+/
#   script: echo "Creating release $CI_COMMIT_TAG"
#   release:
#     tag_name: $CI_COMMIT_TAG
#     description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"