.gitlab-ci.yml

image: docker:latest

services:
  - docker:dind

variables:
  DOCKER_HOST: tcp://docker:2375/
  DOCKER_DRIVER: overlay2
  IMAGE_NAME: taxied
  AWS_DEFAULT_REGION: us-west-2
  AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID
  AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
  AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
  # SONAR_URL: $SONAR_URL
  # SONAR_LOGIN: $SONAR_LOGIN

stages:
  - build
  - test
  - scan
  - deploy

build:
  stage: build
  script:
    - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
    - docker build -t $CI_REGISTRY_IMAGE .
    - echo $CI_REGISTRY_IMAGE
    - docker push $CI_REGISTRY_IMAGE
  only:
    - production

pyest:
  stage: test
  script:
    - docker pull $CI_REGISTRY_IMAGE
    - docker run $CI_REGISTRY_IMAGE pytest
  only:
    - production

# sonarqube:
#     stage: test
#     script:
#         - sonar-scanner -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_LOGIN

trivy:
  stage: scan
  script:
    - docker pull $CI_REGISTRY_IMAGE
    - docker pull aquasec/trivy
    - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image --severity CRITICAL $CI_REGISTRY_IMAGE
  only:
    - production

aws-ecr:
  stage: deploy
  before_script:
    - apk add --no-cache python3 py3-pip
    - python3 -m venv venv
    - . venv/bin/activate
    - pip install --upgrade pip
    - pip install awscli --upgrade
  script:
    - docker pull registry.gitlab.com/$CI_PROJECT_NAMESPACE/$IMAGE_NAME:latest
    - eval $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION)
    - docker tag $CI_REGISTRY_IMAGE $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_NAME:latest
    - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_NAME:latest
  only:
    - production