MSE-CyberSec-DevSecOps/.gitlab-ci.yml

variables:
  DOCKER_IMAGE: registry.forge.hefr.ch/klagarge/mse2425-grp09/python-pdm:latest

default:
  image: $DOCKER_IMAGE

stages:
  - build-docker
  - lint
  - test
  - dast job

.setup_env: &setup_env
  before_script:
    - cd src
    - cp -r /app/__pypackages__ .
    - export "PYTHONPATH=/builds/Klagarge/mse2425-grp09/src:/builds/Klagarge/mse2425-grp09/src/__pypackages__/3.9/lib"
    - export "PATH=/builds/Klagarge/mse2425-grp09/src/__pypackages__/3.9/bin:$PATH"
    - export "FLASK_APP=app"

test job:
  stage: test
  <<: *setup_env
  script:
    # Set environment variables for the tests
    - export FLASK_SECRET_KEY=$FLASK_SECRET_KEY

    # launch tests
    - pdm run pytest tests --cov --cov-report term --cov-report html

  artifacts:
    paths:
      - src/htmlcov/

lint job:
  stage: lint
  <<: *setup_env
  dependencies: []
  script:
    - pdm run flake8 --config=../tox.ini
  allow_failure: true # Linter can fail, fixing it is for now outside of the projects scope

pages:
  stage: test
  dependencies:
    - test job
  needs: ["test job"]
  script:
    - mv src/htmlcov/ public/
  artifacts:
    paths:
      - public
    expire_in: 7 days
  only:
    - main

# This job runs only when Dockerfile changes
docker-build:
  image: docker:latest
  stage: build-docker
  services:
    - docker:dind
  script:
    - docker build -t $DOCKER_IMAGE -f Dockerfile .
    - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
    - docker push $DOCKER_IMAGE
  rules:
    - if: $GITLAB_CI == 'false' # Only run in GitLab CI
      when: never
    - changes:
        - Dockerfile
        - src/pyproject.toml
        - src/pdm.lock


include:
  - template: Jobs/SAST.gitlab-ci.yml
  - template: DAST.gitlab-ci.yml

dast:
  stage: dast job
  dast_configuration:
    site_profile: "dast-site-profile-devsecops-mse"
    scanner_profile: "dast-scanner-profile-devsecops-mse"