include:
    - template: Security/SAST.gitlab-ci.yml

stages:
    - build
    - test
    - release

default:
    image: registry.gitlab.com/dmoonfire/nix-flake-docker:latest

build:
    stage: build
    script:
        - nix develop --command scripts/build.sh
    rules:
        - if: $CI_COMMIT_BRANCH

test:
    stage: test
    script:
        - nix develop --command scripts/test.sh
    artifacts:
        when: always
        paths:
            - ./**/*test-result.xml
            - ./coverage/Cobertura.xml
            - ./coverage/Summary.*
            - ./**/*.nupkg
        reports:
            coverage_report:
                coverage_format: cobertura
                path: ./coverage/Cobertura.xml
            junit:
                - ./**/*test-result.xml

publish:
    stage: release
    before_script:
        # Set it up so we can push the tag
        - project_url=$(echo $CI_PROJECT_URL | sed 's/https:\/\///')
        - git remote set-url origin https://oauth2:$GITLAB_TOKEN@$project_url
    script:
        - nix develop --command scripts/release.sh
    rules:
        - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH