.gitlab-ci.yml

default:
  image: "archlinux:latest"

stages:
  - lint
  - build
  - test
  - publish

shellcheck:
  stage: lint
  before_script:
    - pacman -Syu --needed --noconfirm shellcheck
  script:
    - shopt -s globstar
    - shellcheck **/*.sh

shfmt:
  stage: lint
  before_script:
    - pacman -Syu --needed --noconfirm shfmt
  script:
    - shopt -s globstar
    - shfmt -i 2 -ci -d **/*.sh

.build:
  stage: build
  before_script:
    - pacman -Syu --needed --noconfirm qemu-headless libisoburn
  script:
    - |
      # If we're building a tagged release, use the tag (without the 'v' prefix) as the
      # BUILD_VERSION. Otherwise, determine a new BUILD_VERSION.
      if [[ -n "$CI_COMMIT_TAG" ]]; then
        echo "BUILD_VERSION=${CI_COMMIT_TAG/v/}" > build.env
      else
        echo "BUILD_VERSION=$(date +%Y%m%d).$CI_JOB_ID" > build.env
      fi
    - export $(< build.env)
    - ./build-host.sh
  after_script:
    - echo "image_size_megabytes{image=\"cloudimg\"} $(du -m output/*cloudimg*qcow2)" > metrics.txt
    - echo "image_size_megabytes{image=\"libvirt\"} $(du -m output/*libvirt*box)" >> metrics.txt
    - echo "image_size_megabytes{image=\"virtualbox\"} $(du -m output/*virtualbox*box)" >> metrics.txt
  artifacts:
    name: "output"
    paths:
      - "output/*"
    expire_in: 2d
    reports:
      metrics: metrics.txt
      dotenv: build.env

build:
  extends: .build
  tags:
    - fast-single-thread
  except:
    - master
    - schedules
    - tags

build:secure:
  extends: .build
  tags:
    - secure
  only:
    - master
    - schedules
    - tags

test-vagrant-boxes-format:
  stage: test
  before_script:
    - pacman -Syu --needed --noconfirm vagrant
  script:
    - vagrant box add output/Arch-Linux-x86_64-virtualbox-*.box --name archlinux-vbox
    - vagrant box add output/Arch-Linux-x86_64-libvirt-*.box --name archlinux-libvirt

test-cloudimg-qemu:
  stage: test
  variables:
    SSHPASS: passw0rd
  before_script:
    - pacman -Syu --needed --noconfirm qemu-headless cdrtools sshpass
  script:
    - |
      cat > user-data <<EOF
      #cloud-config
      password: '${SSHPASS}'
      chpasswd: { expire: False }
      ssh_pwauth: True
      packages:
        - tmux
        - tree
      runcmd:
        - [ echo, 'Install more packages using runcmd.' ]
        - [ pacman, --noconfirm, -Syu, bat ]
        - [ touch, /runcmd_successful ]
      EOF
    - |
      cat > meta-data <<EOF
      instance-id: iid-local01
      local-hostname: cloudimg
      EOF
    - cat user-data meta-data
    - genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data
    - qemu-system-x86_64 -m 512 -net nic -net user,hostfwd=tcp::2222-:22 -drive file=$(ls output/Arch-Linux-x86_64-cloudimg-*.qcow2),if=virtio -drive file=seed.iso,if=virtio -nographic &    
    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 true; do sleep 1; done"
    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 pacman -Q bat tmux tree; do sleep 1; done"
    - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 test -f /runcmd_successful ; do sleep 1; done"

tag_release:
  stage: publish
  tags:
    - secure
  only:
    refs:
      - schedules
    variables:
      - $SCHEDULED_PUBLISH == "TRUE"
  before_script:
    - pacman -Syu --needed --noconfirm httpie
  script:
    - >
        export ASSET_LINKS="{ \"links\": [ \
          { \"name\": \"Vagrant Cloud Release\", \"url\": \"https://app.vagrantup.com/archlinux/boxes/archlinux/versions/$BUILD_VERSION\" }, \
          { \"name\": \"Browse artifacts\", \"url\": \"https://gitlab.archlinux.org/archlinux/arch-boxes/-/jobs/artifacts/v$BUILD_VERSION/browse/output?job=build:secure\" } \
        ]}"
    - http --ignore-stdin "$CI_API_V4_URL/projects/$CI_PROJECT_ID/releases"
        "JOB-TOKEN:$CI_JOB_TOKEN"
        "name=v$BUILD_VERSION"
        "tag_name=v$BUILD_VERSION"
        "ref=$CI_COMMIT_SHA"
        "assets:=$ASSET_LINKS"

publish:
  stage: publish
  tags:
    - secure
  only:
    - tags
  before_script:
    - pacman -Syu --needed --noconfirm vagrant
  script:
    - vagrant cloud auth login --token "${VAGRANT_API_TOKEN}"
    - vagrant cloud auth login --check
    - vagrant cloud box show archlinux/archlinux
    - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" libvirt output/Arch-Linux-x86_64-libvirt-*.box --release -f
    - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" virtualbox output/Arch-Linux-x86_64-virtualbox-*.box --release -f