default:
  image: "archlinux:latest"

variables:
  PACKER_LOG: 1

stages:
  - lint
  - build
  - publish

shellcheck:
  stage: lint
  before_script:
    - pacman -Syu --needed --noconfirm shellcheck
  script:
    - find . -iname "*.sh" -exec shellcheck {} +

shfmt:
  stage: lint
  before_script:
    - pacman -Syu --needed --noconfirm shfmt
  script:
    - find . -iname "*.sh" -exec shfmt -i 2 -ci -d {} +

validate-packer:
  stage: lint
  before_script:
    - pacman -Syu --needed --noconfirm packer
  script:
    - packer validate -var "iso_checksum_url=https://mirror.pkgbuild.com/iso/latest/sha1sums.txt" -except=vagrant-cloud vagrant.json
    - packer validate cloud.json

# Note: We explicitly need the `ipv6` tag here because otherwise we'd get random
# gpg/pacman-key issues.
build:cloud-qemu:
  stage: build
  tags:
    - ipv6
  before_script:
    - pacman -Syu --needed --noconfirm packer qemu-headless
  script:
    - packer build -except=sign cloud.json
  artifacts:
    name: "qcow2"
    paths:
      - "release/Arch-Linux-x86_64-cloudimg-*.qcow2"
    expire_in: 2d

build:vagrant-qemu:
  stage: build
  tags:
    - ipv6
  before_script:
    - pacman -Syu --needed --noconfirm packer qemu-headless
  script:
    - packer build -only=qemu -except publish vagrant.json

publish:
  stage: publish
  tags:
    - ipv6
    - secure
  before_script:
    - pacman -Syu --needed --noconfirm qemu-headless virtualbox packer
  script:
    - packer build -var "vagrant_cloud_token=$VAGRANT_API_TOKEN" vagrant.json
  only:
    variables:
      - $SCHEDULED_PUBLISH == "TRUE"
  resource_group: vm-build