include:
  # Security scanning
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/SAST-IaC.latest.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml

image: maven:3-amazoncorretto-8

variables:
  # This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
  # `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
  MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  # As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
  # when running from the command line.
  # `installAtEnd` and `deployAtEnd`are only effective with recent version of the corresponding plugins.
  MAVEN_CLI_OPTS: "--settings .m2/settings.xml --batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"

# Cache downloaded dependencies and plugins between builds.
# To keep cache across branches add 'key: "$CI_JOB_REF_NAME"'
cache:
  paths:
    - .m2/repository

default:
  tags:
    - aws
    - docker

stages:
  - build
  - test
  - deploy

build_jar:
  stage: build
  cache:
    paths:
      - .m2/repository
  script:
    - mvn $MAVEN_CLI_OPTS clean verify
  artifacts:
    paths:
      - .m2/
      - "*/target"
    expire_in: 1 week

secret_detection:
  needs: []

semgrep-sast:
  needs: []

gemnasium-maven-dependency_scanning:
  variables:
    DS_JAVA_VERSION: 8
  needs:
    - build_jar

spotbugs-sast:
  tags:
  needs:
    - build_jar
  variables:
    SAST_JAVA_VERSION: 8
    MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository
    COMPILE: "false"

deploy:
  stage: deploy
  only:
    - trunk
  script:
    - env
    - mvn $MAVEN_CLI_OPTS deploy -Pdeploy -X