stages:
  - build
  - scan

variables:
  ECR_IMAGE_TAG: "${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent:${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
  DOIT_REGISTRY_IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA

before_script:
  - apk update && apk add groff less && apk add unzip && apk add curl
  - apk add aws-cli
  - aws ecr get-login-password --region us-east-1 | docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

after_script:
  - docker logout "$AWS_ACCOUNT_ID".dkr.ecr.us-east-1.amazonaws.com

image: docker:latest

build-master:
  stage: build
  tags:
    - docker
  script:
    - docker build --pull --rm -t ${DOIT_REGISTRY_IMAGE_TAG} .
    - docker tag ${DOIT_REGISTRY_IMAGE_TAG} ${ECR_IMAGE_TAG}
    - docker push ${DOIT_REGISTRY_IMAGE_TAG}
    - docker push ${ECR_IMAGE_TAG}
  only:
    changes:
      - Dockerfile
      - .gitlab-ci.yml
      - run-agent.sh
      - drivers/*

include:
  - project: interop/checkqualys
    file: templates/.check-qualys-job.yml

image_scan:
  stage: scan
  extends: qualys_scan
  variables:
    CI_TOKEN: $CI_TOKEN
    DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
  when: on_success
  allow_failure: true
  only:
    changes:
      - Dockerfile
      - .gitlab-ci.yml
      - run-agent.sh