stages:
  - build
  - scan

variables:
  ECR_IMAGE_TAG: "${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent:${CI_COMMIT_SHORT_SHA}"
  DOIT_REGISTRY_IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG

before_script:
  - apk update && apk add groff less && apk add py3-pip
  - pip3 install awscli
  - $(aws ecr get-login --no-include-email --region us-east-1)
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

after_script:
  - docker logout "$AWS_ACCOUNT_ID".dkr.ecr.us-east-1.amazonaws.com

image: docker:latest

build-master:
  stage: build
  tags:
    - docker
  script:
    - docker build --pull --rm -t ${DOIT_REGISTRY_IMAGE_TAG} .
    - docker tag ${DOIT_REGISTRY_IMAGE_TAG} ${ECR_IMAGE_TAG}
    - docker push ${DOIT_REGISTRY_IMAGE_TAG}
    - docker push ${ECR_IMAGE_TAG}
  only:
    refs:
      - master
    changes:
      - Dockerfile
      - .gitlab-ci.yml
      - run-agent.sh

include:
  - project: interop/checkqualys
    file: templates/.check-qualys-job.yml

image_scan:
  stage: scan
  extends: qualys_scan
  variables:
    CI_TOKEN: $CI_TOKEN
    DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
      changes:
      - Dockerfile
      - .gitlab-ci.yml
      - run-agent.sh
      when: on_success
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "schedule"
      when: always
  allow_failure: false