---
kind: pipeline
type: docker
name: validation

platform:
  arch: amd64

clone:
  depth: 1

volumes:
  - name: dockersock
    host:
      path: /run/docker.sock

steps:
  - name: Notify Datadog That We Are Starting
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Begin Build: ${DRONE_REPO}"
          text: "Build ${DRONE_BUILD_NUMBER}(${DRONE_COMMIT_LINK})"
          alert_type: "info"
    when:
      ref:
        include:
          - refs/tags/**

  - name: Validate code base and dependencies
    image: dragonheim/golang:latest
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    environment:
      TRIVY_QUIET: true
      TRIVY_LIGHT: true
      TRIVY_FORMAT: table
      TRIVY_IGNORE_UNFIXED: true
      TRIVY_NO_PROGRESS: true
    commands:
      # Populate temporary container with tools / files we will need for building and testing
      - apk add --no-cache zeromq-dev zeromq

      # Format Golang code.  Golang does not really care about formatting, but this standardizes things
      - go fmt ./...

      # Perform basic linting of the Golang code. Ideally this should never be needed, but merges can introduce imcompatabilities.
      - go vet ./...

      # Perform code security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
      - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .

      # Perform code security check of higher level vulnerabilities. This can break the build.
      - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .

      # Build new container image.
      - docker buildx build --platform linux/amd64 --progress plain --build-arg SEMVER="dev" -t "${DRONE_REPO}:dev" -f assets/docker/Dockerfile .

      # Perform image security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
      - trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH "${DRONE_REPO}:dev"

      # Perform image security check of higher level vulnerabilities. This can break the build.
      - trivy image --skip-update --exit-code 1 --severity CRITICAL "${DRONE_REPO}:dev"

  # - name: Create Test Environment
  #   image: dragonheim/terraform:1.0
  #   volumes:
  #     - name: dockersock
  #       path: /var/run/docker.sock
  #   environment:
  #     TRIVY_QUIET: true
  #   commands:
  #     - cd assets/tfenv
  #     - terraform init
  #     - terraform plan

  - name: Test application
    image: "${DRONE_REPO}:dev"
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    commands:
      - echo "running"

  - name: Build and push container
    image: dragonheim/golang:latest
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    when:
      ref:
        include:
          - refs/tags/**
    commands:
      # Build new container image.
      - docker buildx build --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t "${DRONE_REPO}:latest" -f docker/Dockerfile .

      # Perform image security check of higher level vulnerabilities. This can break the build.
      - trivy image --skip-update --exit-code 1 --severity CRITICAL "${DRONE_REPO}:latest"

      # Push new build
      - docker buildx build --push --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t "${DRONE_REPO}:latest" -t "${DRONE_REPO}:${DRONE_SEMVER}" -f docker/Dockerfile .

  - name: Notify Datadog That We Have Completed
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Build failure on amd64"
          text: "Build ${DRONE_BUILD_NUMBER}"
          alert_type: "error"
    when:
      status:
        - failure