kind: pipeline
type: docker
name: check

services:
  - name: postgres
    image: docker.io/library/postgres:17.6
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres

trigger:
  event:
    - push

steps:
  - name: compute cache key
    image: docker.io/library/elixir:1.18.3-otp-27
    commands:
      - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)
      - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key
      # Print cache key for debugging
      - cat .cache_key

  - name: restore-cache
    image: drillster/drone-volume-cache
    settings:
      restore: true
      mount:
        - ./deps
        - ./_build
      ttl: 30
    volumes:
      - name: cache
        path: /cache

  - name: lint
    image: docker.io/library/elixir:1.18.3-otp-27
    commands:
      # Install hex package manager
      - mix local.hex --force
      # Fetch dependencies
      - mix deps.get
      # Check for compilation errors & warnings
      - mix compile --warnings-as-errors
      # Check formatting
      - mix format --check-formatted
      # Security checks
      - mix sobelow --config
      # Check dependencies for known vulnerabilities
      - mix deps.audit
      # Check for dependencies that are not maintained anymore
      - mix hex.audit
      # Provide hints for improving code quality
      - mix credo

  - name: wait_for_postgres
    image: docker.io/library/postgres:17.6
    commands:
      # Wait for postgres to become available
      - |
        for i in {1..20}; do
          if pg_isready -h postgres -U postgres; then
            exit 0
          else
            true
          fi
          sleep 2
        done
        echo "Postgres did not become available, aborting."
        exit 1

  - name: test
    image: docker.io/library/elixir:1.18.3-otp-27
    environment:
      MIX_ENV: test
      TEST_POSTGRES_HOST: postgres
      TEST_POSTGRES_PORT: 5432
    commands:
      # Install hex package manager
      - mix local.hex --force
      # Fetch dependencies
      - mix deps.get
      # Run tests
      - mix test

  - name: rebuild-cache
    image: drillster/drone-volume-cache
    settings:
      rebuild: true
      mount:
        - ./deps
        - ./_build
    volumes:
      - name: cache
        path: /cache

volumes:
  - name: cache
    host:
      path: /tmp/drone_cache

---
kind: pipeline
type: docker
name: build-and-publish

trigger:
  branch:
    - main
  event:
    - push
    - tag

steps:
  - name: build-and-publish-container
    image: plugins/docker
    settings:
      registry: git.local-it.org
      repo: git.local-it.org/local-it/mitgliederverwaltung
      username:
        from_secret: DRONE_REGISTRY_USERNAME
      password:
        from_secret: DRONE_REGISTRY_TOKEN
      auto_tag: true
      auto_tag_suffix: ${DRONE_COMMIT_SHA:0:8}
    when:
      event:
        - tag

  - name: build-and-publish-container-branch
    image: plugins/docker
    settings:
      registry: git.local-it.org
      repo: git.local-it.org/local-it/mitgliederverwaltung
      username:
        from_secret: DRONE_REGISTRY_USERNAME
      password:
        from_secret: DRONE_REGISTRY_TOKEN
      tags:
        - latest
        - ${DRONE_COMMIT_SHA:0:8}
    when:
      event:
        - push

depends_on:
  - check

---
kind: pipeline
type: docker
name: renovate

trigger:
  event:
    - cron
    - custom
  branch:
    - main

environment:
  LOG_LEVEL: debug

steps:
  - name: renovate
    image: renovate/renovate:41.151
    environment:
      RENOVATE_CONFIG_FILE: "renovate_backend_config.js"
      RENOVATE_TOKEN:
        from_secret: RENOVATE_TOKEN
      GITHUB_COM_TOKEN:
        from_secret: GITHUB_COM_TOKEN
    commands:
      # https://github.com/renovatebot/renovate/discussions/15049
      - unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL
      - renovate-config-validator
      - renovate