image: node:16

npm:
  stage: build
  artifacts:
    paths:
      - dist
    expire_in: 1 week
  cache:
    - key:
        files:
          - package.json
      paths:
        - node_modules
        - package-lock.json
      policy: pull-push
    - key: $CI_PIPELINE_ID
      paths:
        - dist
      policy: push
  script:
    - npm i
    - npm run build
  rules:
    - if: $CI_COMMIT_BRANCH

audit:
  stage: test
  cache:
    - key:
        files:
          - package.json
      paths:
        - node_modules
      policy: pull
  script:
    - AUDIT=$(npm audit)
    - echo "vulnerabilities_high $(echo $AUDIT | grep -oE '[0-9]+ high' | grep -oE '[0-9]+' || echo 0)" > metrics.txt
    - echo "vulnerabilities_medium $(echo $AUDIT | grep -oE '[0-9]+ moderate' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt
    - echo "vulnerabilities_low $(echo $AUDIT | grep -oE '[0-9]+ low' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt
    - echo "$AUDIT"
  artifacts:
    reports:
      metrics: metrics.txt
  rules:
    - if: $CI_COMMIT_BRANCH

registry:
  stage: deploy
  image: docker
  cache:
    - key: $CI_PIPELINE_ID
      paths:
        - dist
      policy: pull
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - TAG=$([ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ] && echo "latest" || echo "$CI_COMMIT_BRANCH" | sed -E "s/[_/]/-/g")
    - docker build --no-cache -t "$CI_REGISTRY_IMAGE:$TAG" .
    - docker push "$CI_REGISTRY_IMAGE:$TAG"
  rules:
    - if: $CI_COMMIT_BRANCH

tag:
  stage: deploy
  image:
    name: alpine/git
    entrypoint: [ "" ]
  cache: [ ]
  before_script:
    - git remote set-url origin "https://Tagger:$DEPLOY_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git"
  script:
    - VERSION=$(cat package.json | grep version | grep -Eo ':.+' | grep -Eo '[[:alnum:]\.\/\-]+')
    - git tag -f $VERSION $CI_COMMIT_SHA
    - git push -f origin $VERSION
  rules:
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
  allow_failure: true