# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- build
- docker
- deploy
variables:
  CI_REGISTRY_IMAGE: dergeorg
  TAG_LATEST: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest"
build-job:
  image: maven:3.6.3-jdk-11-slim
  stage: build
  script:
  - mvn clean install && mvn package -B -e
  - export
  artifacts:
    paths:
    - target/*.jar
publish-job:
  image: docker:latest
  stage: docker
  services:
  - docker:19.03-dind
  script:
  - docker build -t $TAG_LATEST .
  - docker login -u $DOCKER_USER -p $DOCKER_PW
  - docker push $TAG_LATEST
deploy-job:
  image: alpine:latest
  stage: deploy
  tags:
  - deployment
  before_script:
  - command -v ssh-agent >/dev/null || ( apk add --update openssh )
  - eval $(ssh-agent -s)
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan $SERVER_IP >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  script:
  - ssh $SSH_USER@$SERVER_IP "docker login -u $DOCKER_USER -p $DOCKER_PW"
  - ssh $SSH_USER@$SERVER_IP "docker pull $TAG_LATEST"
  - ssh $SSH_USER@$SERVER_IP "docker container rm -f my-app || true"
  - ssh $SSH_USER@$SERVER_IP "docker run -d -p $SERVER_IP:8888:8080 --name my-app
    $TAG_LATEST"
include:
- template: Security/Secret-Detection.gitlab-ci.yml