.disabled_not_a_job_include:
- template: Security/SAST.gitlab-ci.yml

variables:
  CI_HAWK_ARTIFACT_NAME: "BizHawk_devbuild_${CI_COMMIT_SHORT_SHA}"
  CI_HAWK_ARTIFACT_NAME_TAR: "$CI_HAWK_ARTIFACT_NAME.tar"
  CI_HAWK_TMPARTIFACT_NAME: "BizHawk_tempbuild_${CI_COMMIT_REF_SLUG}_${CI_COMMIT_SHORT_SHA}"

workflow:
  auto_cancel:
    on_job_failure: all

stages:
- build
- test
- package

.with_cachix_mono:
  before_script:
  - nix-env -iA nixpkgs.cachix
  - cachix use $CACHIX_CACHE_NAME
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/nixos/nix:latest
  variables:
    CACHIX_CACHE_NAME: mono-for-bizhawk

build_asms_debug:
  artifacts:
    expire_in: "30 minutes"
    name: "$CI_HAWK_TMPARTIFACT_NAME"
    paths:
      - output
  image: mcr.microsoft.com/dotnet/sdk:8.0
  script:
    - Dist/BuildDebug.sh -v normal
  stage: build

build_asms_release:
  artifacts:
    expire_in: "30 minutes"
    name: "$CI_HAWK_TMPARTIFACT_NAME"
    paths:
    - output
  image: mcr.microsoft.com/dotnet/sdk:8.0
  script:
  - if [ "$CI_COMMIT_REF_SLUG" == "release" ]; then Dist/UpdateVersionInfoForRelease.sh; fi
  - Dist/BuildRelease.sh -v normal
  stage: build

build_ext_projs:
  allow_failure: true
  image: mcr.microsoft.com/dotnet/sdk:8.0
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
  script:
  - for d in $CI_PROJECT_DIR/ExternalProjects/*; do if [ -e "$d/build_release.sh" -a "$(find "$d" -maxdepth 1 -name '*.csproj' -print -quit)" ]; then cd "$d"; ./build_release.sh -v normal || exit $?; fi; done
  stage: test

build_ext_tools:
  allow_failure: true
  image: mcr.microsoft.com/dotnet/sdk:8.0
  needs:
  - build_asms_release
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
  script:
  - for d in $CI_PROJECT_DIR/ExternalToolProjects/*; do if [ -d "$d" ]; then cd "$d" && ./build_release.sh -v normal; fi; done
  stage: test

build_nix_master:
# extends: .with_cachix_mono
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/nixos/nix:latest
  needs: []
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
  script:
  - nix-build --pure -A emuhawk
  stage: test

build_nix_prev_release:
# extends: .with_cachix_mono
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/nixos/nix:latest
  needs: []
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
  script:
  - nix-build --pure -A emuhawk-latest
  stage: test

check_style:
  image: mcr.microsoft.com/dotnet/sdk:8.0
  needs:
  - job: build_asms_release
    artifacts: false
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
    allow_failure: true
  - if: $BIZHAWKBUILD_USE_ANALYZERS != null
    when: always
    allow_failure: false
  script:
  - Dist/BuildRelease.sh -v normal -p:RunAnalyzersDuringBuild=true
  stage: test

.disabled_job_infersharp:
  artifacts:
    paths:
    - infer-out/*
  image: mcr.microsoft.com/infersharp:v1.0
  needs:
  - job: build_asms_release
  rules:
  - if: '$CI_PIPELINE_SOURCE == "schedule"'
    when: always
  script:
  - mkdir "infer-in"
  - find output -name "BizHawk.*.dll" -exec cp "{}" "infer-in" \;
  - cp "output/EmuHawk.exe" "infer-in"
  - /app/run_infersharp.sh "infer-in"
  stage: test

.package_linux_x64:
  artifacts:
    expire_in: "1 month"
    name: "$CI_HAWK_ARTIFACT_NAME"
    paths:
    - "$CI_HAWK_ARTIFACT_NAME_TAR"
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine:latest
  needs:
  - build_asms_release
  - job: build_asms_debug
    artifacts: false
  script:
  - Dist/Package.sh 'linux-x64'
  - cd packaged_output
  - tar -cf "../$CI_HAWK_ARTIFACT_NAME_TAR" *
  stage: package

.package_windows_x64:
  artifacts:
    expire_in: "1 month"
    name: "$CI_HAWK_ARTIFACT_NAME"
    paths:
    - ./*
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine:latest
  needs:
  - build_asms_release
  - job: build_asms_debug
    artifacts: false
  script:
  - Dist/Package.sh 'windows-x64'
    # now we replace $CI_PROJECT_DIR with $CI_PROJECT_DIR/packaged_output, so that the archival step will put everything at the top level
  - mv packaged_output ..
  - cd ..
  - rm -fr $CI_PROJECT_DIR
  - mv packaged_output $CI_PROJECT_DIR
  stage: package

package_devbuild_linux:
  extends: .package_linux_x64
  rules:
  - if: $CI_COMMIT_REF_SLUG == "master"
    when: always

package_devbuild_windows:
  extends: .package_windows_x64
  rules:
  - if: $CI_COMMIT_REF_SLUG == "master"
    when: always

package_release_linux:
  extends: .package_linux_x64
  rules:
  - if: $CI_COMMIT_REF_SLUG == "release"
    when: always
  variables:
    CI_HAWK_ARTIFACT_NAME: "BizHawk-VERSIONHERE-linux-x64.tar" # .zip is added automatically
    CI_HAWK_ARTIFACT_NAME_TAR: "BizHawk-linux-x64-$CI_COMMIT_SHORT_SHA.tar"

package_release_windows:
  extends: .package_windows_x64
  rules:
  - if: $CI_COMMIT_REF_SLUG == "release"
    when: always
  variables:
    CI_HAWK_ARTIFACT_NAME: "BizHawk-VERSIONHERE-win-x64"

run_tests:
  artifacts:
    paths:
    - test_output/*.coverage.xml
    reports:
      junit:
      - test_output/*.coverage.xml
  image: mcr.microsoft.com/dotnet/sdk:8.0
  needs:
  - job: build_asms_release
    artifacts: false
  script:
  - Dist/BuildTestRelease.sh -v normal -p:TestProjTargetFrameworkOverride=net8.0
  stage: test

.disabled_job_sast:
  variables:
    SAST_EXCLUDED_ANALYZERS: bandit, brakeman, eslint, flawfinder, gosec, kubesec, nodejs-scan, phpcs-security-audit, pmd-apex, sobelow, spotbugs
  stage: test

.disabled_not_a_job_cache:
  key: "$CI_COMMIT_REF_SLUG"
  paths:
  - $HOME/.nuget/packages # probably won't work; set NUGET_PACKAGES to `BizHawk_master/.nuget_packages` and cache that