# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
image: node:16.13.1
cache:
  paths:
    - ".yarn/cache"
stages:
  - code-quality
  - test
  - build
  - scan

default:
  before_script:
    - yarn install --immutable

Run linter:
  stage: code-quality
  script:
    - yarn types
    - yarn lint:ci
  artifacts:
    reports:
      codequality: gl-codequality.json

Run static analyzer:
  stage: code-quality
  script:
    - yarn types
    - yarn typecheck:ci

Run tests:
  stage: test
  script:
    - yarn test

# TODO: GitlabCI free runners are only for linux - need to investigate for macos and windows artifacts
Build:
  stage: build
  script:
    - yarn compile
    # TODO: Need to publish the built distributable file
  artifacts:
    paths:
      - dist/
    exclude:
      - dist/builder-debug.yml
      - dist/builder-effective-config.yaml

sast:
  variables:
    SAST_EXCLUDED_PATHS: spec, test, tests, tmp, .yarn, node_modules
    SECURE_LOG_LEVEL: error
  stage: scan

include:
  - template: Security/SAST.gitlab-ci.yml
variables:
  SAST_EXCLUDED_ANALYZERS: "semgrep"  # Disabling semgrep since the scan times out in GitlabCI agents