---
kind: pipeline
name: compliance

platform:
  os: linux
  arch: amd64

trigger:
  event:
    - push
    - tag
    - pull_request

steps:
  - name: deps-frontend
    pull: always
    image: node:14
    commands:
      - make node_modules

  - name: lint-frontend
    image: node:14
    commands:
      - make lint-frontend
    depends_on: [deps-frontend]

  - name: lint-backend
    pull: always
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make lint-backend
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      GOSUMDB: sum.golang.org
      TAGS: bindata sqlite sqlite_unlock_notify

  - name: lint-backend-windows
    pull: always
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make golangci-lint vet
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      GOSUMDB: sum.golang.org
      TAGS: bindata sqlite sqlite_unlock_notify
      GOOS: windows
      GOARCH: amd64

  - name: lint-backend-gogit
    pull: always
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make lint-backend
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      GOSUMDB: sum.golang.org
      TAGS: bindata gogit sqlite sqlite_unlock_notify

  - name: checks-frontend
    image: node:14
    commands:
      - make checks-frontend
    depends_on: [deps-frontend]

  - name: checks-backend
    pull: always
    image: golang:1.16
    commands:
      - make checks-backend
    depends_on: [lint-backend]

  - name: test-frontend
    image: node:14
    commands:
      - make test-frontend
    depends_on: [lint-frontend]

  - name: build-frontend
    image: node:14
    commands:
      - make frontend
    depends_on: [test-frontend]

  - name: build-backend-no-gcc
    pull: always
    image: golang:1.16 # this step is kept as the lowest version of golang that we support
    environment:
      GO111MODULE: on
      GOPROXY: off
    commands:
      - go build -mod=vendor -o gitea_no_gcc # test if build succeeds without the sqlite tag
    depends_on: [checks-backend]

  - name: build-backend-arm64
    image: golang:1.16
    environment:
      GO111MODULE: on
      GOPROXY: off
      GOOS: linux
      GOARCH: arm64
      TAGS: bindata gogit
    commands:
      - make backend # test cross compile
      - rm ./gitea # clean
    depends_on: [checks-backend]

  - name: build-backend-windows
    image: golang:1.16
    environment:
      GO111MODULE: on
      GOPROXY: off
      GOOS: windows
      GOARCH: amd64
      TAGS: bindata gogit
    commands:
      - go build -mod=vendor -o gitea_windows
    depends_on: [checks-backend]

  - name: build-backend-386
    image: golang:1.16
    environment:
      GO111MODULE: on
      GOPROXY: off
      GOOS: linux
      GOARCH: 386
    commands:
      - go build -mod=vendor -o gitea_linux_386 # test if compatible with 32 bit
    depends_on: [checks-backend]

---
kind: pipeline
name: testing-amd64

platform:
  os: linux
  arch: amd64

depends_on:
  - compliance

trigger:
  event:
    - push
    - tag
    - pull_request

services:
  - name: mysql
    image: mysql:5.7
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: yes
      MYSQL_DATABASE: test

  - name: mysql8
    image: mysql:8
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: yes
      MYSQL_DATABASE: testgitea

  - name: mssql
    image: mcr.microsoft.com/mssql/server:latest
    environment:
      ACCEPT_EULA: Y
      MSSQL_PID: Standard
      SA_PASSWORD: MwantsaSecurePassword1

  - name: ldap
    image: gitea/test-openldap:latest

  - name: elasticsearch
    environment:
      discovery.type: single-node
    image: elasticsearch:7.5.0

  - name: minio
    image: minio/minio:RELEASE.2021-03-12T00-00-47Z
    commands:
    - minio server /data
    environment:
      MINIO_ACCESS_KEY: 123456
      MINIO_SECRET_KEY: 12345678

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force
    when:
      event:
        exclude:
          - pull_request

  - name: build
    pull: always
    image: golang:1.16
    commands:
      - make backend
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      GOSUMDB: sum.golang.org
      TAGS: bindata sqlite sqlite_unlock_notify

  - name: tag-pre-condition
    pull: always
    image: drone/git
    commands:
      - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}

  - name: unit-test
    image: golang:1.16
    commands:
      - make unit-test-coverage test-check
    environment:
      GOPROXY: off
      TAGS: bindata sqlite sqlite_unlock_notify
      GITHUB_READ_TOKEN:
        from_secret: github_read_token

  - name: unit-test-gogit
    pull: always
    image: golang:1.16
    commands:
      - make unit-test-coverage test-check
    environment:
      GOPROXY: off
      TAGS: bindata gogit sqlite sqlite_unlock_notify
      GITHUB_READ_TOKEN:
        from_secret: github_read_token

  - name: test-mysql
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make test-mysql-migration integration-test-coverage
    environment:
      GOPROXY: off
      TAGS: bindata
      TEST_LDAP: 1
      USE_REPO_TEST_DIR: 1
      TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"
    depends_on:
      - build

  - name: test-mysql8
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - timeout -s ABRT 40m make test-mysql8-migration test-mysql8
    environment:
      GOPROXY: off
      TAGS: bindata
      TEST_LDAP: 1
      USE_REPO_TEST_DIR: 1
    depends_on:
      - build

  - name: test-mssql
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make test-mssql-migration test-mssql
    environment:
      GOPROXY: off
      TAGS: bindata
      TEST_LDAP: 1
      USE_REPO_TEST_DIR: 1
    depends_on:
      - build

  - name: generate-coverage
    image: golang:1.16
    commands:
      - make coverage
    environment:
      GOPROXY: off
      TAGS: bindata
    depends_on:
      - unit-test
      - test-mysql
    when:
      branch:
        - main
      event:
        - push
        - pull_request

  - name: coverage-codecov
    pull: always
    image: plugins/codecov
    settings:
      files:
        - coverage.all
      token:
        from_secret: codecov_token
    depends_on:
      - generate-coverage
    when:
      branch:
        - main
      event:
        - push
        - pull_request

---
kind: pipeline
name: testing-arm64

platform:
  os: linux
  arch: arm64

depends_on:
  - compliance

trigger:
  event:
    - push
    - tag
    - pull_request

services:
  - name: pgsql
    pull: default
    image: postgres:10
    environment:
      POSTGRES_DB: test
      POSTGRES_PASSWORD: postgres

  - name: ldap
    pull: default
    image: gitea/test-openldap:latest

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force
    when:
      event:
        exclude:
          - pull_request

  - name: build
    pull: always
    image: golang:1.16
    commands:
      - make backend
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      GOSUMDB: sum.golang.org
      TAGS: bindata gogit sqlite sqlite_unlock_notify

  - name: test-sqlite
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    commands:
      - timeout -s ABRT 40m make test-sqlite-migration test-sqlite
    environment:
      GOPROXY: off
      TAGS: bindata gogit sqlite sqlite_unlock_notify
      TEST_TAGS: gogit sqlite sqlite_unlock_notify
      USE_REPO_TEST_DIR: 1
    depends_on:
      - build

  - name: test-pgsql
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    commands:
      - timeout -s ABRT 40m make test-pgsql-migration test-pgsql
    environment:
      GOPROXY: off
      TAGS: bindata gogit
      TEST_TAGS: gogit
      TEST_LDAP: 1
      USE_REPO_TEST_DIR: 1
    depends_on:
      - build

---
kind: pipeline
name: update_translations

platform:
  os: linux
  arch: arm64

trigger:
  branch:
    - main
  event:
    - cron
  cron:
    - update_translations

steps:
  - name: download
    pull: always
    image: jonasfranz/crowdin
    settings:
      download: true
      export_dir: options/locale/
      ignore_branch: true
      project_identifier: gitea
    environment:
      CROWDIN_KEY:
        from_secret: crowdin_key

  - name: update
    pull: default
    image: alpine:3.13
    commands:
      - ./build/update-locales.sh

  - name: push
    pull: always
    image: appleboy/drone-git-push
    settings:
      author_email: "teabot@gitea.io"
      author_name: GiteaBot
      branch: main
      commit: true
      commit_message: "[skip ci] Updated translations via Crowdin"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

  - name: upload_translations
    pull: always
    image: jonasfranz/crowdin
    settings:
      files:
        locale_en-US.ini: options/locale/locale_en-US.ini
      ignore_branch: true
      project_identifier: gitea
    environment:
      CROWDIN_KEY:
        from_secret: crowdin_key

---
kind: pipeline
name: update_gitignore_and_licenses

platform:
  os: linux
  arch: arm64

trigger:
  branch:
    - main
  event:
    - cron
  cron:
    - update_gitignore_and_licenses

steps:
  - name: download
    image: golang:1.16
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore

  - name: push
    pull: always
    image: appleboy/drone-git-push
    settings:
      author_email: "teabot@gitea.io"
      author_name: GiteaBot
      branch: main
      commit: true
      commit_message: "[skip ci] Updated licenses and gitignores "
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

---
kind: pipeline
name: release-latest

platform:
  os: linux
  arch: amd64

workspace:
  base: /source
  path: /

trigger:
  branch:
    - main
    - "release/*"
  event:
    - push

depends_on:
  - testing-amd64
  - testing-arm64

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: static
    pull: always
    image: techknowlogick/xgo:go-1.16.x
    commands:
      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify

  - name: gpg-sign
    pull: always
    image: plugins/gpgsign:1
    settings:
      detach_sign: true
      excludes:
        - "dist/release/*.sha256"
      files:
        - "dist/release/*"
    environment:
      GPGSIGN_KEY:
        from_secret: gpgsign_key
      GPGSIGN_PASSPHRASE:
        from_secret: gpgsign_passphrase

  - name: release-branch
    pull: always
    image: plugins/s3:1
    settings:
      acl: public-read
      bucket: gitea-artifacts
      endpoint: https://storage.gitea.io
      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_BRANCH##release/v}"
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key
    when:
      branch:
        - "release/*"
      event:
        - push

  - name: release-main
    image: plugins/s3:1
    settings:
      acl: public-read
      bucket: gitea-artifacts
      endpoint: https://storage.gitea.io
      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: /gitea/main
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key
    when:
      branch:
        - main
      event:
        - push

---
kind: pipeline
name: release-version

platform:
  os: linux
  arch: amd64

workspace:
  base: /source
  path: /

trigger:
  event:
    - tag

depends_on:
  - testing-arm64
  - testing-amd64

steps:
  - name: fetch-tags
    pull: default
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: static
    pull: always
    image: techknowlogick/xgo:go-1.16.x
    commands:
      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify

  - name: gpg-sign
    pull: always
    image: plugins/gpgsign:1
    settings:
      detach_sign: true
      excludes:
        - "dist/release/*.sha256"
      files:
        - "dist/release/*"
    environment:
      GPGSIGN_KEY:
        from_secret: gpgsign_key
      GPGSIGN_PASSPHRASE:
        from_secret: gpgsign_passphrase

  - name: release-tag
    pull: always
    image: plugins/s3:1
    settings:
      acl: public-read
      bucket: gitea-artifacts
      endpoint: https://storage.gitea.io
      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_TAG##v}"
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key

  - name: github
    pull: always
    image: plugins/github-release:1
    settings:
      files:
        - "dist/release/*"
    environment:
      GITHUB_TOKEN:
        from_secret: github_token

---
kind: pipeline
name: docs

platform:
  os: linux
  arch: arm64

depends_on:
  - compliance

trigger:
  event:
    - push
    - tag
    - pull_request

steps:
  - name: build-docs
    pull: always
    image: plugins/hugo:latest
    commands:
      - apk add --no-cache make bash curl
      - cd docs
      - make trans-copy clean build

  - name: publish-docs
    pull: always
    image: techknowlogick/drone-netlify:latest
    settings:
      path: docs/public/
      site_id: d2260bae-7861-4c02-8646-8f6440b12672
    environment:
      NETLIFY_TOKEN:
        from_secret: netlify_token
    when:
      branch:
        - main
      event:
        - push

---
kind: pipeline
name: docker-linux-amd64-release-version

platform:
  os: linux
  arch: amd64

depends_on:
  - testing-amd64
  - testing-arm64

trigger:
  ref:
  - "refs/tags/**"
  event:
    exclude:
    - cron

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: publish
    pull: always
    image: techknowlogick/drone-docker:latest
    settings:
      auto_tag: true
      auto_tag_suffix: linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
      auto_tag_suffix: linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request

---
kind: pipeline
name: docker-linux-amd64-release

platform:
  os: linux
  arch: amd64

depends_on:
  - testing-amd64
  - testing-arm64

trigger:
  ref:
  - refs/heads/main
  event:
    exclude:
    - cron

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: publish
    pull: always
    image: techknowlogick/drone-docker:latest
    settings:
      auto_tag: false
      tags: dev-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
      tags: dev-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request

---
kind: pipeline
name: docker-linux-arm64-dry-run

platform:
  os: linux
  arch: arm64

depends_on:
  - compliance

trigger:
  ref:
  - "refs/pull/**"

steps:
  - name: dryrun
    pull: always
    image: techknowlogick/drone-docker:latest
    settings:
      dry_run: true
      repo: gitea/gitea
      tags: linux-arm64
      build_args:
        - GOPROXY=off
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        - pull_request

---
kind: pipeline
name: docker-linux-arm64-release-version

platform:
  os: linux
  arch: arm64

depends_on:
  - testing-amd64
  - testing-arm64

trigger:
  ref:
  - "refs/tags/**"
  event:
    exclude:
    - cron

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: publish
    pull: always
    image: techknowlogick/drone-docker:latest
    settings:
      auto_tag: true
      auto_tag_suffix: linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
      auto_tag_suffix: linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request

---
kind: pipeline
name: docker-linux-arm64-release

platform:
  os: linux
  arch: arm64

depends_on:
  - testing-amd64
  - testing-arm64

trigger:
  ref:
  - refs/heads/main
  event:
    exclude:
    - cron

steps:
  - name: fetch-tags
    image: docker:git
    commands:
      - git fetch --tags --force

  - name: publish
    pull: always
    image: techknowlogick/drone-docker:latest
    settings:
      auto_tag: false
      tags: dev-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
      tags: dev-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=off
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
    when:
      event:
        exclude:
        - pull_request
---
kind: pipeline
name: docker-manifest-version

platform:
  os: linux
  arch: amd64

steps:
  - name: manifest-rootless
    pull: always
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      spec: docker/manifest.rootless.tmpl
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username

  - name: manifest
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      spec: docker/manifest.tmpl
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username

trigger:
  ref:
  - "refs/tags/**"
  event:
    exclude:
    - cron

depends_on:
  - docker-linux-amd64-release-version
  - docker-linux-arm64-release-version

---
kind: pipeline
name: docker-manifest

platform:
  os: linux
  arch: amd64

steps:
  - name: manifest-rootless
    pull: always
    image: plugins/manifest
    settings:
      auto_tag: false
      ignore_missing: true
      spec: docker/manifest.rootless.tmpl
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username

  - name: manifest
    image: plugins/manifest
    settings:
      auto_tag: false
      ignore_missing: true
      spec: docker/manifest.tmpl
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username

trigger:
  ref:
  - refs/heads/main
  event:
    exclude:
    - cron

depends_on:
  - docker-linux-amd64-release
  - docker-linux-arm64-release

---
kind: pipeline
name: notifications

platform:
  os: linux
  arch: arm64

clone:
  disable: true

trigger:
  branch:
    - main
    - "release/*"
  event:
    - push
    - tag
  status:
    - success
    - failure

depends_on:
  - testing-amd64
  - testing-arm64
  - release-version
  - release-latest
  - docker-linux-amd64-release
  - docker-linux-arm64-release
  - docker-linux-amd64-release-version
  - docker-linux-arm64-release-version
  - docker-manifest
  - docker-manifest-version
  - docs

steps:
  - name: discord
    pull: always
    image: appleboy/drone-discord:1.2.4
    settings:
      message: "{{#success build.status}} āœ…  Build #{{build.number}} of `{{repo.name}}` succeeded.\n\nšŸ“ Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\nšŸŒ {{ build.link }} {{else}} āŒ  Build #{{build.number}} of `{{repo.name}}` failed.\n\nšŸ“ Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\nšŸŒ {{ build.link }} {{/success}}\n"
      webhook_id:
        from_secret: discord_webhook_id
      webhook_token:
        from_secret: discord_webhook_token