image: registry.gitlab.com/fdroid/fdroidserver:buildserver-bullseye

stages:
  - lint
  - test
  - deploy

# only create a pipeline if it is a merge request, not for plain
# branches, unless that branch is master.
workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: '$CI_PIPELINE_SOURCE == "web"'
    - if: '$CI_PIPELINE_SOURCE == "webide"'
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

.base:
  tags:
    - saas-linux-xlarge-amd64
  variables:
    JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
  before_script:
    - echo "org.gradle.caching=true" >> gradle.properties
    - test -e /etc/apt/sources.list.d/bullseye-backports.list
        || echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list
    - apt update
    - apt-get -qy install -t bullseye-backports --no-install-recommends git sdkmanager openjdk-17-jdk-headless

    - test -n "$ANDROID_HOME" || source /etc/profile.d/bsenv.sh

    - export cmdline_tools_latest="$ANDROID_HOME/cmdline-tools/latest/bin"
    - test -e $cmdline_tools_latest && export PATH="$cmdline_tools_latest:$PATH"

    - export GRADLE_USER_HOME=$PWD/.gradle
    - export ANDROID_COMPILE_SDK=`sed -n 's,.*compileSdk\s*\([0-9][0-9]*\).*,\1,p' app/build.gradle`
    - echo y | sdkmanager "platforms;android-${ANDROID_COMPILE_SDK}" > /dev/null
    # index-v1.jar tests need SHA1 support still, TODO use apksig to validate JAR sigs
    - sed -i 's,SHA1 denyAfter 20[0-9][0-9],SHA1 denyAfter 2026,'
      /usr/lib/jvm/java-17-openjdk-amd64/conf/security/java.security
  after_script:
    # this file changes every time but should not be cached
    - rm -f $GRADLE_USER_HOME/caches/modules-2/modules-2.lock
    - rm -fr $GRADLE_USER_HOME/caches/*/plugin-resolution/
  cache:
    key: '${CI_PROJECT_PATH}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}'
    paths:
      - .gradle/wrapper
      - .gradle/caches

.test-template: &test-template
  extends: .base
  stage: test
  artifacts:
    name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
    paths:
      - kernel.log
      - logcat.txt
      - app/core*
      - app/*.log
      - app/build/reports
      - app/build/outputs/*ml
      - app/build/outputs/apk
      - libs/*/build/reports
      - build/reports
    reports:
      junit:
        - app/build/**/TEST-*.xml
        - libs/*/build/**/TEST-*.xml
    expire_in: 1 week
    when: on_failure
  after_script:
    - echo "Download debug artifacts from https://gitlab.com/${CI_PROJECT_PATH}/-/jobs"
    # this file changes every time but should not be cached
    - rm -f $GRADLE_USER_HOME/caches/modules-2/modules-2.lock
    - rm -fr $GRADLE_USER_HOME/caches/*/plugin-resolution/

.always-on-these-changes: &always-on-these-changes
  changes:
    - .gitlab-ci.yml
    - build.gradle

app assembleFullRelease test:
  <<: *test-template
  rules:
    - <<: *always-on-these-changes
    - changes:
        - app/**/*
        - libs/**/*
  script:
    - ./gradlew :app:assembleFullRelease :app:testFullDebugUnitTest
  artifacts:
    name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
    paths:
      - app/build/reports
      - app/build/outputs/apk
      - libs/*/build/reports
    reports:
      junit:
        - app/build/test-results/*/TEST-*.xml
    expire_in: 1 week
    when: always

libs db test:
  <<: *test-template
  rules:
    - <<: *always-on-these-changes
    - changes:
        - libs/database/**/*
  script:
    - ./gradlew :libs:database:testDebugUnitTest

libs download test:
  <<: *test-template
  rules:
    - <<: *always-on-these-changes
    - changes:
        - libs/download/**/*
  script:
    - ./gradlew :libs:download:testDebugUnitTest

libs index test:
  <<: *test-template
  rules:
    - <<: *always-on-these-changes
    - changes:
        - libs/index/**/*
  script:
    - ./gradlew :libs:index:testDebugUnitTest

app lint pmd checkstyle:
  <<: *test-template
  stage: lint
  rules:
    - <<: *always-on-these-changes
    - changes:
        - app/**/*
  script:
    # always report on lint errors to the build log
    - sed -i -e 's,textReport .*,textReport true,' app/build.gradle
    # the tasks "lint", "test", etc don't always include everything
    - ./gradlew :app:lint :app:pmd :app:checkstyle

libs lint ktlintCheck:
  <<: *test-template
  stage: lint
  rules:
    - <<: *always-on-these-changes
    - changes:
        - libs/**/*
  script:
    # always report on lint errors to the build log
    - sed -i -e 's,textReport .*,textReport true,' app/build.gradle
    - ./gradlew :libs:database:lint :libs:download:lint :libs:index:lint ktlintCheck

app tools scripts:
  stage: lint
  image: debian:bullseye-slim
  rules:
    - <<: *always-on-these-changes
    - changes:
        - app/**/*
  script:
    - apt-get update
    - apt-get -qy install --no-install-recommends git python3
    - ./tools/check-format-strings.py
    - ./tools/check-fastlane-whitespace.py
    - ./tools/remove-unused-and-blank-translations.py
    - echo "These are unused or blank translations that should be removed:"
    - git --no-pager diff --ignore-all-space --name-only --exit-code app/src/*/res/values*/strings.xml

app weblate merge conflict:
  stage: lint
  image: debian:bookworm-slim
  rules:
    - changes:
        - .gitlab-ci.yml
        - app/src/*/res/values*/strings.xml
        - metadata/
  script:
    - apt-get update
    - apt-get -qy install --no-install-recommends ca-certificates git
    - git config user.name "$CI_PIPELINE_ID/$CI_JOB_ID"
    - git config user.email $CI_PROJECT_PATH@f-droid.org
    - git fetch https://hosted.weblate.org/git/f-droid/f-droid
    - git checkout -B weblate FETCH_HEAD
    - export EXITVALUE=0
    - if ! git rebase $CI_COMMIT_SHA; then
          export EXITVALUE=1;
          set -x;
          while git rebase --skip; do echo; done;
          set +x;
      fi
    - git diff --exit-code
    - exit $EXITVALUE

app errorprone:
  extends: .base
  stage: lint
  rules:
    - <<: *always-on-these-changes
    - changes:
        - app/**/*
  script:
    - cat config/errorprone.gradle >> app/build.gradle
    - ./gradlew -Dorg.gradle.dependency.verification=lenient assembleDebug

libs database schema:
  stage: lint
  image: debian:bullseye-backports
  rules:
    - <<: *always-on-these-changes
    - changes:
        - libs/database/**/*
  variables:
    JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
  script:
    - apt-get update
    - apt-get -qy --no-install-recommends install openjdk-17-jdk-headless git sdkmanager
    - export ANDROID_HOME=/opt/android-sdk
    - export ANDROID_COMPILE_SDK=`sed -n 's,.*compileSdk\s*\([0-9][0-9]*\).*,\1,p' app/build.gradle`
    - sdkmanager "platforms;android-$ANDROID_COMPILE_SDK" "build-tools;34.0.0"
    - ./gradlew :libs:database:kaptDebugKotlin
    - git --no-pager diff --exit-code

# Run the tests in the emulator.  Each step is broken out to run on
# its own since the CI runner can have limited RAM, and the emulator
# can take a while to start.
#
# once these prove stable, the task should be switched to
# connectedCheck to test all the build flavors
.connected-template: &connected-template
  extends: .base
  script:
    - ./gradlew assembleFullDebug
    - export AVD_SDK=`echo $CI_JOB_NAME | awk '{print $2}'`
    - export AVD_TAG=`echo $CI_JOB_NAME | awk '{print $3}'`
    - export AVD_ARCH=`echo $CI_JOB_NAME | awk '{print $4}'`
    - export AVD_PACKAGE="system-images;android-${AVD_SDK};${AVD_TAG};${AVD_ARCH}"
    - echo $AVD_PACKAGE

    - ls -l ~/.android

    - adb start-server
    - start-emulator
    - wait-for-emulator
    - adb devices
    - adb shell input keyevent 82 &
    - ./gradlew installFullDebug
    - adb shell am start -n org.fdroid.fdroid.debug/org.fdroid.fdroid.views.main.MainActivity
    - if [ $AVD_SDK -lt 29 ] || ! emulator -accel-check; then
          export FLAG=-Pandroid.testInstrumentationRunnerArguments.notAnnotation=androidx.test.filters.LargeTest;
      fi
    - ./gradlew connectedFullDebugAndroidTest $FLAG

.kvm-connected-template: &kvm-connected-template
  extends: .base
  image: briar/ci-image-android-emulator:latest
  tags:
    - kvm
  script:
    - ./gradlew assembleFullDebug
    - export AVD_SDK=`echo $CI_JOB_NAME | awk '{print $2}'`
    - export AVD_TAG=`echo $CI_JOB_NAME | awk '{print $3}'`
    - export AVD_ARCH=`echo $CI_JOB_NAME | awk '{print $4}'`
    - export AVD_PACKAGE="system-images;android-${AVD_SDK};${AVD_TAG};${AVD_ARCH}"
    - echo $AVD_PACKAGE

    - $ANDROID_HOME/cmdline-tools/latest/bin/avdmanager --verbose delete avd --name "$NAME_AVD"
    - export AVD="$AVD_PACKAGE"
    - echo y | $ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager --install "$AVD"
    - echo no | $ANDROID_HOME/cmdline-tools/latest/bin/avdmanager --verbose create avd --name "$NAME_AVD" --package "$AVD" --device "pixel"
    - start-emulator.sh
    - ./gradlew installFullDebug
    - adb shell am start -n org.fdroid.fdroid.debug/org.fdroid.fdroid.views.main.MainActivity
    - if [ $AVD_SDK -lt 29 ] || ! emulator -accel-check; then
          export FLAG=-Pandroid.testInstrumentationRunnerArguments.notAnnotation=androidx.test.filters.LargeTest;
      fi
    - ./gradlew :app:connectedFullDebugAndroidTest :libs:database:connectedCheck :libs:download:connectedCheck :libs:index:connectedCheck $FLAG


# Since jobs that require KVM need special runners, these jobs are
# opt-in.  To set up your fork to run KVM jobs, go to Settings ->
# CI/CD -> Variables, and add a variable called RUN_KVM_JOBS with a
# value of "1".  For example, this is for the canonical repo:
#
# https://gitlab.com/fdroid/fdroidclient/-/settings/ci_cd#js-cicd-variables-settings
.kvm-template: &kvm-template
  tags:
    - fdroid
    - kvm
  rules:
    - if: $RUN_KVM_JOBS
  <<: *test-template
  <<: *kvm-connected-template


kvm jobs skipped:
  rules:
    - if: '$RUN_KVM_JOBS == null || $RUN_KVM_JOBS == "" || $RUN_KVM_JOBS == "0"'
  image: alpine  # this only needs printf, so it should be as small as possible
  variables:
    GIT_DEPTH: 1
  script:
    - printf '\x1b[33mJobs that require KVM need special runners, these jobs are opt-in.  To set up your fork to run KVM jobs, go to Settings -> CI/CD -> Variables, and add a variable called RUN_KVM_JOBS with a value of "1".  This link should take you there:\n'
    - printf "\x1b[32m${CI_SERVER_URL}/$CI_PROJECT_PATH/-/settings/ci_cd#js-cicd-variables-settings\n"


kvm 23 default x86:
  <<: *test-template
  <<: *kvm-template

pages:
  extends: .base
  stage: deploy
  only:
    - master
  script:
    - ./gradlew :libs:download:dokkaHtml :libs:index:dokkaHtml :libs:database:dokkaHtml
    - mkdir -p public/libs
    - touch public/index.html public/libs/index.html
    - cp -r libs/download/build/dokka/html public/libs/download
    - cp -r libs/index/build/dokka/html public/libs/index
    - cp -r libs/database/build/dokka/html public/libs/database
  artifacts:
    paths:
      - public

deploy_nightly:
  extends: .base
  stage: deploy
  only:
    - master
  variables:
    JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
  script:
    - test -z "$DEBUG_KEYSTORE" && exit 0
    - apt-get install -t bullseye-backports openjdk-17-jdk-headless fdroidserver
    - sed -i
        's,<string name="app_name">.*</string>,<string name="app_name">F-Nightly</string>,'
        app/src/main/res/values*/strings.xml
    # add this nightly repo as a enabled repo
    - sed -i -e '/<\/string-array>/d' -e '/<\/resources>/d' app/src/main/res/values/default_repos.xml
    - echo "<item>${CI_PROJECT_PATH}-nightly</item>" >> app/src/main/res/values/default_repos.xml
    - echo "<item>${CI_PROJECT_URL}-nightly/-/raw/master/fdroid/repo</item>" >> app/src/main/res/values/default_repos.xml
    - cat config/nightly-repo/repo.xml >> app/src/main/res/values/default_repos.xml
    - export DB=`sed -n 's,.*version *= *\([0-9][0-9]*\).*,\1,p' libs/database/src/main/java/org/fdroid/database/FDroidDatabase.kt`
    - export versionCode=`printf '%d%05d' $DB $(date '+%s'| cut -b1-8)`
    - sed -i "s,^\(\s*versionCode\)  *[0-9].*,\1 $versionCode," app/build.gradle
    # build the APKs!
    - ./gradlew assembleDebug
    - fdroid nightly -v