stages:
  - build
  - scan
  - release

build:
  stage: build
  image: docker:19.03.12
  services:
    - docker:dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $CI_REGISTRY_IMAGE:latest -f Containerfile . 
    - docker push $CI_REGISTRY_IMAGE:latest

scan:
  stage: scan
  image:
    name: docker.io/aquasec/trivy:latest
    entrypoint: [""]
  variables:
    TRIVY_USERNAME: "$CI_REGISTRY_USER"
    TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
    TRIVY_AUTH_URL: "$CI_REGISTRY"
    FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:latest
    TRIVY_INSECURE: "true"
  script:
    - trivy image --clear-cache
    - time trivy image --severity HIGH,CRITICAL $FULL_IMAGE_NAME
    
release:
  stage: release
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  script:
    - release-cli create --name "Release $CI_COMMIT_SHORT_SHA" --description "Release of version $CI_COMMIT_SHORT_SHA" --tag-name "v$CI_COMMIT_SHORT_SHA" --ref "main"
  only:
    - main