variables:
  # general config
  OPENSHIFT_TEST_VERSION: '4.13.0' # version to test against
  REGISTRY_URL: 'quay.io/openpipe/oc-local-runner' # define registry url
  ## RUNNER_TAG: {}
  # config to set in repo variables
  ## PULL_SECRET: "" # define this in repo variables! content of image pull secret (download from https://console.redhat.com/openshift/create/local)
  ## REGISTRY_PASSWORD: {} # define this in repo variables! used to push images to your registry
  ## REGISTRY_USER: {}
  # cloud provider config (AWS/GCP/OpenStack)
  ## AWS_ACCESS_KEY_ID: {} # define in repo variables for AWS
  ## AWS_SECRET_ACCESS_KEY: {} # define in repo variables for AWS
  ## AWS_DEFAULT_REGION: {} # define in repo variables for AWS
  ## GOOGLE_APPLICATION_CREDENTIALS: {} # define in repo variables for GCP
  ## GCLOUD_PROJECT: {} # define in repo variables for GCP
  ## GCLOUD_REGION: {} # define in repo variables for GCP
  ## GCLOUD_ZONE: {} # define in repo variables for GCP
  ## OS_CLIENT_CONFIG_FILE: {} # define in repo variables for OpenStack
  ## OS_CLOUD: {} # define in repo variables for OpenStack
  # crc config variables
  CONSENT_TELEMETRY: 'no' # Consent to collection of anonymous usage data (yes/no)
  CPUS: 4 # Number of CPU cores (must be greater than or equal to '4')
  DISABLE_UPDATE_CHECK: 'true' # Disable update check (true/false, default: true)
  DISK_SIZE: 31 # Total size in GiB of the disk (must be greater than or equal to '31')
  ENABLE_CLUSTER_MONITORING: 'false' # Enable cluster monitoring Operator (true/false, default: false)
  ENABLE_EXPERIMENTAL_FEATURES: 'false' # Enable experimental features (true/false, default: false)
  # ENABLE_SHARED_DIRS: # Mounts host's home directory at '/' in the CRC VM (true/false, default: true)
  # HOST_NETWORK_ACCESS: # Allow TCP/IP connections from the CRC VM to services running on the host (true/false, default: false)
  # HTTP_PROXY: # HTTP proxy URL (string, like 'http://my-proxy.com:8443')
  # HTTPS_PROXY: # HTTPS proxy URL (string, like 'https://my-proxy.com:8443')
  # INGRESS_HTTP_PORT: # HTTP port to use for OpenShift ingress/routes on the host (1024-65535, default: 80)
  # INGRESS_HTTPS_PORT: # HTTPS port to use for OpenShift ingress/routes on the host (1024-65535, default: 443)
  # KUBEADMIN_PASSWORD: # User defined kubeadmin password
  MEMORY: 11264 # Memory size in MiB (must be greater than or equal to 10752)
  # NAMESERVER: "" # IPv4 address of nameserver (string, like '1.1.1.1 or 8.8.8.8')
  # NETWORK_MODE: "" # Network mode (user or system)
  # NO_PROXY: "" # Hosts, ipv4 addresses or CIDR which do not use a proxy (string, comma-separated list such as '127.0.0.1,192.168.100.1/24')
  PRESET: 'openshift' # Virtual machine preset (valid values are: podman, openshift and okd)
  # PROXY_CA_FILE: "" # Path to an HTTPS proxy certificate authority (CA)
  SKIP_CHECK_ADMIN_HELPER_CACHED: 'true' # Skip preflight check (true/false)
  # SKIP_CHECK_BUNDLE_EXTRACTED: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_CRC_DNSMASQ_FILE: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_CRC_NETWORK: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_CRC_NETWORK_ACTIVE: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_CRC_SYMLINK: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_DAEMON_SYSTEMD_SOCKETS: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_DAEMON_SYSTEMD_UNIT: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_KVM_ENABLED: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_LIBVIRT_DRIVER: false # Skip preflight check (true/false, default: false)
  SKIP_CHECK_LIBVIRT_GROUP_ACTIVE: 'true' # Skip preflight check (true/false, default: false)
  SKIP_CHECK_LIBVIRT_INSTALLED: 'true' # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_LIBVIRT_RUNNING: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_LIBVIRT_VERSION: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_NETWORK_MANAGER_CONFIG: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_NETWORK_MANAGER_INSTALLED: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_NETWORK_MANAGER_RUNNING: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_OBSOLETE_ADMIN_HELPER: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_RAM: false # Skip preflight check (true/false, default: false)
  SKIP_CHECK_ROOT_USER: 'true' # Skip preflight check (true/false)
  # SKIP_CHECK_SUPPORTED_CPU_ARCH: false # Skip preflight check (true/false, default: false)
  SKIP_CHECK_SYSTEMD_NETWORKD_RUNNING: 'true' # Skip preflight check (true/false)
  SKIP_CHECK_USER_IN_LIBVIRT_GROUP: 'true' # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_VIRT_ENABLED: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_VSOCK: false # Skip preflight check (true/false, default: false)
  # SKIP_CHECK_WSL2: false # Skip preflight check (true/false, default: false)

stages:
  - prepare-images
  - setup
  - setup-cloud
  - test

build_container_images:
  image: quay.io/podman/stable:latest
  stage: prepare-images
  when: manual
  before_script:
    - dnf -y install git
    - dnf clean all
    - cd ~/
    - git clone https://github.com/pfeifferj/openpipe && cd openpipe/build
    - echo "Logging into registry..."
    - podman login -u $REGISTRY_USER -p $REGISTRY_PASSWORD quay.io
  script:
    - podman build -t "openpipe/oc-local-runner:${OPENSHIFT_VERSION}" --build-arg VERSION="$OPENSHIFT_VERSION" --build-arg PULL_SECRET="$PULL_SECRET" .
    - podman push "quay.io/openpipe/oc-local-runner:${OPENSHIFT_VERSION}"
  parallel:
    matrix:
      - OPENSHIFT_VERSION:
          [
            # 4.17.x (Latest minor)
            4.17.7, 4.17.3, 4.17.1, 4.17.0,
            # 4.16.x
            4.16.7, 4.16.4, 4.16.0,
            # 4.15.x
            4.15.17, 4.15.14, 4.15.12, 4.15.10, 4.15.3,
            # 4.14.x
            4.14.12, 4.14.8, 4.14.7, 4.14.3, 4.14.1,
            # Latest
            latest
          ]

setup_openshift_local:
  stage: setup
  image: '${REGISTRY_URL}:${OPENSHIFT_TEST_VERSION}'
  timeout: 3h 30m
  rules:
    - if: $DEPLOYMENT_TYPE == "local" || $DEPLOYMENT_TYPE == null
  services:
    - docker:dind
  variables:
    DBUS_SESSION_BUS_ADDRESS: 'unix:path=/run/user/1000/bus'
    XDG_RUNTIME_DIR: '/run/user/1000'
  before_script:
    - systemctl status libvirtd.service
    - cd ~/
    - git clone https://github.com/pfeifferj/openpipe || true
    - cd openpipe/build
    - /bin/bash crc-config.sh
    - echo $PULL_SECRET > pullsecret
    - crc config set pull-secret-file ./pullsecret
    - crc setup
  script:
    - crc start
    - crc oc-env
    - crc console --credentials
  allow_failure: true
  tags:
    - $RUNNER_TAG

setup_openshift_cloud_aws:
  stage: setup-cloud
  image: '${REGISTRY_URL}:${OPENSHIFT_TEST_VERSION}'
  timeout: 4h
  rules:
    - if: $DEPLOYMENT_TYPE == "cloud-aws"
  variables:
    PROJECT_NAME: "${CI_PROJECT_NAME}-${CI_JOB_ID}"
  script:
    - echo $PULL_SECRET > pullsecret
    # Import CRC image to AWS (if not already imported)
    - openpipe crc-cloud import 
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --output "/workspace"
      --provider "aws"
    # Create AWS instance
    - openpipe crc-cloud create aws
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --output "/workspace"
      --aws-ami-id "$(cat /workspace/image-id)"
      --pullsecret-filepath "./pullsecret"
      --key-filepath "/workspace/id_ecdsa"
  after_script:
    # Cleanup resources
    - openpipe crc-cloud destroy
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --provider "aws"
  allow_failure: true
  tags:
    - $RUNNER_TAG

setup_openshift_cloud_gcp:
  stage: setup-cloud
  image: '${REGISTRY_URL}:${OPENSHIFT_TEST_VERSION}'
  timeout: 4h
  rules:
    - if: $DEPLOYMENT_TYPE == "cloud-gcp"
  variables:
    PROJECT_NAME: "${CI_PROJECT_NAME}-${CI_JOB_ID}"
  script:
    - echo $PULL_SECRET > pullsecret
    # Create GCP instance (image must be pre-imported)
    - openpipe crc-cloud create gcp
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --output "/workspace"
      --gcp-image-id "${GCP_IMAGE_ID}"
      --pullsecret-filepath "./pullsecret"
      --key-filepath "/workspace/id_ecdsa"
  after_script:
    # Cleanup resources
    - openpipe crc-cloud destroy
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --provider "gcp"
  allow_failure: true
  tags:
    - $RUNNER_TAG

setup_openshift_cloud_openstack:
  stage: setup-cloud
  image: '${REGISTRY_URL}:${OPENSHIFT_TEST_VERSION}'
  timeout: 4h
  rules:
    - if: $DEPLOYMENT_TYPE == "cloud-openstack"
  variables:
    PROJECT_NAME: "${CI_PROJECT_NAME}-${CI_JOB_ID}"
  script:
    - echo $PULL_SECRET > pullsecret
    # Create OpenStack instance (image must be pre-imported)
    - openpipe crc-cloud create openstack
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --output "/workspace"
      --image "${OPENSTACK_IMAGE_ID}"
      --network "${OPENSTACK_NETWORK}"
      --pullsecret-filepath "./pullsecret"
      --key-filepath "/workspace/id_ecdsa"
  after_script:
    # Cleanup resources
    - openpipe crc-cloud destroy
      --project-name "${PROJECT_NAME}"
      --backed-url "file:///workspace"
      --provider "openstack"
  allow_failure: true
  tags:
    - $RUNNER_TAG