matrix:
  include:
    - PHP_MAJOR_VERSION: 7.4
      PHP_VERSION: 7.4.18

depends_on:
  - phpunit
  - code_standards_check

platform: releaser/release # This prevents executing this pipeline at other servers than ci.friendi.ca

skip_clone: true

pipeline:
  clone:
    image: alpine/git
    commands:
      - git clone $CI_REPO_LINK .
      - git checkout $CI_COMMIT_BRANCH
      - git fetch origin $CI_COMMIT_REF
      - git merge $CI_COMMIT_SHA
    when:
      repo: friendica/friendica
      branch: stable
      event: tag
  restore_cache:
    image: meltwater/drone-cache:dev
    settings:
      backend: "filesystem"
      restore: true
      cache_key: "{{ .Repo.Name }}_php${PHP_MAJOR_VERSION}_{{ arch }}_{{ os }}"
      archive_format: "gzip"
      mount:
        - '.composer'
    volumes:
      - /tmp/drone-cache:/tmp/cache
    when:
      repo: friendica/friendica
      branch: stable
      event: tag
  composer_install:
    image: friendicaci/php${PHP_MAJOR_VERSION}:php${PHP_VERSION}
    commands:
      - export COMPOSER_HOME=.composer
      - composer validate
      - composer install --no-dev --optimize-autoloader
    when:
      repo: friendica/friendica
      branch: stable
      event: tag
    volumes:
      - /etc/hosts:/etc/hosts
  create_artifacts:
    image: debian
    commands:
      - apt-get update
      - apt-get install bzip2
      - mkdir ./build
      - export VERSION="$(cat VERSION)"
      - export RELEASE="friendica-full-$VERSION"
      - export ARTIFACT="$RELEASE.tar.gz"
      - tar
        --transform "s,^,$RELEASE/,"
        -X mods/release-list-exclude.txt
        -T mods/release-list-include.txt
        -cvzf ./build/$ARTIFACT
      - cd ./build
      - sha256sum "$ARTIFACT" > "$ARTIFACT.sum256"
      - chmod 664 ./*
      - ls -lh
      - cat "$ARTIFACT.sum256"
      - sha256sum "$ARTIFACT"
    when:
      repo: friendica/friendica
      branch: stable
      event: tag
  sign_artifacts:
    image: plugins/gpgsign
    settings:
      key:
        from_secret: gpg_key
      passphrase:
        from_secret: gpg_password
      files:
        - build/*
      exclude:
        - build/*.sum256
      detach_sign: true
    when:
      repo: friendica/friendica
      branch: stable
      event: tag
  upload_artifacts:
    image: alpine
    secrets:
      - source: sftp_host
        target: lftp_host
      - source: sftp_user
        target: lftp_user
      - source: ssh_key
        target: lftp_key
    environment:
      LFTP_PORT: "22"
      LFTP_SOURCE: "build"
      LFTP_TARGET: "/http"
    volumes:
      - /etc/hosts:/etc/hosts
    commands:
      - apk add lftp openssh openssl
      - touch drone.key
      - chmod 400 drone.key
      - echo "$LFTP_KEY" | openssl base64 -A -d > drone.key
      - lftp -c "
        set net:timeout 5;
        set net:max-retries 2;
        set net:reconnect-interval-base 5;
        set sftp:auto-confirm true;
        set sftp:connect-program 'ssh -q -a -x -i drone.key';
        connect sftp://$LFTP_USER:@$LFTP_HOST:$LFTP_PORT;
        cd $LFTP_TARGET;
        mput $LFTP_SOURCE/*;
        "
      - rm drone.key
    when:
      repo: friendica/friendica
      branch: stable
      event: tag