swagger-cli/.gitlab-ci.yml

# CI/CD pipeline for swagger-cli
# Stages: test -> build -> release

stages:
  - test
  - build
  - release

variables:
  CARGO_HOME: ${CI_PROJECT_DIR}/.cargo
  RUSTFLAGS: "-D warnings"

default:
  image: rust:1.93
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - .cargo/
      - target/

# ---------------------------------------------------------------------------
# Test stage
# ---------------------------------------------------------------------------

test:unit:
  stage: test
  script:
    - cargo test --lib
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH

test:integration:
  stage: test
  script:
    - cargo test --test '*'
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH

lint:
  stage: test
  script:
    - rustup component add rustfmt clippy
    - cargo fmt --check
    - cargo clippy --all-targets -- -D warnings
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH

security:deps:
  stage: test
  script:
    - cargo install cargo-deny --locked
    - cargo install cargo-audit --locked
    - cargo deny check
    - cargo audit
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH
  allow_failure: false

# ---------------------------------------------------------------------------
# Build stage — cross-compile for 4 platform targets
# ---------------------------------------------------------------------------

.build-template: &build-template
  stage: build
  script:
    - rustup target add ${TARGET}
    - cargo build --release --target ${TARGET}
    - mkdir -p artifacts/
    - cp target/${TARGET}/release/swagger-cli artifacts/swagger-cli-${TARGET}
  artifacts:
    paths:
      - artifacts/
    expire_in: 1 week
  rules:
    - if: $CI_COMMIT_TAG

build:aarch64-apple-darwin:
  <<: *build-template
  tags:
    - macos
    - arm64
  variables:
    TARGET: aarch64-apple-darwin

build:x86_64-apple-darwin:
  <<: *build-template
  tags:
    - macos
    - x86_64
  variables:
    TARGET: x86_64-apple-darwin

build:x86_64-unknown-linux-gnu:
  <<: *build-template
  variables:
    TARGET: x86_64-unknown-linux-gnu

build:aarch64-unknown-linux-gnu:
  <<: *build-template
  before_script:
    - apt-get update -qq && apt-get install -y -qq gcc-aarch64-linux-gnu
    - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
  variables:
    TARGET: aarch64-unknown-linux-gnu

# ---------------------------------------------------------------------------
# Release stage — tag-only
# ---------------------------------------------------------------------------

release:artifacts:
  stage: release
  image: alpine:latest
  dependencies:
    - build:aarch64-apple-darwin
    - build:x86_64-apple-darwin
    - build:x86_64-unknown-linux-gnu
    - build:aarch64-unknown-linux-gnu
  before_script:
    - apk add --no-cache curl minisign coreutils
  script:
    - cd artifacts/
    - sha256sum swagger-cli-* > SHA256SUMS
    - echo "${MINISIGN_SECRET_KEY}" > /tmp/minisign.key
    - minisign -S -s /tmp/minisign.key -m SHA256SUMS
    - rm -f /tmp/minisign.key
    # Upload all artifacts to GitLab Package Registry
    - |
      for file in swagger-cli-* SHA256SUMS SHA256SUMS.minisig; do
        curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \
             --upload-file "${file}" \
             "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/swagger-cli/${CI_COMMIT_TAG}/${file}"
      done
  rules:
    - if: $CI_COMMIT_TAG
  artifacts:
    paths:
      - artifacts/

release:docker:
  stage: release
  image: docker:latest
  services:
    - docker:dind
  variables:
    DOCKER_TLS_CERTDIR: "/certs"
  script:
    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
    - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest .
    - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
    - docker push ${CI_REGISTRY_IMAGE}:latest
  rules:
    - if: $CI_COMMIT_TAG