version: 2.1

parameters:
  publish_backend_doc:
    type: boolean
    default: false

jobs:

  build_back:
    docker:
      - image: cimg/openjdk:17.0.11
      - image: docker.elastic.co/elasticsearch/elasticsearch:7.9.1
        environment:
          - "discovery.type=single-node"
          - "cluster.name=datashare"
          - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
        name: elasticsearch
      - image: redis:4.0.1-alpine
        name: redis
      - image: postgres:11.2
        name: postgres
        environment:
          POSTGRES_USER: dstest
          POSTGRES_PASSWORD: test
          POSTGRES_DB: dstest
      - image: rabbitmq:3
        name: rabbitmq
        environment:
          RABBITMQ_DEFAULT_USER: admin
          RABBITMQ_DEFAULT_PASS: admin
      - image: adobe/s3mock:latest
        name: s3mock

    working_directory: /tmp/datashare

    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"

    steps:
      - checkout

      # Download and cache dependencies
      - restore_cache:
          keys:
          - v1-dependencies-{{ checksum "pom.xml" }}

      - run:
          name: create a bootstrap datashare DB for jooq code generation
          command: |
            sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
            wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
            sudo apt-get update
            sudo apt-get install -y postgresql-client-11
            PGPASSWORD=test psql -h postgres -U dstest dstest -c "CREATE DATABASE datashare_liquibase;"

      - run:
          name: Configure GPG private key for signing project artifacts in OSS Sonatype
          shell: /bin/bash
          command: |
            echo ${RELEASES_GPG_PRIV_BASE64} | base64 --decode | gpg --batch --no-tty --import --yes

      - run: sudo apt-get install -y tesseract-ocr-eng
      - run: mvn validate
      - run: mvn -s .circleci/maven-release-settings.xml -pl commons-test -am install
      - run: mvn -pl datashare-db liquibase:update
      - run: mvn test
      - run:
          name: make install for app and corenlp modules
          command: mvn -s .circleci/maven-release-settings.xml -pl datashare-app -pl datashare-nlp-corenlp -am install -Dmaven.test.skip=true
      - run: mvn -pl datashare-dist package
      - run:
          name: acceptance test for embedded mode
          command: |
            VERSION=$(head pom.xml | grep '<version>[0-9.]\+' | sed 's/<version>\([0-9.]\+\)<\/version>/\1/g' | tr -d '[:space:]')
            DS_ELASTICSEARCH_DATA_PATH=$HOME java -cp datashare-dist/target/datashare-dist-${VERSION}-all.jar org.icij.datashare.text.indexing.elasticsearch.EsEmbeddedServer -- 5
      - save_cache:
          paths:
            - ~/.m2
          key: v1-dependencies-{{ checksum "pom.xml" }}

  publish_doc:
    docker:
      - image: cimg/openjdk:17.0.11
      - image: docker.elastic.co/elasticsearch/elasticsearch:7.9.1
        environment:
           - "discovery.type=single-node"
           - "cluster.name=datashare"
           - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
        name: elasticsearch
      - image: postgres:11.2
        name: postgres
        environment:
          POSTGRES_USER: dstest
          POSTGRES_DB: dstest
          POSTGRES_PASSWORD: test
    working_directory: ~/datashare
    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"
    steps:
      - checkout
      - restore_cache:
          keys:
            - v1-dependencies-{{ checksum "pom.xml" }}
      - run:
          name: Prepare SSH directory
          command: |
            mkdir -p ~/.ssh
            chmod 700 ~/.ssh
      - add_ssh_keys:
          fingerprints:
            # This deploy key has read-write permission on ICIJ/datashare-docs repository
            # @see https://app.circleci.com/settings/project/github/ICIJ/datashare/ssh
            # @see https://github.com/ICIJ/datashare-docs/settings/keys
            - "d0:5d:4a:ba:8a:55:2e:1f:6f:ad:57:c5:e0:21:ce:34"
      - run:
          name: Configure Git identity
          command: |
            git config --global user.name $CIRCLE_USERNAME
            git config --global user.email "engineering@icij.org"
      - run:
          name: Checkout Datashare Doc repository
          command: |
            ssh-keyscan github.com >> ~/.ssh/known_hosts
            git clone git@github.com:ICIJ/datashare-docs.git ~/datashare-docs
      - run:
          name: Make dist without frontend
          command: mvn -pl datashare-dist package
      - run:
          name: Populate apigen index
          command: ./doc/apigen/populate_apigen.sh
      - run:
          name: Launch datashare apigen
          command: ./doc/apigen/datashare_for_apigen.sh
          background: true
      - run:
          name: Install apigen
          command: |
            sudo apt-get update
            sudo apt-get install -y python3-pip
            sudo pip3 install fluent-http-apigen
      - run:
          name: Run apigen
          command: apigen datashare-app/src/main/java/org/icij/datashare/web/*Resource.java > ~/datashare-docs/developers/backend/api.md
      - run:
          name: Install postgres
          command: |
            sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
            wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
            sudo apt-get update
            sudo apt-get install -y postgresql-client-11
      - run:
          name: Generate db doc
          environment:
            PGDB: datashare_liquibase
            PGUSER: dstest
            PGPASSWORD: test
          command: |
            echo "postgres:5432:$PGDB:$PGUSER:$PGPASSWORD" > ~/.pgpass && chmod 600 ~/.pgpass
            createdb -U $PGUSER -h postgres $PGDB
            mvn -pl commons-test -am install
            mvn -pl datashare-db liquibase:update
            ./datashare-db/scr/build_db_doc.sh > ~/datashare-docs/developers/backend/database.md
      - run:
          name: Add/Commit changes to the doc
          command: |
            git -C ~/datashare-docs add -A
            git -C ~/datashare-docs commit -am "doc: update backend documentation [${CIRCLE_SHA1}]" || true
      - run:
          name: Push changes to the doc
          command: git -C ~/datashare-docs push origin main

  package_back:
    docker:
      - image: cimg/openjdk:17.0.11
    working_directory: /tmp/datashare
    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"
    steps:
      - attach_workspace:
          at: /tmp/datashare-client
      - checkout

      - restore_cache:
          keys:
            - v1-dependencies-{{ checksum "pom.xml" }}

      - run:
          name: make app link to front
          command: cp -R /tmp/datashare-client/dist /tmp/datashare/app
      - run:
          name: make dist including frontend
          command: mvn -pl datashare-dist package
      - run:
          name: make tarball for non debian linux
          command: |
            cp /tmp/datashare/datashare-dist/src/main/deb/bin/datashare /tmp/datashare/datashare-dist/target
            cd /tmp/datashare/datashare-dist/target
            tar cvzf datashare-dist-${CIRCLE_TAG}.tgz datashare datashare-dist-${CIRCLE_TAG}-all.jar
      - persist_to_workspace:
          root: /tmp/datashare
          paths:
            - datashare-dist

  deploy_back:
    docker:
      - image: cimg/openjdk:17.0.11
    working_directory: /tmp
    steps:
      - attach_workspace:
          at: /tmp/datashare
      - run:
          name: deploy datashare dist and es mappings/settings jar to github release
          command: |
            upload_url=$(curl -X POST -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -d "{\"tag_name\":\"${CIRCLE_TAG}\", \"name\":\"${CIRCLE_TAG}\",\"body\":\"release ${CIRCLE_TAG}\"}" "https://api.github.com/repos/ICIJ/datashare/releases" | jq -r '.upload_url')
            upload_url="${upload_url%\{*}"
            echo "uploading asset to release url: $upload_url"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/java-archive" --data-binary "@/tmp/datashare/datashare-dist/target/datashare-dist-${CIRCLE_TAG}-all.jar" "$upload_url?name=datashare-dist-${CIRCLE_TAG}-all.jar&label=datashare-dist-${CIRCLE_TAG}-all.jar"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/java-archive" --data-binary "@/tmp/datashare/datashare-dist/target/datashare-dist-${CIRCLE_TAG}-back.jar" "$upload_url?name=datashare-dist-${CIRCLE_TAG}.jar&label=datashare-dist-${CIRCLE_TAG}.jar"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" --data-binary "@/tmp/datashare/datashare-index/src/main/resources/datashare_index_mappings.json" "$upload_url?name=datashare_index_mappings.json&label=datashare_index_mappings.json"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" --data-binary "@/tmp/datashare/datashare-index/src/main/resources/datashare_index_settings.json" "$upload_url?name=datashare_index_settings.json&label=datashare_index_settings.json"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" --data-binary "@/tmp/datashare/datashare-index/src/main/resources/datashare_index_settings_windows.json" "$upload_url?name=datashare_index_settings_windows.json&label=datashare_index_settings_windows.json"


  build_front:
    resource_class: large
    docker:
      - image: cimg/node:18.19
      - image: docker.elastic.co/elasticsearch/elasticsearch:7.9.1
        environment:
          - "discovery.type=single-node"
          - "cluster.name=datashare"
          - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
          - "http.cors.enabled=true"
          - "http.cors.allow-origin=*"
          - "http.cors.allow-methods=OPTIONS, HEAD, GET, POST, PUT, DELETE"
        name: elasticsearch
    working_directory: /tmp
    steps:
      - attach_workspace:
           at: /tmp/datashare
      - run:
           name: adds_ssh_dir
           command: |
             mkdir -p ~/.ssh
             chmod 700 ~/.ssh
      - add_ssh_keys:
          fingerprints:
            - "b3:e6:7c:f3:86:9e:e9:88:d1:cf:22:8c:97:3e:93:54"
      - run:
          name: clone
          command: |
            ssh-keyscan github.com >> ~/.ssh/known_hosts
            git clone git@github.com:ICIJ/datashare-client.git
      - run:
          name: release client on GitHub
          command: |
            upload_url=$(curl -X POST -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -d "{ \"tag_name\": \"${CIRCLE_TAG}\", \"target_commitish\": \"main\", \"name\": \"${CIRCLE_TAG}\", \"body\": \"Released by Circle CI\", \"draft\": false, \"prerelease\": false }" "https://api.github.com/repos/ICIJ/datashare-client/releases")
            echo $upload_url > /tmp/datashare-client/datashare-client.url
      - run:
          name: checkout tag
          command: |
            cd datashare-client
            git pull origin main --tags
            git checkout ${CIRCLE_TAG}
      - restore_cache:
          keys:
            - dependency-cache-{{ checksum "/tmp/datashare-client/package.json" }}
            - dependency-cache-
      - run:
          name: make install
          command: |
            cd /tmp/datashare-client
            make install
      - save_cache:
          key: dependency-cache-{{ checksum "/tmp/datashare-client/package.json" }}
          paths:
            - /tmp/datashare-client/node_modules
      - run:
          name: run tests
          command: |
            cd /tmp/datashare-client
            yarn test:unit --silent --minWorkers 1 --maxWorkers 2  
      - run:
          name: build the from for distribution
          command: |
            cd /tmp/datashare-client
            make dist
      - persist_to_workspace:
          root: /tmp/datashare-client
          paths:
            - dist
            - datashare-client.url

  deploy_front:
    docker:
      - image: cimg/node:18.19
    working_directory: /tmp
    steps:
      - attach_workspace:
          at: /tmp/datashare
      - run:
          name: deploy datashare-client dist to github release
          command: |
            cd /tmp/datashare/dist
            tar czf ../datashare-client-${CIRCLE_TAG}.tgz .
            zip -r ../datashare-client-${CIRCLE_TAG}.zip .
            upload_url=$(cat /tmp/datashare/datashare-client.url | jq -r '.upload_url')
            if [ "$upload_url" = "null" ]; then
              upload_url=$(curl -s -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/ICIJ/datashare-client/releases/tags/${CIRCLE_TAG}" | jq -r '.upload_url')
            fi
            upload_url="${upload_url%\{*}"
            echo "uploading asset to release url: $upload_url"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/zip" --data-binary "@/tmp/datashare/datashare-client-${CIRCLE_TAG}.zip" "$upload_url?name=datashare-client-${CIRCLE_TAG}.zip&label=datashare-client-${CIRCLE_TAG}.zip"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/gzip" --data-binary "@/tmp/datashare/datashare-client-${CIRCLE_TAG}.tgz" "$upload_url?name=datashare-client-${CIRCLE_TAG}.tgz&label=datashare-client-${CIRCLE_TAG}.tgz"


  build_docker:
    docker:
      - image: docker:20.10.22-git
    working_directory: /tmp
    steps:
      - attach_workspace:
           at: /tmp/datashare
      - setup_remote_docker
      - run:
          name: Login to Docker hub
          command: |
            docker login -u ${DOCKER_USER} -p ${DOCKER_PASS}
      - run:
          name: Install tonistiigi/binfmt support for additional platforms
          command: |
            docker run --privileged --rm tonistiigi/binfmt --install all
      - run:
          name: Build and push the image for several platform
          command: |
            cd /tmp/datashare/datashare-dist/target/datashare-dist-$CIRCLE_TAG-docker/
            docker buildx create --use
            docker buildx build \
              --platform linux/amd64,linux/arm64 \
              -t icij/datashare:${CIRCLE_TAG} \
              --push .


  build_installers:
    resource_class: large
    docker:
      - image: cimg/rust:1.77.1
    working_directory: /tmp
    steps:
      - attach_workspace:
          at: /tmp/datashare
      - restore_cache:
          keys:
            - cargo-cache
      - run:
          name: Install dependencies
          command: |
            sudo apt-get update && sudo apt install -y nsis cpio jq imagemagick icnsutils libxml2-dev
            wget https://nsis.sourceforge.io/mediawiki/images/c/c9/Inetc.zip && unzip Inetc.zip && sudo cp Plugins/x86-unicode/INetC.dll /usr/share/nsis/Plugins/x86-unicode/ && echo "cp INetC.dll done"
            wget https://nsis.sourceforge.io/mediawiki/images/7/7f/EnVar_plugin.zip && unzip EnVar_plugin.zip && sudo cp Plugins/x86-unicode/EnVar.dll /usr/share/nsis/Plugins/x86-unicode && echo "cp EnVar.dll done"
            wget https://github.com/ICIJ/bomutils/archive/refs/heads/master.zip && unzip master.zip && cd bomutils-master && make && sudo make install
            wget https://github.com/mackyle/xar/archive/refs/tags/xar-1.6.1.tar.gz && tar -zxf xar-1.6.1.tar.gz && cd xar-xar-1.6.1/xar && sed -i 's/OpenSSL_add_all_ciphers/OPENSSL_init_crypto/g' configure.ac && ./autogen.sh && make && sudo make install
            wget https://nsis.sourceforge.io/mediawiki/images/9/9d/Untgz.zip  && unzip Untgz.zip && sudo cp untgz/untgz.dll /usr/share/nsis/Plugins/ && echo "cp untgz.dll done"
            cargo install apple-codesign
      - save_cache:
          key: cargo-cache
          paths:
            - $HOME/.cargo
      - run:
          name: Adds SSH directory
          command: |
            mkdir -p ~/.ssh
            chmod 700 ~/.ssh
      - add_ssh_keys:
          fingerprints:
          - "b3:e6:7c:f3:86:9e:e9:88:d1:cf:22:8c:97:3e:93:54"
      - run:
          name: Configure Git identity
          command: |
            git config --global user.name $CIRCLE_USERNAME
            git config --global user.email "engineering@icij.org"
      - run:
          name: Checkout
          command: |
            ssh-keyscan github.com >> ~/.ssh/known_hosts
            git clone git@github.com:ICIJ/datashare-installer.git
      - run:
          name: Build Mac installer
          command: |
            cd /tmp/datashare-installer/mac
            make VERSION=${CIRCLE_TAG} all
      - run:
          name: Build Windows installer
          command: |
            cd /tmp/datashare-installer/windows
            make VERSION=${CIRCLE_TAG} all
      - run:
          name: Build Linux installer
          command: |
            cd /tmp/datashare-installer/linux
            make VERSION=${CIRCLE_TAG} all        
      - run:
          name: Populate VERSION.txt file
          command: echo $CIRCLE_TAG > /tmp/datashare-installer/VERSION.txt
      - run:
          name: Commit version changes
          command: |
            git -C /tmp/datashare-installer/ commit -am "build: bump to ${CIRCLE_SHA1}" || true
      - run:
          name: Push changes
          command: git -C /tmp/datashare-installer/ push origin main
      - run:
          name: Create git tag
          command: | 
            curl -s -H "Authorization: token $GITHUB_TOKEN" -d "{\"tag_name\":\"${CIRCLE_TAG}\", \"name\":\"${CIRCLE_TAG}\",\"body\":\"release ${CIRCLE_TAG}\",\"prerelease\":true}" "https://api.github.com/repos/ICIJ/datashare-installer/releases"
      - run:
          name: Deploy installers on github
          command: |
            cd /tmp/datashare-installer
            ./deploy.sh ${CIRCLE_TAG}
            upload_url=$(curl -s -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/ICIJ/datashare-installer/releases/tags/${CIRCLE_TAG}" | jq -r '.upload_url')
            upload_url="${upload_url%\{*}"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/vnd.debian.binary-package" --data-binary "@/tmp/datashare/datashare-dist/target/datashare-dist-${CIRCLE_TAG}.deb" "$upload_url?name=datashare-${CIRCLE_TAG}.deb&label=datashare-${CIRCLE_TAG}.deb"
            curl -X POST -s -m 120 -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/gzip" --data-binary "@/tmp/datashare/datashare-dist/target/datashare-dist-${CIRCLE_TAG}.tgz" "$upload_url?name=datashare-${CIRCLE_TAG}.tgz&label=datashare-${CIRCLE_TAG}.tgz"

  deploy_datashare_tasks:
    docker:
      - image: cimg/openjdk:17.0.11
      - image: redis:4.0.1-alpine
        name: redis
      - image: rabbitmq:3
        name: rabbitmq
        environment:
          RABBITMQ_DEFAULT_USER: admin
          RABBITMQ_DEFAULT_PASS: admin

    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"

    steps:
      - checkout
      - run:
          name: Configure GPG private key for signing project artifacts in OSS Sonatype
          shell: /bin/bash
          command: |
            echo ${RELEASES_GPG_PRIV_BASE64} | base64 --decode | gpg --batch --no-tty --import --yes

      - run:
          name: Build and deploy datashare-tasks
          command: mvn -s .circleci/maven-release-settings.xml -pl datashare-tasks -am deploy

  deploy_datashare_api:
    docker:
      - image: cimg/openjdk:17.0.11
      - image: adobe/s3mock:latest
        name: s3mock

    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"

    steps:
      - checkout
      - run:
          name: Configure GPG private key for signing project artifacts in OSS Sonatype
          shell: /bin/bash
          command: |
            echo ${RELEASES_GPG_PRIV_BASE64} | base64 --decode | gpg --batch --no-tty --import --yes

      - run:
          name: Build and deploy datashare-api
          command: mvn -s .circleci/maven-release-settings.xml -pl datashare-api -am deploy

  deploy_datashare_cli:
    docker:
      - image: cimg/openjdk:17.0.11

    environment:
      MAVEN_OPTS: "-Xms512m -Xmx512m -Xss10M"

    steps:
      - checkout
      - run:
          name: Configure GPG private key for signing project artifacts in OSS Sonatype
          shell: /bin/bash
          command: |
            echo ${RELEASES_GPG_PRIV_BASE64} | base64 --decode | gpg --batch --no-tty --import --yes

      - run:
          name: Build and deploy datashare-cli
          command: mvn -s .circleci/maven-release-settings.xml -pl datashare-cli -am deploy

workflows:
  version: 2
  build_workflow:
    when:
      not: << pipeline.parameters.publish_backend_doc >>
    jobs:
      - build_back:
          filters:
              tags:
                  only: /.*/
      - package_back:
          requires:
            - build_back
            - build_front
          filters:
            tags:
              only: /^[0-9]+\..*/
            branches:
              ignore: /.*/
      - deploy_back:
          requires:
            - package_back
          filters:
            tags:
              only: /^[0-9]+\..*/
            branches:
              ignore: /.*/
      - build_front:
          requires:
            - build_back
          filters:
              tags:
                  only: /^[0-9]+\..*/
              branches:
                  ignore: /.*/
      - deploy_front:
          requires:
            - build_front
          filters:
            tags:
              only: /^[0-9]+\..*/
            branches:
              ignore: /.*/
      - build_docker:
          requires:
            - package_back
          filters:
              tags:
                  only: /^[0-9]+\..*/
              branches:
                  ignore: /.*/
      - build_installers:
          requires:
            - build_docker
          filters:
              tags:
                  only: /^[0-9]+\..*/
              branches:
                  ignore: /.*/
      - deploy_datashare_tasks:
          filters:
            tags:
              only: /^datashare-tasks\/[0-9]+\..*/
            branches:
              ignore: /.*/
      - deploy_datashare_api:
          filters:
            tags:
              only: /^datashare-api\/[0-9]+\..*/
            branches:
              ignore: /.*/
      - deploy_datashare_cli:
          filters:
            tags:
              only: /^datashare-cli\/[0-9]+\..*/
            branches:
              ignore: /.*/