.vsts-ci.yml

name: Intelligence Toolkit
pool:
  vmImage: ubuntu-latest

trigger:
  batch: true
  branches:
    include:
      - main
      
schedules:
- cron: "0 0 * * 0"  # Runs every Sunday at midnight (UTC)
  branches:
    include:
      - main

variables:
  POETRY_VERSION: 1.8.3

stages:
  - stage: Compliance
    dependsOn: []
    jobs:
      - job: compliance
        displayName: Compliance
        pool:
          vmImage: windows-latest
        steps:
          - task: CredScan@3
            inputs:
              outputFormat: sarif
              debugMode: false

          - task: ComponentGovernanceComponentDetection@0
            inputs:
              scanType: "Register"
              verbosity: "Verbose"
              alertWarningLevel: "High"

          - task: PublishSecurityAnalysisLogs@3
            inputs:
              ArtifactName: "CodeAnalysisLogs"
              ArtifactType: "Container"

  - stage: ValidateAndBuild
    dependsOn: []
    condition: 
    jobs:
      - job: validate
        displayName: Install and tests
        pool:
          vmImage: ubuntu-latest
        steps:
          - task: UsePythonVersion@0
            inputs:
              versionSpec: "3.11"
            displayName: "Use Python 3.11"
          - task: Bash@3
            displayName: Install poetry
            inputs:
              workingDirectory: ./
              targetType: "inline"
              script: |
                curl -sSL https://install.python-poetry.org | python -
                export PATH=$PATH:$HOME/.poetry/bin
          - task: Bash@3
            displayName: Install packages
            inputs:
              workingDirectory: ./
              targetType: "inline"
              script: poetry install
          - task: Bash@3
            displayName: Run Unit Tests
            inputs:
              workingDirectory: ./
              targetType: "inline"
              script: poetry run poe test_unit
          - task: Bash@3
            displayName: Run Smoke Tests
            inputs:
              workingDirectory: ./
              targetType: "inline"
              script: poetry run poe test_smoke
      
      - job: buildAndPush
        displayName: BuildAndPushContainer
        dependsOn: validate
        condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['SHOULD_BUILD'], 'true')))
        pool:
          vmImage: ubuntu-latest
        steps:
          - task: Docker@2
            displayName: 'Push Docker image'
            condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
            inputs:
              command: 'buildAndPush'
              containerRegistry: '$(CONTAINER_REGISTRY)'
              repository: 'intelligence-toolkit'
              Dockerfile: '**/Dockerfile'
              tags: '$(TAG)'
          - script: |
              docker build . -t intelligence-toolkit:$(TAG)
            displayName: 'Build docker'
          - script: |
              docker save -o $(Build.ArtifactStagingDirectory)/intelligence-toolkit.tar intelligence-toolkit:$(TAG)
            displayName: 'Save Docker image as tar file'
          - task: PublishBuildArtifacts@1
            inputs:
              PathtoPublish: '$(Build.ArtifactStagingDirectory)/intelligence-toolkit.tar'
              ArtifactName: 'intelligence-toolkit-container'