stages:
  - pre-build           # lint code, run unit tests, and compile binaries
  - build-package       # build distro package(s) for the analyzer and/or its dependencies
  - build-image         # build the Docker image(s) for the analyzer
  - test                # check, test, and scan the Docker images
  - performance-metrics # run performance checks
  - tag
  - release-version     # release Docker images and distro packages
  - release-major       # update Docker images and distro packages of the major release
  - post                # run benchmarks

include:
  - template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
  - project: 'gitlab-org/security-products/ci-templates'
    ref: 'master'
    file: '/includes-dev/go.yml'
  - project: 'gitlab-org/security-products/ci-templates'
    ref: 'master'
    file: '/includes-dev/docker.yml'
  - project: 'gitlab-org/security-products/ci-templates'
    ref: 'master'
    file: '/includes-dev/docker-test.yml'
  - project: 'gitlab-org/security-products/ci-templates'
    ref: 'master'
    file: '/includes-dev/upsert-git-tag.yml'

.go:
  stage: pre-build

danger-review:
  stage: pre-build

benchmark:
  stage: post
  trigger: gitlab-org/security-products/sast-benchmark
  allow_failure: true
  rules:
    # - Only run for SAST jobs on tagged releases
    # - Only run for gitlab-org MRs, as downstream needs exec permissions
    - if: '$REPORT_FILENAME == "gl-sast-report.json" && $CI_COMMIT_TAG && $CI_PROJECT_NAMESPACE == "gitlab-org/security-products/analyzers"'
    - when: never