workflow:
  rules:
    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
      when: never
    - if: "$CI_COMMIT_TAG"
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
      when: never
    - if: "$CI_COMMIT_BRANCH"

stages:
  - build

build-image:
  stage: build
  interruptible: true
  image: 
    name: ghcr.io/blue-build/cli:main
    entrypoint: [""]
  services:
    - docker:dind
  parallel:
    matrix:
      - RECIPE:
          - jp-desktop.yml
          - jp-desktop-nvidia.yml
          - jp-laptop.yml
          - cp-laptop.yml
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_TLS_VERIFY: 1
    DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
    RUST_LOG_STYLE: always
    CLICOLOR_FORCE: 1
  before_script:
    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
    - export COSIGN_PRIVATE_KEY=$(cat .secure_files/cosign.key)
  script:
    - sleep 5
    # - bluebuild build -vv -B docker -p ./recipes/*.yml
    - bluebuild build -vv -B docker -p ./recipes/$RECIPE
  after_script:
    - docker system df
    - docker system prune -f
    - |
      docker images --format '{{.ID}} {{.CreatedSince}}' | grep -E 'weeks|months' | while read -r line; do
          image_id=$(echo $line | awk '{print $1}')
          docker rmi -f $image_id
      done