wunker-os/.gitlab-ci.yml

workflow:
  rules:
    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
      when: never
    - if: "$CI_COMMIT_TAG"
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
      when: never
    - if: "$CI_COMMIT_BRANCH"

stages:
  - build

build-image:
  stage: build
  interruptible: true
  image: ghcr.io/blue-build/cli:main
  services:
    - docker:dind
  parallel:
    matrix:
      - RECIPE:
          - cp-laptop.yml
          - jp-truenas.yml
          - jp-desktop-nvidia.yml
          - jp-laptop.yml
      - RECIPE:
          - jp-desktop-nvidia-bootc.yml
          - jp-laptop-bootc.yml
        BB_BUILD_RECHUNK: "true"
        BB_BUILD_RECHUNK_CLEAR_PLAN: "true"
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_TLS_VERIFY: 1
    DOCKER_CERT_PATH: $DOCKER_TLS_CERTDIR/client
    RUST_LOG_STYLE: always
    CLICOLOR_FORCE: 1
  before_script:
    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
    - export COSIGN_PRIVATE_KEY=$(cat .secure_files/cosign.key)
  script:
    - sleep 5
    - bluebuild build -vv -S sigstore -p ./recipes/$RECIPE