.gitlab-ci.yml

stages:
  - Tests
  - Documentation
  - Release
  - Build Release
  - Other

variables:
  project_name: "$CI_PROJECT_NAME"
  SEMANTIC_RELEASE_PACKAGE: "$CI_PROJECT_NAME"
  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
  SAST_EXCLUDED_ANALYZERS: ""
  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
  SCAN_KUBERNETES_MANIFESTS: "false"
  SECRETS_ANALYZER_VERSION: "3"
  SECRET_DETECTION_EXCLUDED_PATHS: ""

services:
  - name: ghcr.io/griefed/gitlab-ci-cd:2.2.1
    alias: docker

workflow:
  rules:
    - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
    - when: always

sast:
  stage: Tests
  artifacts:
    reports:
      sast: gl-sast-report.json
  rules:
    - when: never
  variables:
    SEARCH_MAX_DEPTH: 4
  script:
    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
    - exit 1

.sast-analyzer:
  extends: sast
  allow_failure: true
  # `rules` must be overridden explicitly by each child job
  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
  script:
    - /analyzer run

eslint-sast:
  extends: .sast-analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE"
  variables:
    SAST_ANALYZER_IMAGE_TAG: 2
    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED
      when: never
    - if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/
      when: never
    - if: $CI_COMMIT_BRANCH
      exists:
        - '**/*.html'
        - '**/*.js'
        - '**/*.jsx'
        - '**/*.ts'
        - '**/*.tsx'

nodejs-scan-sast:
  extends: .sast-analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE"
  variables:
    SAST_ANALYZER_IMAGE_TAG: 2
    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED
      when: never
    - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/
      when: never
    - if: $CI_COMMIT_BRANCH
      exists:
        - '**/package.json'

semgrep-sast:
  extends: .sast-analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE"
  variables:
    SAST_ANALYZER_IMAGE_TAG: 2
    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED
      when: never
    - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
      when: never
    - if: $CI_COMMIT_BRANCH
      exists:
        - '**/*.py'
        - '**/*.js'
        - '**/*.jsx'
        - '**/*.ts'
        - '**/*.tsx'
        - '**/*.c'
        - '**/*.go'

.secret-analyzer:
  stage: Tests
  image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
  services: []
  allow_failure: true
  # `rules` must be overridden explicitly by each child job
  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
  artifacts:
    reports:
      secret_detection: gl-secret-detection-report.json

secret_detection:
  extends: .secret-analyzer
  rules:
    - if: $SECRET_DETECTION_DISABLED
      when: never
    - if: $CI_COMMIT_BRANCH
  script:
    - if [ -n "$CI_COMMIT_TAG" ]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi
    - if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then echo "Running Secret Detection on default branch."; /analyzer run; exit 0; fi
    - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME
    - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt
    - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt
    - /analyzer run
    - rm "$CI_COMMIT_SHA"_commit_list.txt

Gradle Test:
  stage: Tests
  image:  ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.13
  before_script:
    - echo "**** Running in $CI_JOB_ID ****"
    - echo "**** Java location ****"
    - which java
    - echo "**** Java version ****"
    - java -version
    - echo "**** Allowing execution of gradlew ****"
    - chmod +x gradlew
    - echo "**** Ensure clean environment ****"
    - "./gradlew clean"
  script:
    - echo "**** Building REPOSITORY ****"
    - "./gradlew build --info --full-stacktrace"
    - echo "**** Listing build directory ****"
    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/jacoco/test
    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
    - cat build/jacoco/test/html/index.html | grep -o 'Total[^%]*%'
    - echo "**** Renaming files to please the eye ****"
    #- mv build/libs/${CI_PROJECT_NAME}.exe build/libs/ServerPackCreator-$CI_COMMIT_REF_NAME.exe
    - mv build/libs/docker-template-repo.jar build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar
  coverage: '/Total.*?([0-9]{1,3})%/'
#  artifacts:
#    paths:
#      #- build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.exe
#      - build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar
#      - build/jacoco/test/jacocoTestReport.xml
#      - build/reports/tests/test
#    expire_in: 1 week

#Docker Test:
#  stage: Tests
#  image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
#  before_script:
#    - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
#    - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
#    - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
#    - docker buildx create --use --name grfdbuilder
#  script:
#    - docker buildx build --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
#      --build-arg BRANCH_OR_TAG=$CI_COMMIT_REF_NAME
#      --build-arg HOSTER=$CI_SERVER_HOST
#      --file Dockerfile .
#  rules:
#    - if: '$CI_SERVER_HOST == "git.griefed.de"' # Remove once GitLab no longer throws javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake

#Generate Release:
#  stage: Release
#  needs:
#    - job: Gradle Test
#      artifacts: false
#    - job: Docker Test
#      artifacts: false
#    - job: eslint-sast
#      artifacts: false
#    - job: nodejs-scan-sast
#      artifacts: false
#    - job: semgrep-sast
#      artifacts: false
#    - job: secret_detection
#      artifacts: false
#  image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
#  script:
#    - npx semantic-release
#  rules:
#    - if: '$CI_COMMIT_BRANCH == "alpha" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#    - if: '$CI_COMMIT_BRANCH == "beta" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#    - if: '$CI_COMMIT_BRANCH == "main" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'

#Build Release:
#  stage: Build Release
#  image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3
#  needs:
#    - job: release_job
#      optional: true
#      artifacts: false
#  before_script:
#    - echo "**** Running in $CI_JOB_ID ****"
#    - echo "**** Java location ****"
#    - which java
#    - echo "**** Java version ****"
#    - java -version
#    - echo "**** Allowing execution of gradlew ****"
#    - chmod +x gradlew
#    - echo "**** Ensure clean environment ****"
#    - "./gradlew about"
#    - echo "version=${CI_COMMIT_TAG}" > backend/main/resources/VERSION.txt
#  script:
#    - echo "**** Building ServerPackCreator ****"
#    - "./gradlew installQuasar cleanFrontend assembleFrontend copyDist build createExe -Pversion=${CI_COMMIT_TAG} --info --full-stacktrace -x test"
#    - echo "**** Listing build directory ****"
#    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build
#    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
#    - LC_COLLATE=C ls -ah --group-directories-first --color=auto build/libs/libraries
#    - echo "**** Renaming files to please the eye ****"
#    - mv build/libs/${CI_PROJECT_NAME}.exe build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe
#    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
#    - echo "**** Uploading packages ****"
#    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe
#    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe"'
#    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar
#    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar"'
#    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar
#    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar"'
#    - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar
#    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar"'
#    - echo "**** Create asset links ****"
#    - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
#    --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe"
#    --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
#    - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
#    --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar"
#    --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
#    - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
#    --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar"
#    --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
#    - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
#    --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar"
#    --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
#  rules:
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/'
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'

#Publish Maven Artifacts:
#  stage: Build Release
#  image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3
#  before_script:
#    - echo "**** Running in $CI_JOB_ID ****"
#    - echo "**** Java location ****"
#    - which java
#    - echo "**** Java version ****"
#    - java -version
#    - echo "**** Allowing execution of gradlew ****"
#    - chmod +x gradlew
#    - echo "**** Ensure clean environment ****"
#    - "./gradlew clean"
#  script:
#    - echo "**** Publishing Maven Artifacts ****"
#    - "./gradlew publish -Pversion=${CI_COMMIT_TAG} -x test --info --stacktrace"
#  rules:
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'

#Build Docker Release:
#  stage: Build Release
#  image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
#  before_script:
#    - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
#    - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
#    - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
#    - docker buildx create --use --name grfdbuilder
#  script:
#    - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
#      --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
#      --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest"
#      --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
#      --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest"
#      --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG
#      --build-arg HOSTER=$CI_SERVER_HOST
#      --build-arg VERSION=$CI_COMMIT_TAG
#      --file Dockerfile .
#  rules:
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'

#Build Docker PreRelease:
#  stage: Build Release
#  image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
#  before_script:
#    - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
#    - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
#    - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
#    - docker buildx create --use --name grfdbuilder
#  script:
#    - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
#      --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
#      --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
#      --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG
#      --build-arg HOSTER=$CI_SERVER_HOST
#      --build-arg VERSION=$CI_COMMIT_TAG
#      --file Dockerfile .
#  rules:
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'

#Inform About Release:
#  stage: Build Release
#  image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
#  needs:
#    - job: Build Release
#      artifacts: false
#    - job: Build Docker Release
#      artifacts: false
#      optional: true
#    - job: Build Docker PreRelease
#      artifacts: false
#      optional: true
#  script:
#    - /discord.sh
#      --webhook-url="$WEBHOOK_URL"
#      --username "$CI_PROJECT_TITLE"
#      --avatar "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.png"
#      --text "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at <${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}>"
#      --title "New ${CI_PROJECT_TITLE} Release"
#      --description "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at ${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}"
#      --color "0xC0FFEE"
#      --url "${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}"
#      --author "Griefed"
#      --author-url "https://${CI_SERVER_HOST}/Griefed"
#      --author-icon "https://i.griefed.de/images/2022/01/21/sam_1500x1500.th.jpg"
#      --image "https://i.griefed.de/images/2021/05/08/app.png"
#      --thumbnail "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.th.png"
#      --field "Author;[Griefed](https://${CI_SERVER_HOST}/Griefed)"
#      --field "Platform;[${CI_SERVER_HOST}](https://${CI_SERVER_HOST})"
#      --footer "Released at $CI_JOB_STARTED_AT"
#      --footer-icon "https://i.griefed.de/images/2022/01/21/start_generation.png"
#  rules:
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/'
#    - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'

coverage:
  stage: Other
  image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.8
  allow_failure: true
  script:
    - python /opt/cover2cover.py build/jacoco/test/jacocoTestReport.xml $CI_PROJECT_DIR/backend/main/java/ > build/cobertura.xml || true
    - python /opt/source2filename.py build/cobertura.xml || true
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: build/cobertura.xml

Gradle Dependency-Checks:
  image: griefed/baseimage-ubuntu-jdk-8:2.0.13
  stage: Other
  allow_failure: true
  before_script:
    - echo "**** Running in $CI_JOB_ID ****"
    - echo "**** Java location ****"
    - which java
    - echo "**** Java version ****"
    - java -version
    - echo "**** Allowing execution of gradlew ****"
    - chmod +x gradlew
    - echo "**** Ensure clean environment ****"
    - ./gradlew clean
  script:
    - echo "**** Checking for dependency updates ****"
    - ./gradlew dependencyUpdates --info
  artifacts:
    paths:
      - build/dependencyUpdates/report.txt
    expire_in: 1 week

#release_job:
#  stage: Release
#  image: registry.gitlab.com/gitlab-org/release-cli:latest
#  rules:
#    - if: '$CI_COMMIT_TAG && $CI_SERVER_HOST == "gitlab.com"'
#  script:
#    - echo "Running the release job to mirror release generation from parent repository."
#  release:
#    tag_name: $CI_COMMIT_TAG
#    name: 'Release $CI_COMMIT_TAG'
#    description: './CHANGELOG.md'

#pages:
#  # IF JAVA PROJECT
#  image: griefed/baseimage-ubuntu-jdk-8:1.0.5
#  stage: Documentation
#  services:
#    - name: griefed/gitlab-ci-cd:1.0.4
#      alias: docker
#  variables:
#    project_name: $CI_PROJECT_NAME
#    SEMANTIC_RELEASE_PACKAGE: $CI_PROJECT_NAME
#  before_script:
#    - which java
#    - chmod +x gradlew
#    - ./gradlew clean
#  script:
#    - ./gradlew javaDoc --info -x test
#    - cp -Rf build/docs/javadoc public
#    - LC_COLLATE=C ls -ahl --group-directories-first --color=auto
#      public
#  only:
#    - master
#    - main
#  artifacts:
#    paths:
#      - public
#    expire_in: 1 week
#
#  # IF QUASAR PROJECT
#  image: griefed/gitlab-ci-cd:1.0.4
#  stage: build
#  cache:
#    paths:
#      - node_modules/
#  before_script:
#    - npm install
#    - rm -Rf dist
#  script:
#    - quasar build
#    - cp -Rf dist/spa/* public/
#  artifacts:
#    paths:
#      - public
#    expire_in: 1 week
#  rules:
#    - if: "$CI_SERVER_HOST =~ /git.griefed.de/"

# Check Packages:on-schedule:
#   only:
#     - schedules
#   before_script:
#     - |-
#       echo "Preparing package versions comparison."
#       # Check and, if necessary, update git user and mail
#       if [[ "$(git config --list | grep user.name)" != "user.name=$GIT_USER" ]];then
#         git config --global user.name $GIT_USER
#       fi
#       if [[ "$(git config --list | grep user.email)" != "user.email=$GIT_MAIL" ]];then
#         git config --global user.email $GIT_MAIL
#       fi
# 
#       # Clean system of potentially interrupting images
#       docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest
#       docker image rm -f $DOCKERHUB_REPO
#       rm -rf /tmp/$CI_PROJECT_PATH
#       mkdir -p /tmp/$CI_PROJECT_PATH
#       echo "Preparations complete."
#   script:
#     - |-
#       echo "Comparing package versions." && \
#       # Clone the repository
#       git clone $CI_PROJECT_URL.git /tmp/$CI_PROJECT_PATH && \
#       cd /tmp/$CI_PROJECT_PATH && \
# 
#       if [ ! -s "package_versions.txt" ];then
#         echo "No package_versions.txt available..." && \
# 
#         # Gather package information from latest build
#         docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_USER/$DOCKERHUB_REPO:latest -c '\
#           apk info -v > /tmp/package_versions.txt && \
#           sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
#           chmod 777 /tmp/package_versions.txt' && \
# 
#         # Checkout our branch
#         git checkout -f $CI_DEFAULT_BRANCH && \
# 
#         wait && \
# 
#         # Add and commit new file to repository
#         git add package_versions.txt && \
#         git commit -m 'chore: Add list of package versions.' && \
# 
#         # Push the changes to the remote
#         git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \
# 
#         # Nice
#         echo "package_versions.txt added."
# 
#       elif [ -s "package_versions.txt" ];then
#         echo "Local package_versions.txt available..." && \
# 
#         # Build local image for new package versions list
#         docker build --no-cache --tag $DOCKERHUB_REPO . && \
# 
#         # Get packages from newly build local image
#         docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_REPO -c '\
#           apk info -v > /tmp/package_versions_new.txt && \
#           sort -o /tmp/package_versions_new.txt  /tmp/package_versions_new.txt && \
#           chmod 777 /tmp/package_versions_new.txt' && \
# 
#         # Get checksum of old packages
#         OLD_CHECKSUM=$(md5sum package_versions.txt | cut -f1 -d" ") && \
# 
#         # Get checksum of new packages
#         NEW_CHECKSUM=$(md5sum package_versions_new.txt | cut -f1 -d" ")
# 
# 
# 
#         # If new checksum is not the same as old checksum, we have new versions
#         if [ "${OLD_CHECKSUM}" != "${NEW_CHECKSUM}" ]; then
# 
#           echo "Checksums differ. Updating..." && \
# 
#           # Checkout our branch
#           git checkout -f $CI_DEFAULT_BRANCH && \
# 
#           # Copy the new package versions list to repository
#           mv -f package_versions_new.txt package_versions.txt && \
# 
#           wait && \
# 
#           # Add and commit new file to repository
#           git add package_versions.txt && \
#           git commit -m 'build: Update installed packages in Docker container.' && \
# 
#           # Push the changes to the remote
#           git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \
# 
#           # Nice
#           echo "Packages updated."
#         else
#           echo "No package updates available."
#         fi
# 
#       fi
#       echo "Comparison complete."
#   after_script:
#     - |-
#       echo "Cleaning up."
#       docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest
#       docker image rm -f $DOCKERHUB_REPO
#       rm -rf /tmp/$CI_PROJECT_PATH
#       echo "Done."