stages:
  - lint
  - build


default:
  tags:
    - nix
    - linux


hlint:
  stage: lint
  script:
    - cd obelisk
    - nix-shell --run "hlint --version; hlint -j frontend"

cabal-build-and-test:
  stage: build
  script:
    - cd obelisk
    - nix-shell --run "cabal build frontend"

build-debug-apk:
  stage: build
  script:
    - cd obelisk
    - nix-build -A android.frontend -o result-android
  artifacts:
    paths:
      - obelisk/result-android/android-app-debug.apk

build-unsigned-release-apk:
  stage: build
  script:
    - cd obelisk
    - nix-build -A android.frontend.release -o result-android-release
  artifacts:
    paths:
      - obelisk/result-android-release/android-app-release-unsigned.apk

build-unsigned-release-bundle:
  stage: build
  script:
    - cd obelisk
    - nix-build -A android.frontend.bundle -o result-android-bundle
  artifacts:
    paths:
      - obelisk/result-android-bundle/android-app.aab

build-signed-release-apk:
  stage: build
  script:
    - cd obelisk
    # Generate a throw-away key to exercise signing.
    - |
      nix-shell --command '
      keytool \
        -genkey \
          -v \
          -keystore ./android-ci.keystore \
          -alias ci \
          -keyalg RSA \
          -keysize 2048 \
          -validity 36500 \
          -keypass insecurepasswordforci \
          -storepass insecurepasswordforci \
          -dname "OU=Testing;O=PrivateStorage"
      '

    # Get the right key configuration for this environment in place.
    - cp ./android-signing-key-ci.nix ./android-signing-key.nix

    # Do the build.
    - nix-build -A android.frontend.release -o result-android-release
  artifacts:
    paths:
      # The path implies successful signing.  If we can find the file, we
      # signed it.
      - obelisk/result-android-release/android-app-release.apk

build-signed-release-bundle:
  stage: build
  script:
    - cd obelisk
    # Generate a throw-away key to exercise signing.
    - |
      nix-shell --command '
      keytool \
        -genkey \
          -v \
          -keystore ./android-ci.keystore \
          -alias ci \
          -keyalg RSA \
          -keysize 2048 \
          -validity 36500 \
          -keypass insecurepasswordforci \
          -storepass insecurepasswordforci \
          -dname "OU=Testing;O=PrivateStorage"
      '

    # Get the right key configuration for this environment in place.
    - cp ./android-signing-key-ci.nix ./android-signing-key.nix

    # Do the build.
    - nix-build -A android.frontend.bundle -o result-android-bundle

    # To be sure we signed it, look inside it for a signature file.  Note that
    # the file is named after the key we chose from the keystore.
    - nix-shell -p unzip --command 'unzip -t result-android-bundle/android-app.aab | grep META-INF/CI.RSA'
  artifacts:
    paths:
      - obelisk/result-android-bundle/android-app.aab