# GitLab CI/CD Pipeline for Northern Thailand Ping River Monitor

stages:
  - test
  - build
  - deploy

variables:
  PYTHON_VERSION: "3.11"
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

cache:
  paths:
    - .cache/pip
    - venv/

# Test stage
test:
  stage: test
  image: python:${PYTHON_VERSION}-slim
  before_script:
    - apt-get update && apt-get install -y build-essential
    - python -m venv venv
    - source venv/bin/activate
    - pip install --upgrade pip
    - pip install -r requirements-dev.txt
  script:
    - python test_integration.py
    - python test_station_management.py
    - flake8 src/ --max-line-length=100
    - mypy src/
  coverage: '/TOTAL.*\s+(\d+%)$/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
    paths:
      - htmlcov/
    expire_in: 1 week

# Code quality
code_quality:
  stage: test
  image: python:${PYTHON_VERSION}-slim
  before_script:
    - python -m venv venv
    - source venv/bin/activate
    - pip install black isort flake8 mypy
  script:
    - black --check src/ *.py
    - isort --check-only src/ *.py
    - flake8 src/ --max-line-length=100
    - mypy src/
  allow_failure: true

# Security scan
security_scan:
  stage: test
  image: python:${PYTHON_VERSION}-slim
  before_script:
    - pip install safety bandit
  script:
    - safety check -r requirements.txt
    - bandit -r src/
  allow_failure: true

# Build Docker image
build:
  stage: build
  image: docker:latest
  services:
    - docker:dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
    - docker build -t $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker push $CI_REGISTRY_IMAGE:latest
  only:
    - main
    - develop

# Deploy to staging
deploy_staging:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add --no-cache curl
  script:
    - echo "Deploying to staging environment"
    - curl -X POST "$STAGING_WEBHOOK_URL" -H "Content-Type: application/json" -d '{"image":"'$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA'"}'
  environment:
    name: staging
    url: https://staging.ping-river-monitor.example.com
  only:
    - develop

# Deploy to production
deploy_production:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add --no-cache curl
  script:
    - echo "Deploying to production environment"
    - curl -X POST "$PRODUCTION_WEBHOOK_URL" -H "Content-Type: application/json" -d '{"image":"'$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA'"}'
  environment:
    name: production
    url: https://ping-river-monitor.example.com
  when: manual
  only:
    - main

# Health check after deployment
health_check:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add --no-cache curl jq
  script:
    - sleep 30  # Wait for deployment
    - curl -f $HEALTH_CHECK_URL/health
    - curl -s $HEALTH_CHECK_URL/metrics | jq .
  dependencies:
    - deploy_production
  only:
    - main