include:
  - template: Dependency-Scanning.gitlab-ci.yml
  - template: SAST.gitlab-ci.yml
  - template: License-Scanning.gitlab-ci.yml

# --------------------------------------------------------------------------------

.ultimate-scanner-config:
  tags: ['osdu-medium']
  needs: ['compile-and-unit-test']
  cache:
    paths:
      - $CI_PROJECT_DIR/.m2/repository

  variables:
    MAVEN_CLI_OPTS: "--batch-mode --settings=$CI_PROJECT_DIR/.mvn/community-maven.settings.xml -DskipTests=true"
    DS_DISABLE_DIND: "true"
    SAST_DISABLE_DIND: "true"

  # We need to make sure both directories exist, then we can copy files over
  # Since it is a separate volume, mv offers no advantages. tar | tar, plus rm, is the fastest execution
  before_script:
    - mkdir -p ~/.m2 $CI_PROJECT_DIR/.m2/repository
    - tar -cC $CI_PROJECT_DIR/.m2 repository | tar -xC ~/.m2
    - rm -rf $CI_PROJECT_DIR/.m2/repository

  # Copy the repository back to the cache area
  after_script:
    - tar -cC ~/.m2 repository | tar -xC $CI_PROJECT_DIR/.m2

# --------------------------------------------------------------------------------

dependency_scanning:
  stage: scan
  extends: .ultimate-scanner-config

sast:
  stage: scan
  extends: .ultimate-scanner-config

license_scanning:
  stage: scan
  extends: .ultimate-scanner-config

# --------------------------------------------------------------------------------

gemnasium-maven-dependency_scanning:
  stage: scan
  tags: ['osdu-medium']
  image: registry.gitlab.com/divido/gemnasium-maven:jdk-8

spotbugs-sast:
  stage: scan
  tags: ['osdu-large']
  variables:
    JAVA_OPTS: "-Xmx8G"