image: docker:19.03.12

stages:
  - docker_test
  - docker_push

variables:
  # When using dind service, we need to instruct docker to talk with
  # the daemon started inside of the service. The daemon is available
  # with a network connection instead of the default
  # /var/run/docker.sock socket. Docker 19.03 does this automatically
  # by setting the DOCKER_HOST in
  # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
  #
  # The 'docker' hostname is the alias of the service container as described at
  # https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
  #
  # Specify to Docker where to create the certificates, Docker will
  # create them automatically on boot, and will create
  # `/certs/client` that will be shared between the service and job
  # container, thanks to volume mount from config.toml
  DOCKER_TLS_CERTDIR: "/certs"
  # Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
  DOCKER_HOST: tcp://docker:2376

services:
  - docker:19.03.12-dind

.docker_cache:
  cache:
    # The same key should be used across branches
    key: "$CI_COMMIT_REF_SLUG"
    paths:
      - ci-exports/*.tar

# Make sure we can build a docker image
# It's cached for later jobs
build_docker:
  extends:
    - .docker_cache
  stage: docker_test
  script:
    # Try to load latest branch image from local tar or from registry
    - docker load ci-exports/$CI_COMMIT_REF_SLUG.tar || docker pull $CI_REGISTRY_IMAGE:latest || true
    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:latest .
    - mkdir -p ci-exports/
    - docker save $CI_REGISTRY_IMAGE:latest > ci-exports/$CI_COMMIT_REF_SLUG.tar

# Publishes the configured CI registry (by default that's gitlab's registry)
push_ci_registry:
  extends:
    - .docker_cache
  stage: docker_push
  cache:
    policy: pull
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
    - docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
    - docker push $CI_REGISTRY_IMAGE:latest
  only:
    refs:
      # Make sure to protect these tags!
      - /^v(\d+\.){2,3}\d+$/
      - /.+-release$/
    variables:
      - $CI_REGISTRY
      - $CI_REGISTRY_USER
      - $CI_REGISTRY_PASSWORD
      - $CI_REGISTRY_IMAGE

# Publishes the cached image to docker
push_dockerhub_registry:
  extends:
    - .docker_cache
  stage: docker_push
  cache:
    policy: pull
  before_script:
    - docker login -u $DOCKERHUB_REGISTRY_USER -p $DOCKERHUB_REGISTRY_PASSWORD $DOCKERHUB_REGISTRY
  script:
    - cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
    - docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
    - docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:latest
    - docker push $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
    - docker push $DOCKERHUB_REGISTRY_IMAGE:latest
    # Push the readme to dockerhub
    - >-
      docker run -v $PWD:/workspace
      -e DOCKERHUB_USERNAME="$DOCKERHUB_REGISTRY_USER"
      -e DOCKERHUB_PASSWORD="$DOCKERHUB_REGISTRY_PASSWORD"
      -e DOCKERHUB_REPOSITORY="$DOCKERHUB_REGISTRY_IMAGE"
      -e README_FILEPATH='/workspace/README.md'
      peterevans/dockerhub-description:2
  only:
    refs:
      # Make sure to protect these tags!
      - /^v(\d+\.){2,3}\d+$/
      - /.+-release$/
    variables:
      - $DOCKERHUB_REGISTRY
      - $DOCKERHUB_REGISTRY_USER
      - $DOCKERHUB_REGISTRY_PASSWORD
      - $DOCKERHUB_REGISTRY_IMAGE