default:
  image: docker:24.0.6
  services:
    - docker:24.0.6-dind
  tags:
    - docker

variables:
  DOCKER_TLS_CERTDIR: /certs

build_image:
  stage: build
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      when: on_success
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
      when: "on_success"
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - when: never
  before_script:
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - docker build -t $IMAGE_TAG .
    - docker push $IMAGE_TAG

include:
  - template: Security/Container-Scanning.gitlab-ci.yml

container_scanning:
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      when: on_success
      variables:
        CS_IMAGE: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
      when: on_success
      variables:
        CS_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}
    - when: never