include:
  - project: gitlab-org/frontend/untamper-my-lockfile
    file: templates/merge_request_pipelines.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - local: .gitlab/ci/*.gitlab-ci.yml
  - project: 'gitlab-org/quality/pipeline-common'
    file:
      - '/ci/danger-review.yml'

stages:
  - build-images
  - build
  - security
  - test
  - pre-deploy
  - deploy
  - post-deploy

variables:
  BUNDLE_PATH__SYSTEM: 'false'
  GIT_DEPTH: '20'
  ALPINE_VERSION: '3.16'
  VALE_VERSION: '2.20.2'
  MARKDOWNLINT_VERSION: '0.32.2'
  MARKDOWNLINT2_VERSION: '0.5.1'
  RUBY_VERSION: '2.7.6'

#
# workflow:rules to prevent duplicate pipelines when pushing to a branch with an open MR.
#
workflow:
  rules:
    # Prevent branch pipelines if an MR is open on the branch.
    - if: $CI_COMMIT_BRANCH && $CI_PIPELINE_SOURCE == "push" && $CI_OPEN_MERGE_REQUESTS
      when: never
    # Allow merge request and scheduled pipelines.
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
    - if: '$CI_PIPELINE_SOURCE == "schedule"'
    - if: '$CI_PIPELINE_SOURCE == "pipeline"'
    - if: '$CI_PIPELINE_SOURCE == "trigger"'
    # Allow branch pipelines for the default branch, stable branches named XX.X, and review app branches.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    - if: '$CI_COMMIT_BRANCH == "main"'
    - if: '$CI_COMMIT_BRANCH =~ /^\d{1,2}\.\d{1,2}$/'
    - if: '$CI_COMMIT_BRANCH =~ /docs-preview/'