stages:
  - build
  - test
  - package

variables:
  # Use Docker-outside-of-Docker (DooD) by mounting the host's Docker socket
  DOCKER_HOST: unix:///var/run/docker.sock
  # Disable TLS as we're using the local socket
  DOCKER_TLS_CERTDIR: ""

# Build the Rust application using Nix
build:
  stage: build
  image: nixos/nix:latest
  before_script:
    # Enable flakes and nix-command
    - mkdir -p ~/.config/nix
    - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
  script:
    # Generate Cargo.lock if it doesn't exist
    - nix develop --command cargo generate-lockfile || true
    # Build the Rust application
    - nix build .#app
    # Copy the result for artifacts
    - mkdir -p build-output
    - cp -rL result/* build-output/ || cp result build-output/hello-world
  artifacts:
    paths:
      - build-output/
      - Cargo.lock
    expire_in: 1 hour
  tags:
    - test-ci-cd

# Test the application
test:
  stage: test
  image: nixos/nix:latest
  before_script:
    - mkdir -p ~/.config/nix
    - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
  script:
    # Run the application in a Nix shell with all dependencies
    - nix develop --command cargo test
    # You could also run the binary here if needed
    # - nix run .#app
  dependencies:
    - build
  tags:
    - test-ci-cd

# Build Docker image using Nix and load it into Docker (DooD pattern)
build-docker-image:
  stage: package
  image: nixos/nix:latest
  services:
    # No docker:dind service - we'll use the host's Docker daemon
  before_script:
    # Install Docker CLI in the Nix container
    - nix-env -iA nixpkgs.docker
    # Enable flakes
    - mkdir -p ~/.config/nix
    - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
  script:
    # Build the Docker image using Nix
    - nix build .#docker
    # Load the image into Docker daemon (running on host via socket)
    - docker load < result
    # Tag the image
    - docker tag hello-world:latest hello-world:${CI_COMMIT_SHORT_SHA}
    # Test run the container
    - docker run --rm hello-world:latest
    # Optional: Push to registry if configured
    # - docker tag hello-world:latest ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
    # - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
  dependencies:
    - build
  tags:
    - test-ci-cd
  # This job requires a GitLab runner with Docker socket access
  # The runner should have /var/run/docker.sock mounted

# Alternative: Build using Docker directly (DooD)
build-docker-traditional:
  stage: package
  image: docker:latest
  services: []  # No dind service
  variables:
    DOCKER_HOST: unix:///var/run/docker.sock
  before_script:
    # Verify Docker access
    - docker info
  script:
    # Build the Docker image
    - docker build -t hello-world:traditional-${CI_COMMIT_SHORT_SHA} .
    # Test run
    - docker run --rm hello-world:traditional-${CI_COMMIT_SHORT_SHA}
  dependencies:
    - build
  tags:
    - test-ci-cd
  only:
    - branches
  when: manual