Merge branch 'main' into ui

# Conflicts:
#	README.md
#	requirements.txt

.gitlab-ci.yml

@@ -8,6 +8,9 @@ include:
 cache:
   key: one-key-to-rule-them-all
 
+variables:
+  DOCKER_BUILDX_PLATFORM: "linux/amd64,linux/arm64"
+
 build:docker:
   image: docker:dind
   interruptible: true
@@ -26,7 +29,7 @@ build:docker:
   script:
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
     - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHA
-    - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push .
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push .
     - docker buildx imagetools inspect $IMAGE
     - echo "CS_IMAGE=$IMAGE" > container_scanning.env
   artifacts:
@@ -124,16 +127,28 @@ build:pacman:
       - "*.pkg.tar.zst"
 
 test:
-  image: python:3.11-slim-bullseye
+  image: python:3.11-slim-bookworm
   stage: test
+  interruptible: true
   rules:
-    - if: $CI_COMMIT_BRANCH
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
     - if: $CI_COMMIT_TAG
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+      changes:
+        - app/**/*
+        - test/**/*
   variables:
     DATABASE: sqlite:///../app/db.sqlite
+  parallel:
+    matrix:
+      - REQUIREMENTS:
+          - requirements.txt
+          - .DEBIAN/requirements-bookworm-12.txt
+          - .DEBIAN/requirements-ubuntu-23.10.txt
   before_script:
-    - pip install -r requirements.txt
+    - apt-get update && apt-get install -y python3-dev gcc
+    - pip install -r $REQUIREMENTS
     - pip install pytest httpx
     - mkdir -p app/cert
     - openssl genrsa -out app/cert/instance.private.pem 2048
@@ -191,7 +206,7 @@ test:debian:
 
 test:ubuntu:
   extends: .test:linux
-  image: ubuntu:22.10
+  image: ubuntu:23.10
 
 test:archlinux:
   image: archlinux:base
@@ -209,10 +224,13 @@ test:archlinux:
     - pacman -U --noconfirm *.pkg.tar.zst
 
 code_quality:
+  variables:
+    SOURCE_CODE: app
   rules:
     - if: $CODE_QUALITY_DISABLED
       when: never
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 
 secret_detection:
   rules:
@@ -227,12 +245,25 @@ semgrep-sast:
     - if: $SAST_DISABLED
       when: never
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 
 test_coverage:
-  extends: test
+#  extends: test
+  image: python:3.11-slim-bookworm
   allow_failure: true
+  stage: test
   rules:
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  variables:
+    DATABASE: sqlite:///../app/db.sqlite
+  before_script:
+    - apt-get update && apt-get install -y python3-dev gcc
+    - pip install -r requirements.txt
+    - pip install pytest httpx
+    - mkdir -p app/cert
+    - openssl genrsa -out app/cert/instance.private.pem 2048
+    - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
+    - cd test
   script:
     - pip install pytest pytest-cov
     - coverage run -m pytest main.py
@@ -257,6 +288,7 @@ gemnasium-python-dependency_scanning:
     - if: $DEPENDENCY_SCANNING_DISABLED
       when: never
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 
 .deploy:
   rules:
@@ -264,24 +296,24 @@ gemnasium-python-dependency_scanning:
 
 deploy:docker:
   extends: .deploy
+  image: docker:dind
   stage: deploy
+  tags: [ docker ]
   before_script:
     - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
+    - docker buildx inspect
+    - docker buildx create --use
   script:
     - echo "========== GitLab-Registry =========="
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME
-    - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME
-    - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest
-    - docker push $IMAGE:$CI_COMMIT_REF_NAME
-    - docker push $IMAGE:latest
+    - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
     - echo "========== Docker-Hub =========="
     - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
     - IMAGE=$PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME
-    - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME
-    - docker build . --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest
-    - docker push $IMAGE:$CI_COMMIT_REF_NAME
-    - docker push $IMAGE:latest
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
 
 deploy:apt:
   # doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package