---
default:
  image: '${CI_REGISTRY}/nest/tools/buildah:${CI_HOST_CPU}'
  before_script:
    - 'buildah login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"'

.'Build haswell-server':
  stage: 'build'
  tags: ['nest']
  variables:
    CPU: 'haswell'
    ROLE: 'server'
    QEMU_ARCH: 'x86_64'
  script: &script
    - 'mkdir debug'
    - 'buildah bud --cap-add SYS_ADMIN
                   --security-opt seccomp=unconfined
                   --ulimit nofile=1048576
                   --build-arg STAGE0_TAG="$CPU"
                   --build-arg FACTER_emerge_default_opts="$CI_HOST_EMERGE_DEFAULT_OPTS"
                   --build-arg FACTER_makeopts="$CI_HOST_MAKEOPTS"
                   --build-arg FEATURES="-ipc-sandbox -network-sandbox -pid-sandbox"
                   --build-arg PROFILE="${CPU}/${ROLE}"
                   -v "/usr/bin/qemu-${QEMU_ARCH}:/usr/bin/qemu-${QEMU_ARCH}:ro"
                   -v "${PUPPET_CERTIFICATE}:/etc/puppetlabs/puppet/ssl/certs/ci.pem"
                   -v "${PUPPET_PRIVATE_KEY}:/etc/puppetlabs/puppet/ssl/private_keys/ci.pem"
                   -v "${PWD}/debug:/usr/lib/debug"
                   -v /nest:/nest
                   -t "${CI_REGISTRY_IMAGE}:${CPU}-${ROLE}" .'
    - 'buildah bud --build-arg STAGE0_TAG="$CPU" -t "${CI_REGISTRY_IMAGE}/debug:${CPU}-${ROLE}" -f Containerfile.debug .'
    - 'buildah push "${CI_REGISTRY_IMAGE}:${CPU}-${ROLE}"'
    - 'buildah push "${CI_REGISTRY_IMAGE}/debug:${CPU}-${ROLE}"'

.'Build haswell-workstation':
  stage: 'build'
  tags: ['nest']
  variables:
    CPU: 'haswell'
    ROLE: 'workstation'
    QEMU_ARCH: 'x86_64'
  script: *script

'Build cortex-a72-workstation':
  stage: 'build'
  tags: ['nest']
  variables:
    CPU: 'cortex-a72'
    ROLE: 'workstation'
    QEMU_ARCH: 'aarch64'
  script: *script