dss/packages/dss-rules/templates/gitlab-ci.yml

# DSS Design System Validation - GitLab CI
# Generated by @dss/rules init
#
# This workflow validates design system compliance and uploads metrics
# to the DSS dashboard for portfolio-wide visibility.
#
# Required Variables:
#   DSS_DASHBOARD_URL: URL to DSS metrics API (e.g., https://dss.example.com)
#   DSS_API_TOKEN: Authentication token for metrics upload

stages:
  - validate

variables:
  NODE_VERSION: "20"

.node-cache:
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
      - .npm/

dss-validate:
  stage: validate
  image: node:${NODE_VERSION}
  extends: .node-cache
  script:
    # Install dependencies
    - npm ci --cache .npm --prefer-offline

    # Check for break-glass [dss-skip] in commit message
    - |
      COMMIT_MSG=$(git log -1 --pretty=%B)
      if echo "$COMMIT_MSG" | grep -q '\[dss-skip\]'; then
        echo "⚠️ DSS validation skipped via [dss-skip] commit message"
        echo "Commit: $(git log -1 --pretty='%h %s')"
        exit 0
      fi

    # Check @dss/rules version drift
    - |
      INSTALLED=$(npm list @dss/rules --json 2>/dev/null | jq -r '.dependencies["@dss/rules"].version // "not-installed"')
      LATEST=$(npm view @dss/rules version 2>/dev/null || echo "unknown")
      echo "Installed @dss/rules: $INSTALLED"
      echo "Latest @dss/rules: $LATEST"
      if [ "$INSTALLED" != "$LATEST" ] && [ "$LATEST" != "unknown" ]; then
        echo "⚠️ @dss/rules is outdated ($INSTALLED vs $LATEST). Consider updating."
      fi

    # Run DSS validation
    - npm run dss:validate:ci || VALIDATION_FAILED=true

    # Upload metrics to dashboard
    - |
      if [ -f .dss/results.json ]; then
        jq --arg branch "$CI_COMMIT_REF_NAME" \
           --arg commit "$CI_COMMIT_SHA" \
           --arg repo "$CI_PROJECT_PATH" \
           '. + {branch: $branch, commit: $commit, project: $repo}' \
           .dss/results.json > .dss/upload.json

        curl -X POST "${DSS_DASHBOARD_URL}/api/metrics/upload" \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer ${DSS_API_TOKEN}" \
          -d @.dss/upload.json \
          --fail --silent --show-error || echo "⚠️ Failed to upload metrics (non-blocking)"
      fi

    # Fail if validation errors
    - |
      if [ "$VALIDATION_FAILED" = "true" ]; then
        echo "❌ DSS validation failed with errors. Please fix violations."
        exit 1
      fi

  artifacts:
    when: always
    paths:
      - .dss/results.json
    expire_in: 1 week
    reports:
      codequality: .dss/results.json

  rules:
    - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop"
    - if: $CI_MERGE_REQUEST_IID

# Optional: MR comment with results (requires GITLAB_TOKEN with API access)
dss-mr-comment:
  stage: validate
  image: curlimages/curl:latest
  needs:
    - job: dss-validate
      artifacts: true
  script:
    - |
      if [ ! -f .dss/results.json ]; then
        echo "No results file, skipping MR comment"
        exit 0
      fi

      ERRORS=$(jq -r '.metrics.totalErrors // 0' .dss/results.json)
      WARNINGS=$(jq -r '.metrics.totalWarnings // 0' .dss/results.json)
      SCORE=$(jq -r '.metrics.adoptionScore // 0' .dss/results.json)

      if [ "$ERRORS" = "0" ]; then
        STATUS="✅"
        MESSAGE="🎉 All design system checks passed!"
      else
        STATUS="❌"
        MESSAGE="⚠️ Please fix design system violations before merging."
      fi

      BODY="## $STATUS DSS Validation Results\n\n| Metric | Value |\n|--------|-------|\n| Adoption Score | ${SCORE}% |\n| Errors | $ERRORS |\n| Warnings | $WARNINGS |\n\n$MESSAGE\n\n---\n*Powered by @dss/rules*"

      curl --request POST \
        --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
        --header "Content-Type: application/json" \
        --data "{\"body\": \"$BODY\"}" \
        "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}/notes" \
        || echo "⚠️ Failed to post MR comment (non-blocking)"

  rules:
    - if: $CI_MERGE_REQUEST_IID && $GITLAB_TOKEN
  allow_failure: true