when:
  event: [push, pull_request]

pipeline:
  dependencies:
    image: python:3.11-slim
    commands:
      - pip install -r requirements.txt

  syntax-check:
    image: python:3.11-slim
    commands:
      - python -m py_compile app.py
      - python -m py_compile import_from_aws.py
      - python -m py_compile import_data.py

  docker-build:
    image: docker:dind
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - docker build -t sgo:${CI_COMMIT_SHA} .

  security-scan:
    image: python:3.11-slim
    commands:
      - pip install bandit safety
      - bandit -r . -ll || true
      - safety check --file requirements.txt || true